-
-
Save cortex93/6d7cd9738b077d0447ab891cbacd0d5e to your computer and use it in GitHub Desktop.
admin: | |
access_log_path: "/dev/stdout" | |
address: | |
socket_address: | |
protocol: TCP | |
address: 127.0.0.1 | |
port_value: 7779 | |
static_resources: | |
listeners: | |
- name: main_listener | |
address: | |
socket_address: | |
address: 0.0.0.0 | |
port_value: 80 | |
filter_chains: | |
- filters: | |
- name: envoy.filters.network.http_connection_manager | |
typed_config: | |
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager | |
codec_type: auto | |
stat_prefix: ingress_http | |
route_config: | |
name: local_route | |
virtual_hosts: | |
- name: app | |
domains: | |
- "*" | |
routes: | |
- match: | |
prefix: "/" | |
route: | |
host_rewrite_literal: edition.cnn.com | |
cluster: "loopback_cluster" | |
http_filters: | |
- name: envoy.filters.http.router | |
typed_config: | |
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router | |
- name: api_proxy_listener | |
address: | |
pipe: | |
path: "@/cluster_0" | |
filter_chains: | |
- filters: | |
- name: tcp | |
typed_config: | |
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy | |
stat_prefix: tcp_stats | |
cluster: "proxy_cluster" | |
tunneling_config: | |
hostname: edition.cnn.com:443 | |
headers_to_add: | |
- header: | |
key: Proxy-Authorization | |
value: Basic dXNlcjpwYXNzd29yZA== # replace with your credentials | |
append: false | |
clusters: | |
- name: proxy_cluster | |
connect_timeout: 0.25s | |
type: strict_dns | |
lb_policy: round_robin | |
load_assignment: | |
cluster_name: proxy_cluster | |
endpoints: | |
- lb_endpoints: | |
- endpoint: | |
address: | |
socket_address: | |
address: host.docker.internal # simulate a corporate proxy | |
port_value: 8888 | |
- name: loopback_cluster | |
connect_timeout: 5s | |
upstream_connection_options: | |
tcp_keepalive: {} | |
type: STATIC | |
load_assignment: | |
cluster_name: loopback_cluster | |
endpoints: | |
- lb_endpoints: | |
- endpoint: | |
address: | |
pipe: | |
path: "@/cluster_0" | |
transport_socket: | |
name: envoy.transport_sockets.tls | |
typed_config: | |
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext | |
sni: edition.cnn.com | |
Looking at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization probably you need to add the type? Most likely it's something like: "Basic YTpi"
headers_to_add:
- header:
key: Proxy-Authorization
value: "Basic YTpi"
Looking at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization probably you need to add the type? Most likely it's something like: "Basic YTpi"
headers_to_add: - header: key: Proxy-Authorization value: "Basic YTpi"
That's right. Fixed with "user:password" as credentials.
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
You should check your upstream proxy for what authentication type it support.
For dynamic hostname, I don't know.
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
@rocky0001 did you manage to have a dynamic hostname solution ?
no.
live example with squid as L2 TLS proxy at https://github.com/scrocquesel/envoy_examples/tree/main/tls_origination_via_tls_l2_proxy
Thanks to envoyproxy/envoy#19612, the sample now allows for dynamic hostname solution. Setting domain matcher to "*" will let envoy proxy any destination to the L2 proxy.
what was the value of the Proxy-Authorization? I got the following error with Squid proxy. "Unsupported or unconfigured/inactive proxy-auth scheme" and "Bad characters in authorization header 'Basic ****". Thanks.