Upstream HTTP/1.1 Proxy (proto)

This extension has the qualified name envoy.transport_sockets.http_11_proxy

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport

[extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport proto]

HTTP/1.1 proxy transport socket establishes an upstream connection to a proxy address instead of the target host’s address. This behavior is triggered when the transport socket is configured and proxy information is provided.

Behavior when proxying:

When an upstream connection is established, instead of connecting directly to the endpoint address, the client will connect to the specified proxy address, send an HTTP/1.1 CONNECT request indicating the endpoint address, and process the response. If the response has HTTP status 200, the connection will be passed down to the underlying transport socket.

Configuring proxy information:

Set typed_filter_metadata in LbEndpoint.Metadata or LocalityLbEndpoints.Metadata. using the key envoy.http11_proxy_transport_socket.proxy_address and the proxy address in config::core::v3::Address format.

{
  "transport_socket": {...}
}
transport_socket

(config.core.v3.TransportSocket) The underlying transport socket being wrapped. Defaults to plaintext (raw_buffer) if unset.