I’m trying to use Istio’s Ingress Gateway with an external load balancer. When I try using proxy protocol filter, so that I get the right IP address, I have a problem that Envoy doesn’t see the REQUESTED_SERVER_NAME from SNI (I see “-” in access log). When I disable proxy protocol in the load balancer and delete the filter, it works and REQUESTED_SERVER_NAME is correctly populated.
Is there a way to use the proxy protocol filter, but still see REQUESTED_SERVER_NAME. The way it is, I can’t really use HTTPS unless I set my gateway to match “*”.
This is how the filter looks like:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: istio-ingressgateway-proxy-protocol
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: LISTENER
patch:
operation: MERGE
value:
listener_filters:
- name: envoy.filters.listener.proxy_protocol