configs: add support for using dynamic forward proxy#320
Conversation
Signed-off-by: Mike Schore <mike.schore@gmail.com>
Signed-off-by: Mike Schore <mike.schore@gmail.com>
goaway
left a comment
There was a problem hiding this comment.
This looks great, nice work!
Can the Android example apps be updated here too to keep CI green?
Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
5452a1b to
515a133
Compare
Signed-off-by: Michael Rebello <me@michaelrebello.com>
| # tls_context: | ||
| # common_tls_context: | ||
| # validation_context: | ||
| # trusted_ca: {filename: /etc/ssl/certs/ca-certificates.crt} |
There was a problem hiding this comment.
We definitely need/want this. Do we know what the correct paths to load the platform trusted CA files are? Or is it more difficult than that on mobile?
There was a problem hiding this comment.
Totally agree. We're planning on merging with this temporarily disabled, as we'll likely need to compile our own with the library. Tracking here, and linked within the config: #322
There was a problem hiding this comment.
It's a little scary to merge this as is, in case anyone's actually playing around with this library. Do you want to add logic to manually reject non-https traffic for now?
There was a problem hiding this comment.
Talked offline - opted to leave a WARNING! here since this is in examples/ and we are still in demo stage.
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com> Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
Signed-off-by: Michael Rebello <me@michaelrebello.com>
|
nice work |
|
Thanks for the reviews! |
We'll be using the dynamic forward proxy configuration as the defacto configuration that will ship with Envoy Mobile. This will allow us to avoid making consumers register the DNS/domains they need to support when starting up the Envoy instance.
This PR:
Future PRs will:
Part of #169.
Signed-off-by: Michael Rebello me@michaelrebello.com