cwebber.net

Random thoughts about life, ops, dev, and management

Configuring Envoy to Use SSL/TLS With the V2 API

| Comments

I have been doing a bit of playing with the Envoy Proxy this week. One of the things I ran into that has been painful was configuring a listener to use SSL/TLS. Below is some sample config to make it easier for the next person to dig out the config necessary to make it happen.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
static_resources:
  listeners:
  - address:
      socket_address:
        address: 0.0.0.0
        port_value: 443
    filter_chains:
      tls_context:
        common_tls_context:
          tls_certificates:
          - certificate_chain:
              filename: "/etc/envoy/frontend-certs/service.crt"
            private_key:
              filename: "/etc/envoy/frontend-certs/service.key"
      filters:
      - name: envoy.http_connection_manager
        config:
          tracing:
            operation_name: egress
          access_log:
          - name: envoy.file_access_log
            config:
              path: "/dev/stdout"
          codec_type: auto
          stat_prefix: ingress_http
          route_config:
          (...)

Comments