Table of Contents
In this article, we will see how to install envoy proxy on Ubuntu Linux. Envoy is a free and open source L7 proxy designed to bridge the gap between multiple application frameworks and languages. It makes the network transparent and works with almost all the application languages. A single envoy deployment forms a communication mesh in which every applications sends and receives messages to and from localhost without being aware of the network details. It is increasingly popular in service oriented architecture.
In a large service oriented architecture, deploying library upgrades can become too tedious and cumbersome. But envoy can be deployed and upgraded quickly across a large infrastructure without too much effort and complexity. Envoy comes with lot of inbuilt features that makes it an ideal proxy to use in service oriented architecture. It's high performance and small footprint edge makes it comparable with other load balancer applications such as Nginx and HAProxy. More on official website.
Features & Advantages
- It makes network transparent.
- It includes a health checking subsystem which can perform active health check of upstream service clusters.
- It is able to employ advance load balancing techniques which can be used by any applications.
- It provides front/edge proxy support with features including TLS termination, HTTP/1.1 HTTP/2 and HTTP/3 support, as well as HTTP L7 routing.
- It provides robust statistics support for all subsystems.
- It has a layered set of Dynamic Configuration APIs for centralized management.
- It supports all of the HTTP/2 features which are required to be used as routing and load balancing substrate for gRPC requests and responses.
How to Install Envoy proxy on Ubuntu Linux
Also Read: How to Install libtool on Ubuntu or Debian Linux
Step 1: Update Your Server
Before installing envoy proxy on Ubuntu, it is important to check for latest available updates and install them by using sudo apt update && sudo apt upgrade command as shown below.
cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade
NOTE:
root or sudo access to run privileged commands.
Step 2: Install prerequisites
It is also important to have all prerequisites in place before installing envoy package. To install all the required packages, run sudo apt install apt-transport-https gnupg2 curl lsb-release command as shown below.
cyberithub@ubuntu:~$ sudo apt install apt-transport-https gnupg2 curl lsb-release Reading package lists... Done Building dependency tree... Done Reading state information... Done lsb-release is already the newest version (11.1.0ubuntu4). The following NEW packages will be installed: curl gnupg2 The following packages will be upgraded: apt-transport-https 1 upgraded, 2 newly installed, 0 to remove and 19 not upgraded. Need to get 201 kB of archives. After this operation, 506 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.12 [1,510 B] Get:2 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 curl amd64 7.81.0-1ubuntu1.16 [194 kB] Get:3 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 gnupg2 all 2.2.27-3ubuntu2.1 [5,548 B] Fetched 201 kB in 1s (155 kB/s) (Reading database ... 245209 files and directories currently installed.) Preparing to unpack .../apt-transport-https_2.4.12_all.deb ... Unpacking apt-transport-https (2.4.12) over (2.4.11) ... Selecting previously unselected package curl. Preparing to unpack .../curl_7.81.0-1ubuntu1.16_amd64.deb ... Unpacking curl (7.81.0-1ubuntu1.16) ... Selecting previously unselected package gnupg2. Preparing to unpack .../gnupg2_2.2.27-3ubuntu2.1_all.deb ... Unpacking gnupg2 (2.2.27-3ubuntu2.1) ... Setting up gnupg2 (2.2.27-3ubuntu2.1) ... Setting up apt-transport-https (2.4.12) ... Setting up curl (7.81.0-1ubuntu1.16) ... Processing triggers for man-db (2.10.2-1) ...
Step 3: Install GPG Key
Download and install GPG key from official website to check the integrity of the downloaded package.
cyberithub@ubuntu:~$ curl -sL 'https://deb.dl.getenvoy.io/public/gpg.8115BA8E629CC074.key' | sudo gpg --dearmor -o /usr/share/keyrings/getenvoy-keyring.gpg
Step 4: Add repo
Then run below command to add repo from where envoy package needs to downloaded and installed along with all its required dependencies.
cyberithub@ubuntu:~$ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/getenvoy-keyring.gpg] https://deb.dl.getenvoy.io/public/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/getenvoy.list deb [arch=amd64 signed-by=/usr/share/keyrings/getenvoy-keyring.gpg] https://deb.dl.getenvoy.io/public/deb/ubuntu jammy main
Step 5: Update Repo cache
Update repository cache by using sudo apt update command. This will update the cache with details of all the packages from newly added repo.
