I’m trying to use Istio’s Ingress Gateway with an external load balancer. When I try using proxy protocol filter, so that I get the right IP address, I have a problem that Envoy doesn’t see the REQUESTED_SERVER_NAME from SNI (I see “-” in access log). When I disable proxy protocol in the load balancer and delete the filter, it works and REQUESTED_SERVER_NAME is correctly populated.
Is there a way to use the proxy protocol filter, but still see REQUESTED_SERVER_NAME. The way it is, I can’t really use HTTPS unless I set my gateway to match “*”.
This is how the filter looks like:
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: istio-ingressgateway-proxy-protocol namespace: istio-system spec: workloadSelector: labels: istio: ingressgateway configPatches: - applyTo: LISTENER patch: operation: MERGE value: listener_filters: - name: envoy.filters.listener.proxy_protocol