HTTP connection manager

    (required, string) Supplies the type of codec that the connection manager should use. Possible values are:

    • http1

      The connection manager will assume that the client is speaking HTTP/1.1.

      http2

      The connection manager will assume that the client is speaking HTTP/2 (Envoy does not require HTTP/2 to take place over TLS or to use ALPN. Prior knowledge is allowed).

      auto

      For every new connection, the connection manager will determine which codec to use. This mode supports both ALPN for TLS listeners as well as protocol inference for plaintext listeners. If ALPN data is available, it is preferred, otherwise protocol inference is used. In almost all cases, this is the right option to choose for this setting.

    stat_prefix

    (required, string) The human readable prefix to use when emitting statistics for the connection manager. See the documentation for more information.

    rds

    (sometimes required, object) The connection manager configuration must specify one of rds or route_config. If rds is specified, the connection manager’s route table will be dynamically loaded via the RDS API. See the for more information.

    route_config

    (sometimes required, object) The connection manager configuration must specify one of rds or route_config. If route_config is specified, the for the connection manager is static and is specified in this property.

    filters

    (required, array) A list of individual that make up the filter chain for requests made to the connection manager. Order matters as the filters are processed sequentially as request events happen.

    add_user_agent

    (optional, boolean) Whether the connection manager manipulates the user-agent and headers. See the linked documentation for more information. Defaults to false.

    tracing

    (optional, object) Presence of the object defines whether the connection manager emits data to the configured tracing provider.

    http1_settings

    • allow_absolute_url

      (optional, boolean) Handle http requests with absolute urls in the requests. These requests are generally sent by clients to forward/explicit proxies. This allows clients to configure envoy as their http proxy. In Unix, for example, this is typically done by setting the http_proxy environment variable.

    http2_settings

    (optional, object) Additional HTTP/2 settings that are passed directly to the HTTP/2 codec. Currently supported settings are:

    • hpack_table_size

      (optional, integer) (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header compression.

      max_concurrent_streams

      (optional, integer) Maximum concurrent streams allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1) and defaults to 2147483647.

    server_name

    (optional, string) An optional override that the connection manager will write to the header in responses. If not set, the default is envoy.

    idle_timeout_s

    (optional, integer) The idle timeout in seconds for connections managed by the connection manager. The idle timeout is defined as the period in which there are no active requests. If not set, there is no idle timeout. When the idle timeout is reached the connection will be closed. If the connection is an HTTP/2 connection a drain sequence will occur prior to closing the connection. See drain_timeout_ms.

    drain_timeout_ms

    (optional, array) Configuration for HTTP access logs emitted by the connection manager.

    use_remote_address

    (optional, boolean) If set to true, the connection manager will use the real remote address of the client connection when determining internal versus external origin and manipulating various headers. If set to false or absent, the connection manager will use the HTTP header. See the documentation for x-forwarded-for, , and x-envoy-external-address for more information.

    forward_client_cert

    (optional, string) How to handle the (XFCC) HTTP header. Possible values are:

    1. forward_only: When the client connection is mTLS (Mutual TLS), forward the XFCC header in the request.
    2. always_forward_only: Always forward the XFCC header in the request, regardless of whether the client connection is mTLS.
    3. append_forward: When the client connection is mTLS, append the client certificate information to the request’s XFCC header and forward it.

    For the format of the XFCC header, please refer to x-forwarded-client-cert.

    set_current_client_cert_details

    (optional, array) A list of strings, possible values are Subject and SAN. This field is valid only when forward_client_cert is append_forward or sanitize_set and the client connection is mTLS. It specifies the fields in the client certificate to be forwarded. Note that in the header, Hash is always set, and By is always set when the client certificate presents the SAN value.

    generate_request_id

    (optional, boolean) Whether the connection manager will generate the x-request-id header if it does not exist. This defaults to true. Generating a random UUID4 is expensive so in high throughput scenarios where this feature is not desired it can be disabled.

    operation_name

    (required, string) Span name will be derived from operation_name. “ingress” and “egress” are the only supported values.

    request_headers_for_tags

    (optional, array) A list of header names used to create tags for the active span. The header name is used to populate the tag name, and the header value is used to populate the tag value. The tag is created if the specified header name is present in the request’s headers.

    Filters

    HTTP filter architecture overview.

    name

    (required, string) The name of the filter to instantiate. The name must match a .

    config

    (required, object) Filter specific configuration which depends on the filter being instantiated. See the supported filters for further documentation.