Configuring Envoy as an edge proxy

TCP proxies should configure:

• restrict access to the admin endpoint,

• overload_manager,

• to 32 KiB.

HTTP proxies should additionally configure:

• use_remote_address to true (to avoid consuming HTTP headers from external clients, see for details),

• HTTP/2 maximum concurrent streams limit to 100,

• to 64 KiB,

The following is a YAML example of the above recommendation.