cyberithub@ubuntu:~$ sudo apt update Hit:1 https://aquasecurity.github.io/trivy-repo/deb jammy InRelease Get:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease [3,632 B] Get:3 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Get:4 https://deb.dl.getenvoy.io/public/deb/ubuntu jammy InRelease [2,975 B] Hit:5 http://in.archive.ubuntu.com/ubuntu jammy InRelease Ign:6 https://ppa.launchpadcontent.net/stebbins/handbrake-releases/ubuntu jammy InRelease Get:7 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB] Hit:9 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:10 https://packages.microsoft.com/ubuntu/22.04/prod jammy/main amd64 Packages [137 kB] Get:11 https://deb.dl.getenvoy.io/public/deb/ubuntu jammy/main amd64 Packages [4,348 B] Get:12 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1,303 kB] Get:13 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1,519 kB] Get:14 http://security.ubuntu.com/ubuntu jammy-security/main i386 Packages [436 kB] Get:15 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [852 kB] Get:16 http://in.archive.ubuntu.com/ubuntu jammy-updates/main i386 Packages [602 kB] Get:17 http://in.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [293 kB] Get:18 http://security.ubuntu.com/ubuntu jammy-security/universe i386 Packages [599 kB] Get:19 http://in.archive.ubuntu.com/ubuntu jammy-updates/restricted i386 Packages [35.3 kB] Get:20 http://in.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1,644 kB] Get:21 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe i386 Packages [698 kB] Get:22 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1,060 kB] Reading package lists... Done
Step 6: Install Envoy
In the next step, you can download and install envoy package from getenvoy repo by using sudo apt install -y getenvoy-envoy command as shown below.
cyberithub@ubuntu:~$ sudo apt install -y getenvoy-envoy [sudo] password for cyberithub: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: getenvoy-envoy 0 upgraded, 1 newly installed, 0 to remove and 21 not upgraded. Need to get 16.5 MB of archives. After this operation, 0 B of additional disk space will be used. Get:1 https://deb.dl.getenvoy.io/public/deb/ubuntu jammy/main amd64 getenvoy-envoy amd64 1.18.2.p0.gd362e79-1p75.g76c310e [16.5 MB] Fetched 16.5 MB in 11s (1,456 kB/s) Selecting previously unselected package getenvoy-envoy. (Reading database ... 245222 files and directories currently installed.) Preparing to unpack .../getenvoy-envoy_1.18.2.p0.gd362e79-1p75.g76c310e_amd64.deb ... Unpacking getenvoy-envoy (1.18.2.p0.gd362e79-1p75.g76c310e) ... Setting up getenvoy-envoy (1.18.2.p0.gd362e79-1p75.g76c310e) ...
Step 7: Check Version
To check the current installed version, run envoy --version command as shown below.
cyberithub@ubuntu:~$ envoy --version envoy version: d362e791eb9e4efa8d87f6d878740e72dc8330ac/1.18.2/clean-getenvoy-76c310e-envoy/RELEASE/BoringSSL
Step 8: Run Envoy
To run envoy web server, we are going to use below demo envoy_config.yml.
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
clusters:
- name: service_envoyproxy_io
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
connect_timeout: 5s
load_assignment:
cluster_name: service_envoyproxy_io
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
Then to start envoy as system daemon, run envoy -c envoy-demo.yaml command as shown below.
cyberithub@ubuntu:~$ envoy -c envoy-demo.yaml [2024-04-04 12:41:02.002][7342][info][main] [external/envoy/source/server/server.cc:330] initializing epoch 0 (base id=0, hot restart version=11.104) [2024-04-04 12:41:02.005][7342][info][main] [external/envoy/source/server/server.cc:332] statically linked extensions: [2024-04-04 12:41:02.006][7342][info][main] [external/envoy/source/server/server.cc:334] envoy.thrift_proxy.filters: envoy.filters.thrift.rate_limit, envoy.filters.thrift.router [2024-04-04 12:41:02.006][7342][info][main] [external/envoy/source/server/server.cc:334] envoy.access_loggers: envoy.access_loggers.file, envoy.access_loggers.http_grpc, envoy.access_loggers.open_telemetry, envoy.access_loggers.stderr, envoy.access_loggers.stdout, envoy.access_loggers.tcp_grpc, envoy.access_loggers.wasm, envoy.file_access_log, envoy.http_grpc_access_log, envoy.open_telemetry_access_log, envoy.stderr_access_log, envoy.stdout_access_log, envoy.tcp_grpc_access_log, envoy.wasm_access_log ...................................................
After successful start, you can check if envoy proxy running on localhost port 10000 by using curl -v localhost:10000 command as shown below. If you are getting http response code as 200 then it is working as expected.
cyberithub@ubuntu:~$ curl -v localhost:10000 * Trying 127.0.0.1:10000... * Connected to localhost (127.0.0.1) port 10000 (#0) > GET / HTTP/1.1 > Host: localhost:10000 > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK
You can press Ctrl+c to exit the running web server.
Step 9: Check all available options
You can check all options available with envoy command using envoy --help command.
cyberithub@ubuntu:~$ envoy --help
Step 10: Uninstall envoy
To remove envoy from your ubuntu system, run sudo apt remove getenvoy-envoy command as shown below. To remove all the dependencies along with envoy package add --auto-remove option with below command.
cyberithub@ubuntu:~$ sudo apt remove getenvoy-envoy Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be REMOVED: getenvoy-envoy 0 upgraded, 0 newly installed, 1 to remove and 21 not upgraded. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y (Reading database ... 245224 files and directories currently installed.) Removing getenvoy-envoy (1.18.2.p0.gd362e79-1p75.g76c310e) ...
If you are looking to remove envoy package and its dependencies along with all the related configuration files, run sudo apt purge getenvoy-envoy --auto-remove command.
cyberithub@ubuntu:~$ sudo apt purge getenvoy-envoy --auto-remove