Skip to content

Latest commit

 

History

History
214 lines (178 loc) · 8.87 KB

bfe.conf.md

File metadata and controls

214 lines (178 loc) · 8.87 KB

Introduction

bfe.conf is the core configuration file of BFE.

Configuration

Server basic config

Config Item Description
Basic.HttpPort Integer
Listen port for HTTP
Default 8080
Basic.HttpsPort Integer
Listen port for HTTPS
Default 8443
Basic.MonitorPort Integer
Listen port for monitor
Default 8421
Basic.MaxCpus Integer
Max number of CPUs to use (0 to use all CPUs)
Default 0
Basic.Layer4LoadBalancer String
Type of layer-4 load balancer (PROXY/BGW/NONE)
Default NONE
Basic.TlsHandshakeTimeout Integer
TLS handshake timeout, in seconds
Default 30
Basic.ClientReadTimeout Integer
Read timeout of communicating with http client, in seconds
Default 60
Basic.ClientWriteTimeout Integer
Write timeout of communicating with http client, in seconds
Default 60
Basic.KeepAliveEnabled Boolean
If false, HTTP Keep-Alive is disabled
Default True
Basic.GracefulShutdownTimeout Integer
Timeout for graceful shutdown (maximum 300 sec)
Default 10
Basic.MaxHeaderBytes Integer
Max length of request header, in bytes
Default 10485
Basic.MaxHeaderUriBytes Integer
Max lenght of request URI, in bytes
Default 8192
Basic.HostRuleConf String
Path of host config
Default server_data_conf/host_rule.data
Basic.VipRuleConf String
Path of VIP config
Default server_data_conf/vip_rule.data
Basic.RouteRuleConf String
Path of route rule config
Default server_data_conf/route_rule.data
Basic.ClusterConf String
Path of cluster config
Default server_data_conf/cluster_conf.data
Basic.ClusterTableConf String
Path of cluster table config
Default cluster_conf/cluster_table.data
Basic.GslbConf String
Path of gslb config
Default cluster_conf/gslb.data
Basic.NameConf String
Path of naming config
Default server_data_conf/name_conf.data
Basic.Modules String
Enabled modules
Default ""
Basic.MonitorInterval Integer
Interval for get diff of proxy-state
Default 20
Basic.DebugServHttp Boolean
Debug flag for ServerHttp
Default False
Basic.DebugBfeRoute Boolean
Debug flag for BfeRoute
Default False
Basic.DebugBal Boolean
Debug flag for Bal
Default False
Basic.DebugHealthCheck Boolean
Debug flag for HealthCheck
Default False

TLS basic config

Config Item Description
HttpsBasic.ServerCertConf String
Path of cert config
Default tls_conf/server_cert_conf.data
HttpsBasic.TlsRuleConf String
Path of tls rule config
Default tls_conf/tls_rule_conf.data
HttpsBasic.CipherSuites String
CipherSuites preference settings
Default
HttpsBasic.CurvePreferences String
Curve perference settings
Default CurveP256
HttpsBasic.EnableSslv2ClientHello Boolean
Enable Sslv2ClientHello for compatible with ancient sslv3 client
Default True
HttpsBasic.ClientCABaseDir String
Base directory of client ca certificates
Note: filename suffix of ca certificate must be ".crt"
Default tls_conf/client_ca
SessioCache.SessionCacheDisabled Boolean
Disable tls session cache or not
Default True
SessioCache.Servers String
Address of cache server
Default ""
SessioCache.KeyPrefix String
Prefix for cache key
Default bfe
SessioCache.ConnectTimeout Integer
Connection timeout (ms)
Default 50
SessioCache.ReadTimeout Integer
Read timeout of connection with redis server (ms)
Default 50
SessioCache.WriteTimeout Integer
Write timeout of connection with redis server (ms)
Default 50
SessioCache.MaxIdle Integer
Max idle connections in connection pool
Default 20
SessioCache.SessionExpire Integer
Expire time for tls session state (second)
Default 3600
SessionTicket.SessionTicketsDisabled Boolean
Disable tls session ticket or not
Default True
SessionTicket.SessionTicketKeyFile String
File path of session ticket key
Default tls_conf/session_ticket_key.data

