How to Install and Configure Envoy Proxy on Debian 11

Envoy proxy is a free and open-source service proxy designed for cloud-native applications. It's comparable to Nginx and haproxy which can be used as a reverse proxy, but Envoy proxy is designed for modern services and infrastructure.

Envoy is a high-performance service proxy that works with any application language. It uses YAML configuration files for static configuration and also uses a set of gRPC-based APIs.

Envoy proxy graduated from the Cloud Native Computing Foundation (CNCF). It is used in most modern infrastructure and container technology.

In this tutorial, we will show you how to install and configure the Envoy proxy on the Debian 11 server.


For the Envoy installation, we will be using the following:

  • A Linux server Debian 11 Bullseye
  • A non-root user with the sudo privileges

Adding Envoy Repository

Envoy can be installed in many ways, including with the binary packages provided by the Envoy repository or using Docker. In this example, we will install Envoy using the binary package from the Envoy repository.

Before adding and installing Envoy, you must install the following package. The gnupg2 will be used to add the GPG key to your Debian server, and the apt-transport-https allow you to install packages from the secure https connection.

sudo apt install gnupg2 apt-transport-https -y

Next, add and verify the Envoy GPG key using the following command.

curl -sL '' | sudo gpg --dearmor -o /usr/share/keyrings/getenvoy-keyring.gpg
echo a077cb587a1b622e03aa4bf2f3689de14658a9497a9af2c427bba5f4cc3c4723 /usr/share/keyrings/getenvoy-keyring.gpg | sha256sum --check

If the key is valid, you will see the output message such as OK.

add envoy proxy gpg key

Now add the Envoy repository to your system using the below command.

echo "deb [arch=amd64 \
signed-by=/usr/share/keyrings/getenvoy-keyring.gpg] \ \
$(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/getenvoy.list

Lastly, update and refresh your Debian repository.

sudo apt update

In the below screenshot you will see the Envoy repository is added to the Debian system.

add envoy repository

Installing Envoy Proxy

You have now added the Envoy GPG key and repository, now you will be installing the Envoy package to your system.

Run the apt command below to install the Envoy package to your Debian 11 system.

sudo apt install getenvoy-envoy

Below you can see the Envoy installation in the process.

installing envoy proxy

After Envoy installation is completed, verify the Envoy version using the following command.

envoy --version

Below you can see the Envoy v1.18 installed on the Debian 11. This is the latest version of the Envoy proxy provided by the Envoy repository. If you want to get the latest version, you can use a pre-built binary file from the Envoy website.

checking envoy version

Additionally, you can also check all available options on the envoy command using the following command.

envoy --help

You will see a lot of options that you can use for setting up Envoy.

Configuring Envoy Proxy

After installing Envoy, you will now learn how to set up Envoy.

First, create a new directory /etc/envoy/ using the following command.

mkdir -p /etc/envoy/

Now create a new file /etc/envoy/demo.yaml using nano editor.

sudo nano /etc/envoy/demo.yaml

Add the following configuration to the file. In this example, you will be using the static_resources configuration for Envoy, which must include the listeners, clusters, and static_resources.

The listeners determine which IP address and port will be used for Envoy. In this example, Envoy will be running on public IP address with port 80.

The cluster service_envoyproxy_io here will be used as the endpoint of the service, which is the domain name


  - name: listener_0
        port_value: 80
    - filters:
      - name:
          stat_prefix: ingress_http
          - name: envoy.access_loggers.stdout
          - name: envoy.filters.http.router
            name: local_route
            - name: local_service
              domains: ["*"]
              - match:
                  prefix: "/"
                  cluster: service_envoyproxy_io

  - name: service_envoyproxy_io
    type: LOGICAL_DNS
    connect_timeout: 5s
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
      cluster_name: service_envoyproxy_io
      - lb_endpoints:
        - endpoint:
                port_value: 443
      name: envoy.transport_sockets.tls

Save and close the file when you are done.

Next, run the envoy command below to verify the configuration file demo.yaml.

envoy --mode validate -c /etc/envoy/demo.yaml

If your YAML configuration is correct, you will see the output such as "configuration /etc/envoy/demo.yaml OK".

verifying envoy configuration

Now run Envoy with the configuration file demo.yml using the following command.

envoy -c /etc/envoy/demo.yaml

You will see the log output below. Also, be sure you don't get error messages.

running envoy proxy

Now move to your local machine and edit the configuration file /etc/hosts using nano editor.

sudo nano /etc/hosts

Add the domain name with your server IP address as below.

Save and close the file when you are done.

Lastly, open your web browser and visit the domain name and you should get the homepage of the domain name

envoy proxy


Congratulation! you have now successfully installed Envoy on the Debian 11 server. You have also learned how to set up Envoy using the YAML configuration for proxying the website

Share this page:

1 Comment(s)