search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.69k stars 4.75k forks source link

Envoy as Explicit Proxy to different target #35453

Closed rlanhellas closed 4 days ago

rlanhellas commented 1 month ago

I'm trying to configure Envoy as an explicit proxy, connecting my app to it using HTTP_PROXY and HTTPS_PROXY variables. It is working when I'm trying to use normal flow such as:

  1. I am the client trying to talk with example.com, through the localhost:8080 envoy proxy. (It works) Client (HTTP CONNECT example.com) --> Envoy Proxy --> example.com

  2. I am the client trying to talk with google.com, through the localhost:8080 envoy proxy. But Envoy proxy should connect to meet.google.com. (It DOESN'T works) Client (HTTP CONNECT google.com) --> Envoy Proxy --> meet.google.com.

Not clear how to achieve the second situation, I set my cluster to meet.google.com but it didn't make any difference.

Here is my envoy config yaml file :

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address:
      protocol: TCP
      address: 0.0.0.0
      port_value: 9901
static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address:
          protocol: TCP
          address: 0.0.0.0
          port_value: 10000
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: meet_service
                      domains: ["google.com:*"]
                      routes:
                        - match:
                            prefix: "/"
                          route:
                            cluster: meet
                        - match:
                            connect_matcher: {}
                          route:
                            cluster: meet
                            upgrade_configs:
                              - upgrade_type: CONNECT
                                connect_config: {}
                    - name: local_service
                      domains: ["*"]
                      routes:
                        - match:
                            prefix: "/"
                          route:
                            cluster: dynamic_forward_proxy_cluster
                        - match:
                            connect_matcher: {}
                          name: connect_match
                          route:
                            cluster: dynamic_forward_proxy_cluster
                            upgrade_configs:
                              - upgrade_type: CONNECT
                                connect_config: {}
                http_filters:
                  - name: envoy.filters.http.dynamic_forward_proxy
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
                      dns_cache_config:
                        name: dynamic_forward_proxy_cache_config
                        dns_lookup_family: V4_ONLY
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
    - name: dynamic_forward_proxy_cluster
      connect_timeout: 1s
      lb_policy: CLUSTER_PROVIDED
      cluster_type:
        name: envoy.clusters.dynamic_forward_proxy
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
          dns_cache_config:
            name: dynamic_forward_proxy_cache_config
            dns_lookup_family: V4_ONLY
    - name: meet
      connect_timeout: 1s
      lb_policy: ROUND_ROBIN
      type: STRICT_DNS
      dns_lookup_family: V4_ONLY
      load_assignment:
        cluster_name: meet
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: meet.google.com
                      port_value: 443
soulxu commented 1 month ago

@rlanhellas what client do you use? If you use 'curl' with HTTP_RPOXY env variable, it won't send request with HTTP connect. You can use curl --proxy-tunnel https://127.0.0.1:10000. I tested with your config, it seems work for me.

rlanhellas commented 1 month ago

thanks @soulxu , simpler than I thought. For me HTTP_PROXY would send a HTTP CONNECT at all

github-actions[bot] commented 1 week ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] commented 4 days ago

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.