我正在尝试了解更多关于 Envoy(使用 Docker 映像)并将其设置为反向代理的信息。
Requests → Docker container running Envoy → Proxy to a different server based on the request.
我遇到了解决代理地址的问题。这是我访问 localhost:8080 时看到的内容。
upstream connect error or disconnect/reset before headers. reset reason: connection failure
Dockerfile:
FROM envoyproxy/envoy:v1.18.3
COPY envoy-custom.yaml /etc/envoy/envoy.yaml
RUN chmod go+r /etc/envoy/envoy.yaml
Envoy 配置 envoy-custom.yaml,使用 example here 的简化版本。它正在侦听端口 8080,并尝试代理到内部服务器。为简单起见,它目前设置为代理所有请求。
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: gateway
domains:
- "*"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.filters.http.router
typed_config: {}
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: LOGICAL_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: frontend
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
# address: host.docker.internal
# address: some-address-inside-a-corp-network
# For the purposes of this post, proxying
# to Google
address: google.com
port_value: 80
Envoy 配置似乎符合 V3。
$ docker run --rm \
-v (pwd)/envoy.custom.yaml:/my-envoy-config.yaml \
envoyproxy/envoy:v1.18.3 \
--mode validate \
-c my-envoy-config.yaml
[2021-05-20 17:30:35.544][1][info][main] [source/server/server.cc:667] runtime: layers:
- name: base
static_layer:
{}
- name: admin
admin_layer:
{}
[2021-05-20 17:30:35.544][1][info][config] [source/server/configuration_impl.cc:128] loading tracing configuration
[2021-05-20 17:30:35.544][1][info][config] [source/server/configuration_impl.cc:88] loading 0 static secret(s)
[2021-05-20 17:30:35.544][1][info][config] [source/server/configuration_impl.cc:94] loading 1 cluster(s)
[2021-05-20 17:30:35.545][1][info][config] [source/server/configuration_impl.cc:98] loading 1 listener(s)
configuration 'my-envoy-config.yaml' OK
[2021-05-20 17:30:35.547][1][info][config] [source/server/configuration_impl.cc:110] loading stats configuration
Envoy 登录调试模式:
...
[2021-05-20 17:15:02.991][1][debug][upstream] [source/common/upstream/upstream_impl.cc:279] transport socket match, socket default selected for host with address [2607:f8b0:4007:804::200e]:80
[2021-05-20 17:15:02.991][1][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:170] DNS refresh rate reset for google.com, refresh rate 5000 ms
[2021-05-20 17:15:07.960][1][debug][upstream] [source/common/upstream/upstream_impl.cc:279] transport socket match, socket default selected for host with address [2607:f8b0:4007:804::200e]:80
[2021-05-20 17:15:07.960][1][debug][upstream] [source/common/upstream/strict_dns_cluster.cc:170] DNS refresh rate reset for google.com, refresh rate 5000 ms
...
就其价值而言,我能够使用 Nginx 成功实现代理,使用这些配置。
nginx.conf:
server {
listen 8080;
server_name 0.0.0.0;
location / {
# Testing if proxying is working locally; seems to be
# proxy_pass http://host.docker.internal:9090;
# Testing if proxying to a corp server is working; seems to be
# proxy_pass some-address-inside-a-corp-network
# For the purposes of this post, proxying to Google
proxy_pass https://www.google.com;
}
}
用于设置 Nginx 的 Dockerfile:
FROM nginx:latest
COPY nginx.conf /etc/nginx/conf.d/default.conf
我的配置中是否遗漏了一些东西,这会阻止 Envoy 进行代理?
答案 0 :(得分:1)
从你贴出的日志来看上游地址是在ip v6中解析的,尝试将其限制在https://www.envoyproxy.io/docs/envoy/v1.18.3/api-v3/config/cluster/v3/cluster.proto#enum-config-cluster-v3-cluster-dnslookupfamily中的v4。另外,不知道这是否是一个因素,但您将 Nginx 代理到 Google.com 的 443 端口,而不是像 Envoy 配置中的 80 端口。