Envoy: Support running without an admin interface

Created on 20 Jul 2017  路  3Comments  路  Source: envoyproxy/envoy

Some of Envoy's use cases, such as reverse-proxying to a non-TLS-capable backend, don't benefit much from having an admin interface available. It's just one additional port that I need to figure out how to firewall away from unauthorized access.

It'd be nice if the admin interface were made optional. Potential ways to disable it include leaving out the "admin" section of the config, or passing some special flag.

beginner enhancement help wanted
Source
picture jmillikin-stripe
👍3

All 3 comments

It's hard for me to imagine why anyone would ever run without the admin interface. Too useful for ops. However, not opposed to making it optional if someone does the patch.

mattklein123 picture mattklein123 on 20 Jul 2017
👍1

FWIW, if one wants to "disable" the admin interface, I believe the following would work:

 "admin": {                                       
   "access_log_path": "/dev/null",                
   "address": "tcp://127.0.0.1:0"                   
 }

This asks the OS to assign a random high port. It'll then only listen for requests originating within the machine.

tlhunter picture tlhunter on 15 Nov 2017

Closing as I just don't see this getting implemented. If someone wants to step up we can reopen.

mattklein123 picture mattklein123 on 18 May 2018
😕1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  3Comments
sabiurr picture sabiurr  路  3Comments
boncheo picture boncheo  路  3Comments
jeremybaumont picture jeremybaumont  路  3Comments
weixiao-huang picture weixiao-huang  路  3Comments