Core Configuration
Introduction
bfe.conf is the core configuration file of BFE.
Configuration
Server basic config
| Config Item | Description |
|---|---|
| Basic.HttpPort | Integer Listen port for HTTP Default 8080 |
| Basic.HttpsPort | Integer Listen port for HTTPS Default 8443 |
| Basic.MonitorPort | Integer Listen port for monitor Default 8421 |
| Basic.MonitorEnabled | Boolean If false, monitor server is disabled Default True |
| Basic.MaxCpus | Integer Max number of CPUs to use (0 to use all CPUs) Default 0 |
| Basic.Layer4LoadBalancer | String Type of layer-4 load balancer (PROXY/NONE) Default NONE |
| Basic.TlsHandshakeTimeout | Integer TLS handshake timeout, in seconds Default 30 |
| Basic.ClientReadTimeout | Integer Read timeout of communicating with http client, in seconds Default 60 |
| Basic.ClientWriteTimeout | Integer Write timeout of communicating with http client, in seconds Default 60 |
| Basic.KeepAliveEnabled | Boolean If false, HTTP Keep-Alive is disabled Default True |
| Basic.GracefulShutdownTimeout | Integer Timeout for graceful shutdown (maximum 300 sec) Default 10 |
| Basic.MaxHeaderBytes | Integer Max length of request header, in bytes Default 10485 |
| Basic.MaxHeaderUriBytes | Integer Max lenght of request URI, in bytes Default 8192 |
| Basic.HostRuleConf | String Path of host config Default server_data_conf/host_rule.data |
| Basic.VipRuleConf | String Path of VIP config Default server_data_conf/vip_rule.data |
| Basic.RouteRuleConf | String Path of route rule config Default server_data_conf/route_rule.data |
| Basic.ClusterConf | String Path of cluster config Default server_data_conf/cluster_conf.data |
| Basic.GslbConf | String Path of subcluster balancing config Default cluster_conf/gslb.data |
| Basic.ClusterTableConf | String Path of instance balancing config Default cluster_conf/cluster_table.data |
| Basic.NameConf | String Path of naming config Default server_data_conf/name_conf.data |
| Basic.Modules | String Enabled modules Default "" |
| Basic.MonitorInterval | Integer Interval for get diff of proxy-state Default 20 |
| Basic.DebugServHttp | Boolean Debug flag for ServerHttp Default False |
| Basic.DebugBfeRoute | Boolean Debug flag for BfeRoute Default False |
| Basic.DebugBal | Boolean Debug flag for Bal Default False |
| Basic.DebugHealthCheck | Boolean Debug flag for HealthCheck Default False |
TLS basic config
| Config Item | Description |
|---|---|
| HttpsBasic.ServerCertConf | String Path of cert config Default tls_conf/server_cert_conf.data |
| HttpsBasic.TlsRuleConf | String Path of tls rule config Default tls_conf/tls_rule_conf.data |
| HttpsBasic.CipherSuites | String CipherSuites preference settings Default |
| HttpsBasic.CurvePreferences | String Curve perference settings Default CurveP256 |
| HttpsBasic.EnableSslv2ClientHello | Boolean Enable Sslv2ClientHello for compatible with ancient sslv3 client Default True |
| HttpsBasic.ClientCABaseDir | String Base directory of client ca certificates Note: filename suffix of ca certificate must be ".crt" Default tls_conf/client_ca |
| SessioCache.SessionCacheDisabled | Boolean Disable tls session cache or not Default True |
| SessioCache.Servers | String Address of cache server Default "" |
| SessioCache.KeyPrefix | String Prefix for cache key Default bfe |
| SessioCache.ConnectTimeout | Integer Connection timeout (ms) Default 50 |
| SessioCache.ReadTimeout | Integer Read timeout of connection with redis server (ms) Default 50 |
| SessioCache.WriteTimeout | Integer Write timeout of connection with redis server (ms) Default 50 |
| SessioCache.MaxIdle | Integer Max idle connections in connection pool Default 20 |
| SessioCache.SessionExpire | Integer Expire time for tls session state (second) Default 3600 |
| SessionTicket.SessionTicketsDisabled | Boolean Disable tls session ticket or not Default True |
| SessionTicket.SessionTicketKeyFile | String Path of session ticket key config Default tls_conf/session_ticket_key.data |
Example
[Server]
# listen port for http request
HttpPort = 8080
# listen port for https request
HttpsPort = 8443
# listen port for monitor request
MonitorPort = 8421
# max number of CPUs to use (0 to use all CPUs)
MaxCpus = 0
# type of layer-4 load balancer (PROXY/NONE)
#
# Note:
# - PROXY: layer-4 balancer talking the proxy protocol
# eg. F5 BigIP/Citrix ADC
# - NONE: layer-4 balancer disabled
Layer4LoadBalancer = ""
# tls handshake timeout, in seconds
TlsHandshakeTimeout = 30
# read timeout, in seconds
ClientReadTimeout = 60
# write timeout, in seconds
ClientWriteTimeout = 60
# if false, client connection is shutdown disregard of http headers
KeepAliveEnabled = true
# timeout for graceful shutdown (maximum 300 sec)
GracefulShutdownTimeout = 10
# max header length in bytes in request
MaxHeaderBytes = 1048576
# max URI(in header) length in bytes in request
MaxHeaderUriBytes = 8192
# routing related confs
HostRuleConf = server_data_conf/host_rule.data
VipRuleConf = server_data_conf/vip_rule.data
RouteRuleConf = server_data_conf/route_rule.data
ClusterConf = server_data_conf/cluster_conf.data
NameConf = server_data_conf/name_conf.data
# load balancing related confs
ClusterTableConf = cluster_conf/cluster_table.data
GslbConf = cluster_conf/gslb.data
Modules = mod_trust_clientip
Modules = mod_block
Modules = mod_header
Modules = mod_rewrite
Modules = mod_redirect
Modules = mod_logid
# interval for get diff of proxy-state
MonitorInterval = 20
DebugServHttp = false
DebugBfeRoute = false
DebugBal = false
DebugHealthCheck = false
[HttpsBasic]
# cert conf for https
ServerCertConf = tls_conf/server_cert_conf.data
# tls rule for https
TlsRuleConf = tls_conf/tls_rule_conf.data
# supported cipherSuites preference settings
#
# ciphersuites implemented in golang
# TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# TLS_ECDHE_RSA_WITH_RC4_128_SHA
# TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# TLS_RSA_WITH_RC4_128_SHA
# TLS_RSA_WITH_AES_128_CBC_SHA
# TLS_RSA_WITH_AES_256_CBC_SHA
# TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# TLS_RSA_WITH_3DES_EDE_CBC_SHA
#
# Note:
# -. Equivalent cipher suites (cipher suites with same priority in server side):
# CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# CipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
#
CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
CipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA
CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
CipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
CipherSuites=TLS_RSA_WITH_RC4_128_SHA
CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA
# supported curve perference settings
#
# curves implemented in golang:
# CurveP256
# CurveP384
# CurveP521
#
# Note:
# - Do not use CurveP384/CurveP521 which is with poor performance
#
CurvePreferences=CurveP256
# support Sslv2 ClientHello for compatible with ancient
# TLS capable clients (mozilla 5, java 5/6, openssl 0.9.8 etc)
EnableSslv2ClientHello = true
# client ca certificates base directory
# Note: filename suffix for ca certificate file should be ".crt", eg. example_ca_bundle.crt
ClientCABaseDir = tls_conf/client_ca
[SessionCache]
# disable tls session cache or not
SessionCacheDisabled = true
# tcp address of redis server
Servers = "example.redis.cluster"
# prefix for cache key
KeyPrefix = "bfe"
# connection params (ms)
ConnectTimeout = 50
ReadTimeout = 50
WriteTimeout = 50
# max idle connections in connection pool
MaxIdle = 20
# expire time for tls session state (second)
SessionExpire = 3600
[SessionTicket]
# disable tls session ticket or not
SessionTicketsDisabled = true
# session ticket key
SessionTicketKeyFile = tls_conf/session_ticket_key.data