TechQA.

Looking for Envoy example for "proxy_set_header" in reverse proxy

995 views Asked by At

I'm migrating Nginx to Envoy and I couldn't figure out how to replace those settings:

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Host $http_host;

I have read Envoy's document about IT Transprency, but I still couldn't figure out how to config it. When I try to test the example included in the above link, I got an error:

invalid value Invalid type URL, unknown type: envoy.extensions.transport_sockets.proxy_protocol.v3.ProxyProtocolUpstreamTransport for type Any)

Appreciate it if someone can share with me a real example to support above 3 proxy_set_header equivalency in Envoy.

envoyproxy
Original Q&A
1

There are 1 answers

0
Jasper Siepkes On

Judging from your NGINX snippet you probably want Envoy to add XFF headers to the request made to the upstream server?

The XFF headers (ie. headers like X-Forwarded-For) are something different then using the PROXY protocol (which ProxyProtocolUpstreamTransport does). The PROXY protocol is used to get IP transparency on layer 4 (TCP). XFF is used on layer 7 with HTTP.

The documentation you need is here: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/ip_transparency#arch-overview-ip-transparency-original-src-http

Below is an example. xff_num_trusted_hops: 0 tells Envoy to discard any XFF header it receives (we definitely do no trust XFF headers from the Internet if we are an edge proxy). use_remote_address: true tells Envoy to generate new XFF headers for the upstream request.

        - filter_chain_match:
            server_names: "foo.example.com"
          filters:
            - name: envoy.filters.network.http_connection_manager
              config:
                stat_prefix: ingress_http
                codec_type: AUTO
                use_remote_address: true
                xff_num_trusted_hops: 0
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: vh_foo_example
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route: {
                            timeout: 60s,
                            cluster: srv_upstream
                          }
                http_filters:
                  - name: envoy.router

Related Questions in ENVOYPROXY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions