核心配置

配置简介

bfe.conf是BFE的核心配置

配置描述

服务基础配置

配置项描述
Server.HttpPortInteger
HTTP监听端口
默认值8080
Server.HttpsPortInteger
HTTPS(TLS)监听端口
默认值8443
Server.MonitorPortInteger
Monitor监听端口
默认值8421
Server.MonitorEnabledBoolean
Monitor服务器是否开启
默认值True
Server.MaxCpusInteger
最大使用CPU核数; 0代表使用所有CPU核
默认值0
Server.Layer4LoadBalancerString
四层负载均衡器类型(PROXY/NONE)
默认值NONE
Server.TlsHandshakeTimeoutInteger
TLS握手超时时间,单位为秒
默认值30
Server.ClientReadTimeoutInteger
读客户端超时时间,单位为秒
默认值60
Server.ClientWriteTimeoutInteger
写客户端超时时间,单位为秒
默认值60
Server.GracefulShutdownTimeoutInteger
优雅退出超时时间,单位为秒,最大300秒
默认值10
Server.KeepAliveEnabledBoolean
与用户端连接是否启用HTTP KeepAlive
默认值True
Server.MaxHeaderBytesInteger
请求头部的最大长度,单位为Byte
默认值1048576
Server.MaxHeaderUriBytesInteger
请求头部URI的最大长度,单位为Byte
默认值8192
Server.HostRuleConfString
租户域名表配置文件路径
默认值server_data_conf/host_rule.data
Server.VipRuleConfString
租户VIP表配置文件路径
默认值server_data_conf/vip_rule.data
Server.RouteRuleConfString
转发规则配置文件路径
默认值server_data_conf/route_rule.data
Server.ClusterConfString
后端集群相关配置文件路径
默认值server_data_conf/cluster_conf.data
Server.GslbConfString
子集群级别负载均衡配置文件(GSLB)路径
默认值cluster_conf/gslb.data
Server.ClusterTableConfString
实例级别负载均衡配置文件路径
默认值cluster_conf/cluster_table.data
Server.NameConfString
名字与实例映射表配置文件路径
默认值server_data_conf/name_conf.data
Server.ModulesString
启用的模块列表; 启用多个模块请增加多行Modules配置,参见配置示例
默认值空
Server.MonitorIntervalInteger
Monitor数据统计周期,单位为秒
默认值20
Server.DebugServHttpBoolean
是否开启反向代理模块调试日志
默认值False
Server.DebugBfeRouteBoolean
是否开启流量路由模块调试日志
默认值False
Server.DebugBalBoolean
是否开启负载均衡模块调试日志
默认值False
Server.DebugHealthCheckBoolean
是否开启健康检查模块调试日志
默认值False

TLS基础配置

配置项描述
HttpsBasic.ServerCertConfString
服务端证书与密钥的配置文件路径
默认值tls_conf/server_cert_conf.data
HttpsBasic.TlsRuleConfString
TLS协议参数配置文件路径
默认值tls_conf/tls_rule_conf.data
HttpsBasic.CipherSuitesString
启用的加密套件列表; 启用多个套件请增加多行cipherSuites配置,详见示例
默认值TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
HttpsBasic.CurvePreferencesString
启用的ECC椭圆曲线,详见示例
默认值CurveP256
HttpsBasic.EnableSslv2ClientHelloBoolean
针对SSLv3协议,启用对SSLv2格式ClientHello的兼容
默认值True
HttpsBasic.ClientCABaseDirString
客户端根CA证书基目录; 注意:证书文件后缀约定必须是 “.crt”
默认值tls_conf/client_ca
SessionCache.SessionCacheDisabledBoolean
是否禁用TLS Session Cache机制
默认值False
SessionCache.ServersString
Cache服务的访问地址
默认值无
SessionCache.KeyPrefixString
缓存key前缀
默认值bfe
SessionCache.ConnectTimeoutInteger
连接Cache服务的超时时间, 单位毫秒
默认值50
SessionCache.ReadTimeoutInteger
读取Cache服务的超时时间, 单位毫秒
默认值50
SessionCache.WriteTimeoutInteger
写入Cache服务的超时时间, 单位毫秒
默认值50
SessionCache.MaxIdleInteger
与Cache服务的最大空闲长连接数
默认值20
SessionCache.SessionExpireInteger
存储在Cache服务中会话信息的过期时间, 单位秒
默认值3600
SessionTicket.SessionTicketsDisabledBoolean
是否禁用TLS Session Ticket
默认值True
SessionTicket.SessionTicketKeyFileString
Session Ticket Key配置文件路径
默认值tls_conf/session_ticket_key.data

