From be34df6324b897babde06921bb5b59a12d72a5f1 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Fri, 2 Jan 2026 14:12:22 -0600
Subject: [PATCH] envoy config tweaks

---
 envoy.yaml | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/envoy.yaml b/envoy.yaml
index 634cc93..3ae1416 100644
--- a/envoy.yaml
+++ b/envoy.yaml
@@ -6,6 +6,8 @@ static_resources:
         address: 0.0.0.0
         port_value: 10000
     filter_chains:
+    - filter_chain_match:
+        server_names: ["*.john-stream.com"]
     - transport_socket:
         name: envoy.transport_sockets.tls
         typed_config:
@@ -15,32 +17,37 @@ static_resources:
             tls_params:
               tls_minimum_protocol_version: TLSv1_3
             validation_context:
-              trusted_ca:
-                filename: /certs/root_ca.crt
+              trusted_ca: { filename: /certs/root_ca.crt }
               match_typed_subject_alt_names:
               - san_type: URI
                 matcher:
                   prefix: spiffe://john-stream.com
             tls_certificates:
-            - certificate_chain:
-                filename: /certs/cert.pem
-              private_key:
-                filename: /certs/envoy.pem
+            - certificate_chain: { filename: /certs/cert.pem }
+              private_key: { filename: /certs/envoy.pem }
       filters:
       - name: envoy.filters.network.http_connection_manager
         typed_config:
           "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
           stat_prefix: ingress_http
+          use_remote_address: true
+          http2_protocol_options:
+            max_concurrent_streams: 100
+          access_log:
+          - name: envoy.access_loggers.file
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+              path: "/var/log/envoy/access.log"
           route_config:
             name: local_route
             virtual_hosts:
             - name: local_service
-              domains: ["*"]
+              domains: ["*.john-stream.com"]
               routes:
               - match:
                   prefix: "/"
                 route:
-                  cluster: rest_server
+                  cluster: restic
           http_filters:
           - name: envoy.filters.http.rbac
             typed_config:
@@ -64,16 +71,17 @@ static_resources:
             typed_config:
               "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
   clusters:
-  - name: rest_server
+  - name: restic
     connect_timeout: 0.25s
     type: STRICT_DNS
     lb_policy: ROUND_ROBIN
     load_assignment:
-      cluster_name: rest_server
+      cluster_name: restic
       endpoints:
       - lb_endpoints:
         - endpoint:
             address:
               socket_address:
+                # Change this depending on the docker compose service name
                 address: rest-server
                 port_value: 8000