in src/go/configgenerator/filtergen/http_connection_manager.go [87:200]
func (g *HTTPConnectionManagerGenerator) GenFilterConfig() (proto.Message, error) {
httpConMgr := &hcmpb.HttpConnectionManager{
UpgradeConfigs: []*hcmpb.HttpConnectionManager_UpgradeConfig{
{
UpgradeType: "websocket",
},
},
CodecType: hcmpb.HttpConnectionManager_AUTO,
StatPrefix: util.StatPrefix,
UseRemoteAddress: &wrapperspb.BoolValue{Value: g.EnvoyUseRemoteAddress},
XffNumTrustedHops: uint32(g.EnvoyXffNumTrustedHops),
// Security options for `path` header.
NormalizePath: &wrapperspb.BoolValue{Value: g.NormalizePath},
MergeSlashes: g.MergeSlashesInPath,
}
// Converting the error message for requests rejected by Envoy to JSON format:
//
// {
// "code": "http-status-code",
// "message": "the error message",
// }
//
httpConMgr.LocalReplyConfig = &hcmpb.LocalReplyConfig{
BodyFormat: &corepb.SubstitutionFormatString{
Format: &corepb.SubstitutionFormatString_JsonFormat{
JsonFormat: &structpb.Struct{
Fields: map[string]*structpb.Value{
"code": {
Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"},
},
"message": {
Kind: &structpb.Value_StringValue{StringValue: "%LOCAL_REPLY_BODY%"},
},
},
},
},
},
}
// https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf
if g.DisallowEscapedSlashesInPath {
httpConMgr.PathWithEscapedSlashesAction = hcmpb.HttpConnectionManager_UNESCAPE_AND_REDIRECT
} else {
httpConMgr.PathWithEscapedSlashesAction = hcmpb.HttpConnectionManager_KEEP_UNCHANGED
}
if g.AccessLogPath != "" {
fileAccessLog := &facpb.FileAccessLog{
Path: g.AccessLogPath,
}
if g.AccessLogFormat != "" {
fileAccessLog.AccessLogFormat = &facpb.FileAccessLog_LogFormat{
LogFormat: &corepb.SubstitutionFormatString{
Format: &corepb.SubstitutionFormatString_TextFormat{
TextFormat: g.AccessLogFormat,
},
},
}
}
serialized, _ := anypb.New(fileAccessLog)
httpConMgr.AccessLog = []*acpb.AccessLog{
{
Name: util.AccessFileLogger,
Filter: nil,
ConfigType: &acpb.AccessLog_TypedConfig{
TypedConfig: serialized,
},
},
}
}
if !g.TracingOptions.DisableTracing {
var err error
httpConMgr.Tracing, err = tracing.CreateTracing(*g.TracingOptions)
if err != nil {
return nil, err
}
}
if g.UnderscoresInHeaders {
httpConMgr.CommonHttpProtocolOptions = &corepb.HttpProtocolOptions{
HeadersWithUnderscoresAction: corepb.HttpProtocolOptions_ALLOW,
}
} else {
httpConMgr.CommonHttpProtocolOptions = &corepb.HttpProtocolOptions{
HeadersWithUnderscoresAction: corepb.HttpProtocolOptions_REJECT_REQUEST,
}
}
if g.EnableGrpcForHttp1 {
// Retain gRPC trailers if downstream is using http1.
httpConMgr.HttpProtocolOptions = &corepb.Http1ProtocolOptions{
EnableTrailers: true,
}
}
if g.IsSchemeHeaderOverrideRequired {
httpConMgr.SchemeHeaderTransformation = &corepb.SchemeHeaderTransformation{
Transformation: &corepb.SchemeHeaderTransformation_SchemeToOverwrite{
SchemeToOverwrite: "https",
},
}
}
jsonStr, _ := util.ProtoToJson(httpConMgr)
glog.Infof("HTTP Connection Manager config before adding routes or HTTP filters: %v", jsonStr)
return httpConMgr, nil
}