# This configuration takes incoming data on port 10000 and encapsulates it in a POST
# request which is sent upstream port 10001.
# It can be used to test TCP tunneling as described in
# https://envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
# and running `curl -x 127.0.0.1:10000 https://www.google.com`

admin:
  address:
    socket_address:
      protocol: TCP
      address: 127.0.0.1
      port_value: 9903
static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        protocol: TCP
        address: 127.0.0.1
        port_value: 10000
    filter_chains:
    - filters:
      - name: tcp
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          stat_prefix: tcp_stats
          cluster: "cluster_0"
          tunneling_config:
            hostname: host.com:443
            use_post: true
  clusters:
  - name: cluster_0
    connect_timeout: 5s
    # This ensures HTTP/2 POST is used for establishing the tunnel.
    typed_extension_protocol_options:
      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
        "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
        explicit_http_config:
          http2_protocol_options: {}
    load_assignment:
      cluster_name: cluster_0
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 10001