Introduction

bfe.conf is the core config file of BFE.

Configuration

Server Config

Config Item Type Description
HttpPort Int Listen port for HTTP
HttpsPort Int Listen port for HTTPS
MonitorPort Int Listen port for monitor
MaxCpus Int Max number of CPUs to use (0 to use all CPUs)
Layer4LoadBalancer String Type of layer-4 load balancer (PROXY/BGW/NONE)
TlsHandshakeTimeout Int TLS handshake timeout, in seconds
ClientReadTimeout Int Read timeout of communicating with http client, in seconds
ClientWriteTimeout Int Write timeout of communicating with http client, in seconds
KeepAliveEnabled Bool If false, HTTP Keep-Alive is disabled
GracefulShutdownTimeout Int Timeout for graceful shutdown (maximum 300 sec)
MaxHeaderBytes Int Max length of request header, in bytes
MaxHeaderUriBytes Int Max lenght of request URI, in bytes
HostRuleConf String Path of host config
VipRuleConf String Path of VIP config
RouteRuleConf String Path of route rule config
ClusterConf String Path of cluster config
ClusterTableConf String Path of cluster table config
GslbConf String Path of gslb config
NameConf String Path of naming config
Modules String Enabled modules
MonitorInterval Int Interval for get diff of proxy-state
DebugServHttp Bool Debug flag for ServerHttp
DebugBfeRoute Bool Debug flag for BfeRoute
DebugBal Bool Debug flag for Bal
DebugHealthCheck Bool Debug flag for HealthCheck

HttpsBasic Config

Config Item Type Description
ServerCertConf String Path of cert config
TlsRuleConf String Path of tls rule config
CipherSuites String CipherSuites preference settings
CurvePreferences String Curve perference settings
EnableSslv2ClientHello Bool Enable Sslv2ClientHello for compatible with ancient sslv3 client
ClientCABaseDir String Base directory of client ca certificates Note: filename suffix of ca certificate must be “.crt”

SessionCache Config

Config Item Type Description
SessionCacheDisabled Bool Disable tls session cache or not
Servers String Address of cache server
KeyPrefix String Prefix for cache key
ConnectTimeout Int Connection timeout
ReadTimeout Int Read timeout of connection with redis server
WriteTimeout Int Write timeout of connection with redis server
MaxIdle Int Max idle connections in connection pool
SessionExpire Int Expire time for tls session state (second)

SessionTicket Config

Config Item Type Description
SessionTicketsDisabled Bool Disable tls session ticket or not
SessionTicketKeyFile String File path of session ticket key

Example

  1. [server]
  2. # listen port for http request
  3. httpPort = 8080
  4. # listen port for https request
  5. httpsPort = 8443
  6. # listen port for monitor request
  7. monitorPort = 8299
  9. # max number of CPUs to use (0 to use all CPUs)
  10. maxCpus = 0
  12. # type of layer-4 load balancer (PROXY/BGW/NONE)
  13. # 
  14. # Note:
  15. # - PROXY: layer-4 balancer talking the proxy protocol
  16. #          eg. F5 BigIP/Citrix ADC 
  17. # - BGW: Baidu GateWay
  18. # - NONE: layer-4 balancer disabled 
  19. layer4LoadBalancer = ""
  21. # tls handshake timeout, in seconds
  22. tlsHandshakeTimeout = 30
  24. # read timeout, in seconds
  25. clientReadTimeout = 60
  27. # write timeout, in seconds
  28. clientWriteTimeout = 60
  30. # if false, client connection is shutdown disregard of http headers
  31. keepAliveEnabled = true
  33. # timeout for graceful shutdown (maximum 300 sec)
  34. gracefulShutdownTimeout = 10
  36. # max header length in bytes in request
  37. maxHeaderBytes = 1048576
  39. # max URI(in header) length in bytes in request
  40. maxHeaderUriBytes = 8192
  42. # routing related confs
  43. hostRuleConf = server_data_conf/host_rule.data
  44. vipRuleConf = server_data_conf/vip_rule.data
  45. routeRuleConf = server_data_conf/route_rule.data
  46. clusterConf = server_data_conf/cluster_conf.data
  47. nameConf = server_data_conf/name_conf.data
  49. # load balancing related confs 
  50. clusterTableConf = cluster_conf/cluster_table.data
  51. gslbConf = cluster_conf/gslb.data
  53. modules = mod_trust_clientip
  54. modules = mod_block
  55. modules = mod_header
  56. modules = mod_rewrite
  57. modules = mod_redirect
  58. modules = mod_logid
  60. # interval for get diff of proxy-state
  61. monitorInterval = 20
  63. debugServHttp = false
  64. debugBfeRoute = false
  65. debugBal = false
  66. debugHealthCheck = false
  68. [httpsBasic]
  69. # cert conf for https
  70. serverCertConf = tls_conf/server_cert_conf.data
  72. # tls rule for https
  73. tlsRuleConf = tls_conf/tls_rule_conf.data
  75. # supported cipherSuites preference settings
  76. #
  77. # ciphersuites implemented in golang
  78. #     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  79. #     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  80. #     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  81. #     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  82. #     TLS_ECDHE_RSA_WITH_RC4_128_SHA
  83. #     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  84. #     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  85. #     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  86. #     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  87. #     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  88. #     TLS_RSA_WITH_RC4_128_SHA
  89. #     TLS_RSA_WITH_AES_128_CBC_SHA
  90. #     TLS_RSA_WITH_AES_256_CBC_SHA
  91. #     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  92. #     TLS_RSA_WITH_3DES_EDE_CBC_SHA
  93. #
  94. # Note:
  95. # -. Equivalent cipher suites (cipher suites with same priority in server side):
  96. #    cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  97. #    cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  98. #
  99. cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  100. cipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA
  101. cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  102. cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  103. cipherSuites=TLS_RSA_WITH_RC4_128_SHA
  104. cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
  105. cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA
  107. # supported curve perference settings
  108. #
  109. # curves implemented in golang: 
  110. #     CurveP256 
  111. #     CurveP384 
  112. #     CurveP521
  113. #
  114. # Note:
  115. # - Do not use CurveP384/CurveP521 which is with poor performance
  116. #
  117. curvePreferences=CurveP256
  119. # support Sslv2 ClientHello for compatible with ancient 
  120. # TLS capable clients (mozilla 5, java 5/6, openssl 0.9.8 etc)
  121. enableSslv2ClientHello = true
  123. # client ca certificates base directory
  124. # Note: filename suffix for ca certificate file should be ".crt", eg. example_ca_bundle.crt
  125. clientCABaseDir = tls_conf/client_ca
  127. [sessionCache]
  128. # disable tls session cache or not
  129. sessionCacheDisabled = true
  131. # tcp address of redis server
  132. servers = "example.redis.cluster"
  134. # prefix for cache key
  135. keyPrefix = "bfe"
  137. # connection params (ms)
  138. connectTimeout = 50
  139. readTimeout = 50
  140. writeTimeout = 50
  142. # max idle connections in connection pool
  143. maxIdle = 20
  145. # expire time for tls session state (second)
  146. sessionExpire = 3600
  148. [sessionTicket]
  149. # disable tls session ticket or not
  150. sessionTicketsDisabled = true
  151. # session ticket key
  152. sessionTicketKeyFile = tls_conf/session_ticket_key.data