配置示例

  1. [Server]
  2. # listen port for http request
  3. HttpPort = 8080
  4. # listen port for https request
  5. HttpsPort = 8443
  6. # listen port for monitor request
  7. MonitorPort = 8421
  8. # max number of CPUs to use (0 to use all CPUs)
  9. MaxCpus = 0
  10. # type of layer-4 load balancer (PROXY/NONE)
  11. #
  12. # Note:
  13. # - PROXY: layer-4 balancer talking the proxy protocol
  14. # eg. F5 BigIP/Citrix ADC
  15. # - NONE: layer-4 balancer disabled
  16. Layer4LoadBalancer = ""
  17. # tls handshake timeout, in seconds
  18. TlsHandshakeTimeout = 30
  19. # read timeout, in seconds
  20. ClientReadTimeout = 60
  21. # write timeout, in seconds
  22. ClientWriteTimeout = 60
  23. # if false, client connection is shutdown disregard of http headers
  24. KeepAliveEnabled = true
  25. # timeout for graceful shutdown (maximum 300 sec)
  26. GracefulShutdownTimeout = 10
  27. # max header length in bytes in request
  28. MaxHeaderBytes = 1048576
  29. # max URI(in header) length in bytes in request
  30. MaxHeaderUriBytes = 8192
  31. # routing related conf
  32. HostRuleConf = server_data_conf/host_rule.data
  33. VipRuleConf = server_data_conf/vip_rule.data
  34. RouteRuleConf = server_data_conf/route_rule.data
  35. ClusterConf = server_data_conf/cluster_conf.data
  36. # load balancing related conf
  37. GslbConf = cluster_conf/gslb.data
  38. ClusterTableConf = cluster_conf/cluster_table.data
  39. # naming related conf
  40. NameConf = server_data_conf/name_conf.data
  41. # moduels enabled
  42. Modules = mod_trust_clientip
  43. Modules = mod_block
  44. Modules = mod_header
  45. Modules = mod_rewrite
  46. Modules = mod_redirect
  47. Modules = mod_logid
  48. # interval for get diff of proxy-state
  49. MonitorInterval = 20
  50. # debug flags
  51. DebugServHttp = false
  52. DebugBfeRoute = false
  53. DebugBal = false
  54. DebugHealthCheck = false
  55. [HttpsBasic]
  56. # tls cert conf
  57. ServerCertConf = tls_conf/server_cert_conf.data
  58. # tls rule
  59. TlsRuleConf = tls_conf/tls_rule_conf.data
  60. # supported cipherSuites preference settings
  61. #
  62. # ciphersuites implemented in golang:
  63. # TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  64. # TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  65. # TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  66. # TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  67. # TLS_ECDHE_RSA_WITH_RC4_128_SHA
  68. # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  69. # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  70. # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  71. # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  72. # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  73. # TLS_RSA_WITH_RC4_128_SHA
  74. # TLS_RSA_WITH_AES_128_CBC_SHA
  75. # TLS_RSA_WITH_AES_256_CBC_SHA
  76. # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  77. # TLS_RSA_WITH_3DES_EDE_CBC_SHA
  78. #
  79. # Note:
  80. # -. Equivalent cipher suites (cipher suites with same priority in server side):
  81. # CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  82. # CipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  83. #
  84. CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  85. CipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA
  86. CipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  87. CipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  88. CipherSuites=TLS_RSA_WITH_RC4_128_SHA
  89. CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
  90. CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA
  91. # supported curve perference settings
  92. #
  93. # curves implemented in golang:
  94. # CurveP256
  95. # CurveP384
  96. # CurveP521
  97. #
  98. # Note:
  99. # - Do not use CurveP384/CurveP521 which is with poor performance
  100. #
  101. CurvePreferences=CurveP256
  102. # support Sslv2 ClientHello for compatible with ancient
  103. # TLS capable clients (mozilla 5, java 5/6, openssl 0.9.8 etc)
  104. EnableSslv2ClientHello = true
  105. # base directory of client ca certificates
  106. # Note: filename suffix of ca certificate file should be ".crt"
  107. ClientCABaseDir = tls_conf/client_ca
  108. [SessionCache]
  109. # disable tls session cache or not
  110. SessionCacheDisabled = true
  111. # address of cache server
  112. Servers = "example.redis.cluster"
  113. # prefix for cache key
  114. KeyPrefix = "bfe"
  115. # connection params (ms)
  116. ConnectTimeout = 50
  117. ReadTimeout = 50
  118. WriteTimeout = 50
  119. # max idle connections in connection pool
  120. MaxIdle = 20
  121. # expire time for tls session state (second)
  122. SessionExpire = 3600
  123. [SessionTicket]
  124. # disable tls session ticket or not
  125. SessionTicketsDisabled = true
  126. # session ticket key
  127. SessionTicketKeyFile = tls_conf/session_ticket_key.data