Content differences:
--- /etc/envoy/listeners.d/00-tls_terminator_1443.yaml.orig
+++ /etc/envoy/listeners.d/00-tls_terminator_1443.yaml
@@ -8,6 +8,49 @@
"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
tcp_fast_open_queue_length: 150
filter_chains:
+- filter_chain_match:
+ server_names: ["*"]
+ transport_socket:
+ name: envoy.transport_sockets.tls
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
+ common_tls_context:
+ tls_certificates:
+ - certificate_chain: { filename: "" }
+ private_key: { filename: "" }
+ filters:
+ - name: envoy.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ http_protocol_options:
+ accept_http_10: true
+ stat_prefix: ingress_http
+ route_config:
+ virtual_hosts:
+ - name: default
+ domains: ["*"]
+ routes:
+ - match: { prefix: "/" }
+ route:
+ cluster: local_port_80
+ timeout: 65.0s
+ retry_policy:
+ num_retries: 1
+ retry_on: "5xx"
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ server_header_transformation: APPEND_IF_ABSENT
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
# Non-SNI support
- transport_socket:
name: envoy.transport_sockets.tls