Envoy Docker Compose for Apple Network Relay

envoy-docker-compose.yaml

# Docker compose stack to support Envoy testing
# A detailed write-up about Network Relay on Apple platforms is here:
# https://jedda.me/beneath-the-masque-network-relay-on-apple-platforms

version: '3'
services:
  envoy:
    restart: always
    image: envoyproxy/envoy:v1.34-latest
    container_name: "envoy"
    ports:
      - "443:443"
      - "443:443/udp" # ensure that you also forward UDP if using QUIC/HTTP/3
      - "9901:9901" # dont expose this to the internet - it's there for stats collection in the config
    volumes:
      - /docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro # config file
      - /docker/envoy/ssl/cert.pem:/etc/envoy/ssl/cert.pem:ro # server cert
      - /docker/envoy/ssl/key.pem:/etc/envoy/ssl/key.pem:ro # server key
      - /docker/envoy/ssl/root.pem:/etc/envoy/ssl/root.pem:ro # shared root
      - /docker/envoy/ssl/devices_ca.pem:/etc/envoy/ssl/devices_ca.pem:ro # client intermediate for validation
      - /docker/envoy/logs:/var/log/envoy # folder for access logs
    # command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "--log-level", "trace"] # uncomment to enable trace for debugging