How To Install Envoy Proxy on Ubuntu / Debian

Estimated reading: 7 minutes 30 views

Envoy Proxy is a high-performance proxy server with a small memory footprint enabling it to run on embedded devices such as routers, firewalls, and load balancers. Originally developed for the Citrix NetScaler application delivery controller, Envoy Proxy is now used by a number of major web properties and applications.

Do you want to learn how to install the envoy proxy on Ubuntu? Envoy is a great proxy for improving the performance of your website. It can help reduce latency and improve caching. Plus, it’s really easy to set up!

Prerequisites

In order to install Envoy Proxy, you will need to have:

  • A server running Ubuntu . This installation process should work on any recent Ubuntu version, however, if using anything other than Ubuntu 20.04, you may need to make some small changes.
  • Root access or sudo privileges. You can learn how to set up sudo users here.
  • It is recommended that you have at least 2GB of RAM available, however, memory requirements may vary depending on the number and type of sites you want to proxy.

Updating Your Server

Once you have a server setup and a sudo user account, the first thing you need to do is update your system.

To check which packages are out of date on your system, you can use the following command:

apt update && apt upgrade -y

You will see a list of packages that will be updated. Enter your sudo password when prompted. Leave this terminal open as we will be using it frequently during this installation.

Once the update is complete, use the following command to install the required dependencies.

You will install the following dependencies:

  • software-properties-common: This will allow you to add the official Envoy repository.
  • curl: curl is used to download the official Envoy Proxy.
  • ca-certificates: This is needed to ensure that your system is secure during the download process.
  • apt-transport-https: This allows you to download components via the HTTPS protocol, which is more secure than HTTP.
  • gnupg2: gnupg2 is needed to ensure that your system can properly verify the Envoy Proxy GPG key. This provides you with a way to ensure that the key you are using is legitimate.

Run this command:

apt -y install software-properties-common curl ca-certificates apt-transport-https lsb-release gnupg2
apt install apt-transport-https gnupg2 curl lsb-release

When you have finished updating and installing the dependencies, reboot your server with the following command to ensure all new changes take effect.

reboot

Installing Envoy Proxy

Now that your system is up to date and you have all of your dependencies installed, you can install Envoy Proxy.

Run the following command to add the GPG key to your APT keychain. This will allow you to verify the legitimacy of third-party repositories.

curl -sL 'https://deb.dl.getenvoy.io/public/gpg.8115BA8E629CC074.key' | gpg --dearmor -o /usr/share/keyrings/getenvoy-keyring.gpg

A GPG key is a public key that is used to verify the legitimacy of a software repository. It is important to ensure that you are using a legitimate GPG key, as illegitimate keys could potentially introduce malware into your system. The Envoy Proxy GPG key can be verified by using the following command.

echo a077cb587a1b622e03aa4bf2f3689de14658a9497a9af2c427bba5f4cc3c4723 /usr/share/keyrings/getenvoy-keyring.gpg | sha256sum --check

You will get an OK response if the GPG key is valid.

Once you have verified the key, add the repository Envoy Proxy to your system by running the following command.

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/getenvoy-keyring.gpg] https://deb.dl.getenvoy.io/public/deb/ubuntu $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/getenvoy.list

Once you have added the GPG key and authorized the Envoy Proxy repository, run an update for your package manager by using the following command. You’ve just installed a new piece of software on your Ubuntu system, but when you try to run it, you get an error message telling you that the software is not compatible with your version of Ubuntu. The problem is that the software was designed to work with a newer version of Ubuntu than the one you are using. The solution is to update your APT package manager so that it can install software from newer versions of Ubuntu.

apt update -y

Run the apt-cache policy command to list the current Apt package manager policy.

apt-cache policy

You will see the getenvoy.io list entry in the output. This indicates that Envoy Proxy is available to install.

Finally, install Envoy Proxy with the following command:

apt install getenvoy-envoy -y

Once the installation has completed, run sudo reboot to ensure that the proxy server has been started and is running properly.

reboot

Configure Envoy Proxy

Now that you have set up your Envoy Proxy server, let’s check to see whether it is running properly.

To check the version of Envoy Proxy that you are running, run the following command.

envoy --version

Envoy should return information about the latest version of Envoy Proxy. In this demo, the latest version is 1.18.2. Your version number may differ slightly.

Run the command to see a list of the available options.

envoy --help

The Envoy proxy server has many features that you can use. You can learn more about all the Envoy proxy available options on its official page. For example:

  • –enable-core-dump: This is used to enable core dumps for debugging proxy crashes
  • –log-format-escaped: This is used to format the proxy logs as escaped C-style JSON.

After installing Envoy, you will now learn how to set up Envoy.

First, create a new directory  /etc/envoy/  with the following command.

mkdir -p /etc/envoy/

Now create a new file  /etc/envoy/demo.yaml using the nano  editor  .

nano /etc/envoy/demo.yaml

Add the following configuration to the file. In this example, you will use the  static_resources configuration  for Envoy, which must include  listenerscluster  , and  static_resources .

The listener determines which IP address and port will be used for Envoy. In this example, Envoy will run on public IP address 0.0.0.0 with port 80.

The service_envoyproxy_io cluster here will be used as the service endpoint, which is the domain name www.envoyproxy.io.

static_resources:

  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 80
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite_literal: www.envoyproxy.io
                  cluster: service_envoyproxy_io

  clusters:
  - name: service_envoyproxy_io
    type: LOGICAL_DNS
    connect_timeout: 5s
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_envoyproxy_io
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: www.envoyproxy.io
                port_value: 443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        sni: www.envoyproxy.io

Save and close the file when you’re done.

Next, run the envoy command below to verify the demo.yaml configuration file.

envoy --mode validate -c /etc/envoy/demo.yaml

If your YAML configuration is correct, you should see output like \configuration /etc/envoy/demo.yaml OK\.

Now run Envoy with the demo.yml configuration file using the following command.

envoy -c /etc/envoy/demo.yaml

You will see the log output below. Also, make sure you don’t receive an error message.

Now move to your local machine and edit the /etc/hosts configuration file using nano editor.

nano /etc/hosts

Add the domain name www.envoyproxy.io with your server IP address as below.

Your_IP www.envoyproxy.io

Save and close the file when you’re done.

Conclusion

In this guide, you’ve learned how to install Envoy Proxy on your Ubuntu 22.04 server. You can now use it to proxy requests from your HTTP server.

For more information about Envoy Proxy, you can check out its official documentation.