利用envoy 转发tcp port（22 ssh）

本文主要介绍如何通过envoy，转发tcp port 22，实现ssh 代理

一，安装envoy 到centos7

   1. 如果server可以连接internet，可以使用如下steps，online 安装envoy

yum install -y getenvoy-envoy
yum-config-manager --add-repo https://getenvoy.io/linux/centos/tetrate-getenvoy.repo
yum-config-manager --enable tetrate-getenvoy-nightly
yum install -y getenvoy-envoy
envoy --version
which envoy

    2. 如果server无法访问internet，则可以安装envoy到一台可以上网的server。然后copy binary envoy到打算安装的server上

  scp /usr/bin/envoy 10.71.244.240:/root/proxy

二，运行envoy

    1. 首先编辑静态配置文件config.yaml，  22002  ->  target port 22 

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address:
      protocol: TCP
      address: 0.0.0.0
      port_value: 9991
static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 22002
    filter_chains:
    - filters:
      - name: envoy.filters.network.tcp
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          stat_prefix: ingress_tcp
          max_connect_attempts: 5
          cluster: nso
  clusters:
  - name: nso
    connect_timeout: 0.25s
    type: STATIC
    load_assignment:
      cluster_name: nso
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 240b:c01d:5126:1000::3
                port_value: 22

　　

   2. 运行envoy

#!/bin/bash
cd $(dirname "${BASH_SOURCE[0]}")
##Use socat 
#python socatd.py

##Use envoy 
./envoy -c config.yaml