MALICON/envoy.yaml at master · Choseungheee/MALICON · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
admin:
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          upgrade_configs:
          - upgrade_type: websocket
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: ws_service
              domains: ["ov.blahblah.movebxeax.me"]
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: blahblah_openvidu
            - name: local_service
              domains: ["blahblah.movebxeax.me"]
              routes:
              - match: { prefix: "/web-service/" }
                route: { cluster: blahblah_backend }
              - match: { prefix: "/stream-service/" }
                route: { cluster: blahblah_backend }
              - match: { prefix: "/" }
                route: { cluster: blahblah_frontend }
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
      transport_socket:
        name: envoy.transport_sockets.tls
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
          common_tls_context:
            tls_certificates:
              - certificate_chain:
                  filename: /etc/letsencrypt/live/blahblah.movebxeax.me/fullchain.pem
                  filename: /etc/letsencrypt/live/ov.blahblah.movebxeax.me/fullchain.pem
                private_key:
                  filename: /etc/letsencrypt/live/blahblah.movebxeax.me/privkey.pem
                  filename: /etc/letsencrypt/live/ov.blahblah.movebxeax.me/privkey.pem
            validation_context:
              trusted_ca:
                filename: /etc/ssl/certs/ca-certificates.crt
            alpn_protocols: ["h2,http/1.1"]

  - name: listener_1
    address:
      socket_address: { address: 0.0.0.0, port_value: 80 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: ws_service
              domains: ["ov.blahblah.movebxeax.me"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: blahblah_openvidu }
            - name: local_service
              domains: ["blahblah.movebxeax.me"]
              routes:
              - match: { prefix: "/" }
                redirect: { https_redirect: true }
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router

  clusters:
  - name: blahblah_frontend
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: frontend
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: blahblah.movebxeax.me
                port_value: 3030
  - name: blahblah_backend
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: backend
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: blahblah.movebxeax.me
                port_value: 8080
  - name: blahblah_openvidu
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    http2_protocol_options: { allow_connect: true }
    load_assignment:
      cluster_name: openvidu
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: ov.blahblah.movebxeax.me
                port_value: 4443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        common_tls_context:
          tls_certificates:
          - certificate_chain:
              filename: /etc/letsencrypt/live/ov.blahblah.movebxeax.me/fullchain.pem
            private_key:
              filename: /etc/letsencrypt/live/ov.blahblah.movebxeax.me/privkey.pem
          validation_context:
            trusted_ca:
              filename: /etc/ssl/certs/ca-certificates.crt
          alpn_protocols: ["h2,http/1.1"]