Example

[Server]
# listen port for http request
HttpPort = 8080
# listen port for https request
HttpsPort = 8443
# listen port for monitor request
MonitorPort = 8421

# max number of CPUs to use (0 to use all CPUs)
MaxCpus = 0

# type of layer-4 load balancer (PROXY/BGW/NONE)
# 
# Note:
# - PROXY: layer-4 balancer talking the proxy protocol
#          eg. F5 BigIP/Citrix ADC 
# - BGW: Baidu GateWay
# - NONE: layer-4 balancer disabled 
Layer4LoadBalancer = ""

# tls handshake timeout, in seconds
TlsHandshakeTimeout = 30

# read timeout, in seconds
ClientReadTimeout = 60

# write timeout, in seconds
ClientWriteTimeout = 60

# if false, client connection is shutdown disregard of http headers
KeepAliveEnabled = true

# timeout for graceful shutdown (maximum 300 sec)
GracefulShutdownTimeout = 10

# max header length in bytes in request
MaxHeaderBytes = 1048576

# max URI(in header) length in bytes in request
MaxHeaderUriBytes = 8192

# routing related confs
HostRuleConf = server_data_conf/host_rule.data
VipRuleConf = server_data_conf/vip_rule.data
RouteRuleConf = server_data_conf/route_rule.data
ClusterConf = server_data_conf/cluster_conf.data
NameConf = server_data_conf/name_conf.data

# load balancing related confs 
ClusterTableConf = cluster_conf/cluster_table.data
GslbConf = cluster_conf/gslb.data

Modules = mod_trust_clientip
Modules = mod_block
Modules = mod_header
Modules = mod_rewrite
Modules = mod_redirect
Modules = mod_logid

# interval for get diff of proxy-state
MonitorInterval = 20

DebugServHttp = false
DebugBfeRoute = false
DebugBal = false
DebugHealthCheck = false

[HttpsBasic]
# cert conf for https
ServerCertConf = tls_conf/server_cert_conf.data

# tls rule for https
TlsRuleConf = tls_conf/tls_rule_conf.data

# supported cipherSuites preference settings
#
# ciphersuites implemented in golang
#     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#     TLS_ECDHE_RSA_WITH_RC4_128_SHA
#     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#     TLS_RSA_WITH_RC4_128_SHA
#     TLS_RSA_WITH_AES_128_CBC_SHA
#     TLS_RSA_WITH_AES_256_CBC_SHA
#     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#     TLS_RSA_WITH_3DES_EDE_CBC_SHA
#
# Note:
# -. Equivalent cipher suites (cipher suites with same priority in server side):
#    CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
#    CipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
CipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA
CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
CipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
CipherSuites=TLS_RSA_WITH_RC4_128_SHA
CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA

# supported curve perference settings
#
# curves implemented in golang: 
#     CurveP256 
#     CurveP384 
#     CurveP521
#
# Note:
# - Do not use CurveP384/CurveP521 which is with poor performance
#
CurvePreferences=CurveP256

# support Sslv2 ClientHello for compatible with ancient 
# TLS capable clients (mozilla 5, java 5/6, openssl 0.9.8 etc)
EnableSslv2ClientHello = true

# client ca certificates base directory
# Note: filename suffix for ca certificate file should be ".crt", eg. example_ca_bundle.crt
ClientCABaseDir = tls_conf/client_ca

[SessionCache]
# disable tls session cache or not
SessionCacheDisabled = true

# tcp address of redis server
Servers = "example.redis.cluster"

# prefix for cache key
KeyPrefix = "bfe"

# connection params (ms)
ConnectTimeout = 50
ReadTimeout = 50
WriteTimeout = 50

# max idle connections in connection pool
MaxIdle = 20

# expire time for tls session state (second)
SessionExpire = 3600

[SessionTicket]
# disable tls session ticket or not
SessionTicketsDisabled = true
# session ticket key
SessionTicketKeyFile = tls_conf/session_ticket_key.data