ProxyConf is a control plane for Envoyproxy that simplifies and secures API management in enterprise environments. It leverages the OpenAPI specification to streamline the configuration of Envoyproxy, providing a powerful yet user-friendly approach for managing, and securing API traffic at scale.
MPL-2.0 License
ProxyConf is a control plane for Envoyproxy that simplifies and secures API management in enterprise environments. It leverages the OpenAPI specification to streamline the configuration of Envoyproxy, providing a powerful yet user-friendly platform for managing, and securing API traffic at scale.
[!WARNING] ProxyConf is currently in development and under active construction . While it may already be usable for some cases, theres a good chance youll encounter bugs or incomplete features.
However, your feedback is incredibly valuable to us! If you're feeling adventurous, wed love for you to try it out and let us know what works, what doesnt, and where we can improve. Together, we can make ProxyConf even better!
Envoyproxy Integration
ProxyConf Control Plane
Proprietary Extensions (Available as Paid Add-ons, work in progress)
Feature | OpenAPI Extension | Implementation | Open Source | Paid Add-On | DONE |
---|---|---|---|---|---|
Downstream TLS | x-proxyconf-api-url (automatic for https url) | Envoy SDS | x | yes | |
Downstream Static mTLS Authentication | x-proxyconf-downstream-auth | Envoy TLS Inspector + RBAC Filter | x | yes | |
Downstream Static API Key Authentication | x-proxyconf-downstream-auth | Custom Lua Filter + Envoy RBAC Filter | x | yes | |
Downstream Static Basic Authentication | x-proxyconf-downstream-auth | Custom Lua Filter + Envoy RBAC Filter | x | yes | |
Downstream JWT based Authentication | x-proxyconf-downstream-auth | Envoy JWT Filter | x | yes | |
Source IP filtering | x-proxyconf-listener {allowed-source-ips} | Envoy RBAC Filter | x | yes | |
Multi-Cluster Support | x-proxyconf-cluster-id | Envoy cluster id mapping | x | yes | |
Multi-Listener Support | x-proxyconf-listener | Envoy listener | x | yes | |
Virtual Hosts Support | x-proxyconf-api-url (host is extracted from the url) | Envoy RDS | x | yes | |
Routing based on HTTP Method & Path | n/a | Envoy RDS | x | yes | |
Routing based on Path templates | n/a | Envoy RDS | x | yes | |
Routing checks required request headers | x-proxyconf-fail-fast-on-missing-header-parameter | Envoy RDS | x | yes | |
Routing checks required query parameters | x-proxyconf-fail-fast-on-missing-query-parameter | Envoy RDS | x | yes | |
Routing checks required request content type header | x-proxyconf-fail-fast-on-wrong-media-type | Envoy RDS | x | yes | |
Upstream server load balancing | x-proxyconf-server-weight | Envoy weighted cluster | x | yes | |
Request header validation | JSON Schema | Golang Envoy Plugin | x | yes | |
Response header validation | JSON Schema | Golang Envoy Plugin | x | yes | |
Query parameter validation | JSON Schema | Golang Envoy Plugin | x | yes | |
Request body validation JSON / Form-Data | JSON schema | Golang Envoy Plugin | x | yes | |
Response body validation JSON / Form-Data | JSON schema | Golang Envoy Plugin | x | yes | |
Vulnerability scanning | Golang Envoy Plugin | ? | no | ||
Request body validation XML | XML schema | Golang Envoy Plugin | x | no | |
Response body validation XML | JSON schema | Golang Envoy Plugin | x | no | |
SOAP & WSDL based configuration | ? | no |
To quickly explore the capabilities of ProxyConf, we provide a demo environment that can be easily launched using Docker Compose. The demo setup, located inside the demo
folder, includes all the necessary components to run a local instance of Envoyproxy with ProxyConf, configured to proxy traffic to a local instance of the Swagger Petstore API.
setup-certificates.sh
script located in the demo
folder:
./setup-certificates.sh
docker-compose up
demo/proxyconf/oas3specs/petstore.yaml
that Envoy proxies traffic to, allowing you to experiment with API management features such as routing, TLS termination, and request validation.This demo provides a hands-on way to see how ProxyConf simplifies the configuration and management of Envoyproxy.
We welcome contributions to ProxyConf! Whether its bug fixes, new features, or improvements to documentation, your help is appreciated.
feature/your-feature
).Were excited to collaborate with the community to make ProxyConf better! Feel free to open an issue if you have questions or need guidance.
ProxyConf is licensed under the Mozilla Public License 2.0. You are free to use, modify, and distribute the software under the terms of this license.
For more details, please refer to the LICENSE file included in the repository.
ProxyConf is built on top of the amazing work done by the Envoy Proxy team. Were standing on the shoulders of giants, leveraging Envoys powerful and flexible architecture to bring ProxyConf to life.
We greatly appreciate the efforts of the Envoy community and contributors for making such a robust and versatile project available!
If you have any questions about features, want to report bugs, or request new functionality, please open a GitHub Issue. We actively monitor and respond to issues to help improve ProxyConf.
For security concerns, business inquiries, or consulting requests, feel free to reach out via email at [email protected].
ProxyConf helps you take control of your API operations, providing the tools needed to secure, optimize, and scale your API infrastructure efficiently. With optional paid extensions for request/response validation and SOAP/WSDL support, ProxyConf can meet the needs of both modern and legacy systems.