This repository demonstrates how to use Envoy proxy with an external authorization service.
To install the project, follow these steps:
-
Clone the repository:
git clone https://github.com/ferencsarai/envoy-auth
-
Change into the project directory:
cd envoy-auth -
Build the project using Docker Compose:
docker compose build
-
To run the project, use the following command:
docker compose up
Once the project is running, you can send requests to http://localhost:8000 with the User-Agent: Chrome header to get a successful response. Requests with any other User-Agent header will result in a 403 status code.
-
Allowed (200) - this will return a response from the echo service http-echo:
curl -v -A "Chrome" http://localhost:8000 -
Not allowed (403):
# any non-Chrome User-Agent curl -v -A "sfjs" http://localhost:8000
The project utilizes three containers from the docker compose file.
sequenceDiagram
participant Client
participant Envoy as Envoy Proxy<br/>(port 8000)
participant Auth as Auth Service<br/>(port 3000)
participant Echo as Echo Service<br/>(port 8080)
Client->>Envoy: GET / (User-Agent: Chrome)
Envoy->>Auth: forward User-Agent header
Auth-->>Envoy: 200 OK
Envoy->>Echo: forward original request
Echo-->>Envoy: 200 OK + echoed request
Envoy-->>Client: 200 OK + echoed request
sequenceDiagram
participant Client
participant Envoy as Envoy Proxy<br/>(port 8000)
participant Auth as Auth Service<br/>(port 3000)
participant Echo as Echo Service<br/>(port 8080)
Client->>Envoy: GET / (User-Agent: sfjs)
Envoy->>Auth: forward User-Agent header
Auth-->>Envoy: 403 Forbidden
Envoy-->>Client: 403 Forbidden
Note over Echo: never reached
Envoy proxy configuration: envoy.yaml
See CONTRIBUTING.md for guidelines. Please also review our CODE_OF_CONDUCT.md and CODEOWNERS.
This project is licensed under the terms of the MIT License.