forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathencapsulate_in_http2_connect.yaml
51 lines (50 loc) · 1.66 KB
/
encapsulate_in_http2_connect.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# This configuration takes incoming data on port 10000 and encapsulates it in a CONNECT
# request which is sent upstream port 10001.
# It can be used to test TCP tunneling as described in
# https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
# and running `curl -H 'Host: www.google.com' --resolve www.google.com:10000:127.0.0.1 https://www.google.com:10000`
admin:
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9903
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 10000
filter_chains:
- filters:
- name: tcp
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp_stats
cluster: "cluster_0"
tunneling_config:
hostname: host.com:443
headers_to_add:
- header:
key: original_dst_port
value: "%DOWNSTREAM_LOCAL_PORT%"
clusters:
- name: cluster_0
connect_timeout: 5s
# This ensures HTTP/2 CONNECT is used for establishing the tunnel.
typed_extension_protocol_options:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicit_http_config:
http2_protocol_options: {}
load_assignment:
cluster_name: cluster_0
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 10001