使用sub_filter从nginx迁移到istio

想知道是否可以将这样的Nginx配置迁移到istio。

关于如何在公共负载平衡器上公开AWS的vpc elasticsearch的令人不安的问题陈述。使用Cognito端点保护aws-es实例。虽然我可以使用cognito重定向工作，但它会构建一个重定向网址，如

https:/mydomain.auth.us-east-1.amazoncognito.com/login?response_type=code&client_id=6rn9ch5reoehhle1gmfgv238k0&redirect_uri=https://vpc-mykibana-111xxx.us-east1.es.amazonaws.com/_plugin/kibana/app/kibana&state=7781cfab-838b-4473-9b7f-3ba2b3238528。此重定向网址无法在cognito中进行配置，并且可能是开箱即用的。

来自指南https://aws.amazon.com/premiumsupport/knowledge-center/kibana-outside-vpc-nginx-elasticsearch/。

server {
    listen 443;
    server_name $host;

    location ^~ /_plugin/kibana {
        # Forward requests to Kibana -> done using route
        proxy_pass https://vpc-mykibana-111xxx.us-east1.es.amazonaws.com/_plugin/kibana;

        # Handle redirects to Amazon Cognito -> seems working out of box
        proxy_redirect https://mydomain.auth.us-east-1.amazoncognito.com https://$host;

        # Update cookie domain and path
        proxy_cookie_domain vpc-mykibana-111xxx.us-east1.es.amazonaws.com $host;

        proxy_set_header Accept-Encoding "";
        sub_filter_types *;
        sub_filter vpc-mykibana-111xxx.us-east1.es.amazonaws.com $host;  <- main reason why the redirects are not correct for us
        sub_filter_once off;

        # Response buffer settings <- not important
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
    }

    location ~ \/(log|sign|error|fav|forgot|change|confirm) {
        # Forward requests to Cognito
        proxy_pass https://mydomain.auth.us-east-1.amazoncognito.com;

        # Handle redirects to Kibana
        proxy_redirect https://vpc-mykibana-111xxx.us-east1.es.amazonaws.com https://$host;

        # Handle redirects to Amazon Cognito
        proxy_redirect https://mydomain.auth.us-east-1.amazoncognito.com https://$host;

        # Update cookie domain
        proxy_cookie_domain mydomain.auth.us-east-1.amazoncognito.com $host;
    }
}
尝试过简单的虚拟服务，但不知道下一步如何操作

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: siem-route
  namespace: siem
spec:
  hosts:
    - siem.jupiter.money
  gateways:
    - istio-system/http-gateway
  http:
    - match:
      - uri:
          match: /_plugin/kibana
      route:
        - destination:
            host: vpc-mykibana-111xxx.us-east1.es.amazonaws.com

想知道是否可以将这样的Nginx配置迁移到istio。关于如何在公共负载均衡器上公开AWS的vpc elasticsearch的永不解决的问题声明。 aws-es实例受保护...