Hi. I've been trying to piece together a v2 tcp proxy example, but I keep running into schema issues. Would you be willing to include one in the docs? Thanks!
josdotso
All 6 comments
Here's a super simple client TCP Proxy config I had from experimenting with Thrift behind Envoy. Any particular schema issues?
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 9292
filter_chains:
- filters:
- name: envoy.tcp_proxy
config:
stat_prefix: ingress_tcp
cluster: thrift_server
access_log:
- name: envoy.file_access_log
config:
path: /dev/stdout
clusters:
- name: thrift_server
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
hosts:
- socket_address:
address: 127.0.0.1
port_value: 8000
admin:
access_log_path: "/dev/null"
address:
socket_address:
address: 0.0.0.0
port_value: 8001
derekargueta
on 24 Mar 2018
Thanks @derekargueta . This helps.
josdotso
on 22 Apr 2018
@josdotso here is another simple one that uses SDS and includes stats for CockroachDB.
{
"admin": {
"access_log_path": "/home/Library/envoy/cockroach_front_admin_access.log",
"address": {
"socket_address": {
"address": "::",
"port_value": 9007
}
}
},
"static_resources": {
"clusters": [
{
"connect_timeout": "0.5s",
"eds_cluster_config": {
"eds_config": {
"api_config_source": {
"api_type": "REST_LEGACY",
"cluster_names": [
"sds_cluster"
],
"refresh_delay": "5s"
}
}
},
"http2_protocol_options": {
"hpack_table_size": 0
},
"lb_policy": "ROUND_ROBIN",
"name": "cockroach",
"type": "EDS"
},
{
"connect_timeout": "0.25s",
"lb_policy": "ROUND_ROBIN",
"hosts": [
{
"socket_address": {
"address": "computer-hostname",
"port_value": 8883
}
}
],
"name": "sds_cluster",
"type": "LOGICAL_DNS"
}
],
"listeners": [
{
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 9008
}
},
"filter_chains": [
{
"filters": [
{
"config": {
"cluster": "cockroach",
"stat_prefix": "ingress_cockroach"
},
"name": "envoy.tcp_proxy"
}
]
}
],
"name": "tcp_proxy"
}
]
},
"stats_sinks": [
{
"config": {
"address": {
"socket_address": {
"address": "::1",
"port_value": 9125
}
}
},
"name": "envoy.statsd"
}
]
}
moderation
on 23 Apr 2018
How to enable TLS termination and SNI for TCP proxy?
Here is my config
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
# - name: listener_other
- name: listener_mqtt
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 1883
listener_filters:
- name: "envoy.listener.tls_inspector"
config: {}
filter_chains:
- filter_chain_match:
server_names: ["dev.8hoot.com"]
transport_protocol: tls
application_protocols: []
tls_context:
common_tls_context:
tls_certificates:
- certificate_chain:
filename: "./docker_volume_path/cert.pem"
private_key:
filename: "./docker_volume_path/privkey.pem"
filters:
- name: envoy.tcp_proxy
config:
stat_prefix: ingress_tcp
cluster: service_mqtt
clusters:
# - name: service_other
- name: service_mqtt
connect_timeout: 0.25s
type: STATIC
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_mqtt
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 172.17.0.10
port_value: 1883
I am using Mosquitto CLI to connect with the MQTT server. If I comment out the TLS and SNI related lines in the config then I can connect to the MQTT server using Mosquitto CLI using the IP address of the server.
What changes will help fix this issue?
chintan-mishra
on 24 May 2019
@chintan-mishra Hello, did you resolve the issue? Could you share your config? I have one similar issue.
dotw
on 9 Sep 2019
@dotw I haven't had the time to manage infrastructure in the past few days. Please read the comment below.
https://github.com/envoyproxy/envoy/issues/7066#issuecomment-517898960
The user seems to have solved the issue. I haven't had the time to look and experiment myself
chintan-mishra
on 12 Sep 2019
Related issues
zanes2016
路
3Comments
jeremybaumont
路
3Comments
vpiduri
路
3Comments
weixiao-huang
路
3Comments
phlax
路
3Comments
Most helpful comment
Here's a super simple client TCP Proxy config I had from experimenting with Thrift behind Envoy. Any particular schema issues?