https://github.com/ferencsarai/envoy-auth
This project provides an external authorization service using Envoy Proxy
https://github.com/ferencsarai/envoy-auth
docker docker-compose envoy-proxy ruby
Last synced: 6 months ago
JSON representation
This project provides an external authorization service using Envoy Proxy
- Host: GitHub
- URL: https://github.com/ferencsarai/envoy-auth
- Owner: ferencsarai
- License: mit
- Created: 2024-08-09T15:01:45.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-09-16T14:55:40.000Z (10 months ago)
- Last Synced: 2025-09-16T15:50:38.438Z (10 months ago)
- Topics: docker, docker-compose, envoy-proxy, ruby
- Language: Ruby
- Homepage:
- Size: 48.8 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Agents: AGENTS.md
Awesome Lists containing this project
README
# Envoy External Authorization
[](https://github.com/ferencsarai/envoy-auth/actions/workflows/ci.yml)
  
This repository demonstrates how to use [Envoy proxy](https://www.envoyproxy.io/) with an external authorization service.
## Install, build and run
To install the project, follow these steps:
1. Clone the repository:
```bash
git clone https://github.com/ferencsarai/envoy-auth
```
2. Change into the project directory:
```bash
cd envoy-auth
```
3. Build the project using Docker Compose:
```bash
docker-compose build
```
4. To run the project, use the following command:
```bash
docker-compose up
```
## Usage
Once the project is running, you can send requests to `http://localhost:8000` with the `User-Agent: Chrome` header to get a successful response. Requests with any other `User-Agent` header will result in a `403` status code.
- **Not allowed (403)**:
```bash
curl -v -A "sfjs" http://localhost:8000
```
- **Allowed (200)** - this will return a response from the echo service [http-echo](https://hub.docker.com/r/solsson/http-echo):
```bash
curl -v -A "Chrome" http://localhost:8000
```
## How it works

The project utilizes three containers from the docker-compose [file](docker-compose.yaml).
1. [Envoy proxy](docker/envoy-proxy/Dockerfile) ([config](docker/envoy-proxy/envoy.yaml))
2. [External authorization service](docker/auth-service/Dockerfile) ([Ruby script](docker/auth-service/auth-service.rb))
3. [Service (http-echo)](docker/web-echo/Dockerfile)
## Request flow
1. The client sends a request to Envoy proxy.
2. Envoy proxy forwards the request to the external authorization service.
3. The external authorization service checks the `User-Agent` header.
- If the `User-Agent` contains `Chrome`, it returns `200`.
- If the `User-Agent` does not contain `Chrome`, it returns `403`.
4. Envoy proxy forwards the request to the service if `200` is returned. Otherwise, it returns `403` to the client without forwarding the request to the service.
## Configuration
Envoy proxy configuration: [envoy.yaml](docker/envoy-proxy/envoy.yaml)
## Contributing
See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. Please also review our [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) and [CODEOWNERS](CODEOWNERS).
## License
This project is licensed under the terms of the [MIT License](LICENSE).