Configure HTTP Egress Traffic using Wildcard Hosts

#1

With the use of an additional SNI proxy container, we have a way to route HTTPS traffic through the egress gateway without having to specify particular hosts: https://istio.io/docs/examples/advanced-gateways/wildcard-egress-hosts/

Is there a way to similarly configure HTTP traffic (without TLS) to be routed from application container, through sidecar, then to egress gateway and out? So far I have only found a way to do this by creating ServiceEntries for specific external servers not for wild-carded destinations.

@vadimeisenbergibm, @frankbu @geeknoid: Your suggestions would be much appreciated.

Thanks!

#2

Perhaps the envoy Original destination host request header can be used? https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing/original_dst

#3

@skydoctor You can do it, I tested various proxy options here https://github.com/vadimeisenbergibm/envoy-generic-forward-proxy.

The problem is however, with performance, since the additional Nginx proxy will not respect the original keep-alive directive, and the connections will not be kept alive.

#4

@vadimeisenbergibm does configuring “keepalive” on NGINX keep the connection open?

http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

#5

I do not remember currently, there was some problem with it.