vrr/g3
2
0
Fork 0
mirror of https://github.com/bytedance/g3.git synced 2026-05-03 14:10:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
g3/g3proxy/doc/configuration/servers/http_rproxy.rst
Zhang Jingqiang 067ea8e8e8 g3proxy: make listen config optional in real servers
2023-08-02 15:46:05 +08:00

301 lines
7.7 KiB
ReStructuredText
Raw Blame History

.. _configuration_server_http_rproxy:
http_rproxy
===========
This server provides http reverse proxy.
The following common keys are supported:
* :ref:`escaper <conf_server_common_escaper>`
* :ref:`auditor <conf_server_common_auditor>`
* :ref:`user_group <conf_server_common_user_group>`
* :ref:`shared_logger <conf_server_common_shared_logger>`
* :ref:`listen_in_worker <conf_server_common_listen_in_worker>`
* :ref:`tcp_sock_speed_limit <conf_server_common_tcp_sock_speed_limit>`
* :ref:`ingress_network_filter <conf_server_common_ingress_network_filter>`
* :ref:`tcp_copy_buffer_size <conf_server_common_tcp_copy_buffer_size>`
* :ref:`tcp_copy_yield_size <conf_server_common_tcp_copy_yield_size>`
* :ref:`tcp_misc_opts <conf_server_common_tcp_misc_opts>`
* :ref:`task_idle_check_duration <conf_server_common_task_idle_check_duration>`
* :ref:`task_idle_max_count <conf_server_common_task_idle_max_count>`
* :ref:`extra_metrics_tags <conf_server_common_extra_metrics_tags>`
The auth scheme supported by the server is determined by the type of the specified user group.
+-------------+---------------------------+-------------------+
|auth scheme |user group type |is supported |
+=============+===========================+===================+
|Basic |hashed_user |yes |
+-------------+---------------------------+-------------------+
|Negotiate |gss_api |not yet |
+-------------+---------------------------+-------------------+
listen
------
**optional**, **type**: :ref:`tcp listen <conf_value_tcp_listen>`
Set the listen config for this server.
The instance count setting will be ignored if *listen_in_worker* is correctly enabled.
**default**: not set
.. versionadded:: 1.7.20 change listen config to be optional
.. _config_server_http_rproxy_server_id:
server_id
---------
**optional**, **type**: :ref:`http server id <conf_value_http_server_id>`
Set the server id. If set, the header *X-BD-Remote-Connection-Info* will be added to response,
and it will also be used in the *Via* header added to request.
**default**: not set
auth_realm
----------
**optional**, **type**: :ref:`ascii str <conf_value_ascii_str>`
Set the auth realm.
**default**: proxy
req_header_recv_timeout
-----------------------
**optional**, **type**: :ref:`humanize duration <conf_value_humanize_duration>`
Set the max time to wait a full request header after the client connection become readable.
**default**: 30s
rsp_header_recv_timeout
-----------------------
**optional**, **type**: :ref:`humanize duration <conf_value_humanize_duration>`
Set the max time duration after the full request sent and before receive of the whole response header.
**default**: 60s
req_header_max_size
-------------------
**optional**, **type**: :ref:`humanize usize <conf_value_humanize_usize>`
Set the max request header size.
**default**: 64KiB
rsp_header_max_size
-------------------
**optional**, **type**: :ref:`humanize usize <conf_value_humanize_usize>`
Set the max response header size.
**default**: 64KiB
.. _config_server_http_rproxy_log_uri_max_chars:
log_uri_max_chars
-----------------
**optional**, **type**: usize
Set the max number of characters of uri should be logged in logs.
The user level config value will take effect if set, see this :ref:`user config option <config_user_log_uri_max_chars>`.
**default**: 1024
pipeline_size
-------------
**optional**, **type**: int
Set the pipeline size for HTTP 1.0/1.1.
**default**: 10
.. note::
We only pipeline requests with no body.
pipeline_read_idle_timeout
--------------------------
**optional**, **type**: :ref:`humanize duration <conf_value_humanize_duration>`
Set the idle timeout of the client side IDLE http connections.
**default**: 5min
no_early_error_reply
--------------------
**optional**, **type**: bool
Set to true if no error reply should be sent out before user auth succeeded, the connection will be just closed
in such case.
**default**: false
body_line_max_length
--------------------
**optional**, **type**: int
Set the max line length for lines (trailer and chunk size) in http body.
**default**: 8192
http_forward_upstream_keepalive
-------------------------------
**optional**, **type**: :ref:`http keepalive <conf_value_http_keepalive>`
Set http keepalive config at server level.
**default**: set with default value
untrusted_read_speed_limit
--------------------------
**optional**, **type**: :ref:`tcp socket speed limit <conf_value_tcp_sock_speed_limit>`
Enable untrusted read of the body of requests with no auth info, and set the read rate limit.
Set this if you need to be compatible with buggy java http clients which won't handle the 407 error response in time.
**default**: not set, which means untrusted read is disabled, **alias**: untrusted_read_limit
.. versionchanged:: 1.4.0 changed name to untrusted_read_speed_limit
append_forwarded_for
--------------------
**optional**, **type**: :ref:`http forwarded header type <conf_value_http_forwarded_header_type>`
Set if we should append a corresponding forwarded header to the request send out to the next proxy.
See :ref:`steal_forwarded_for <config_server_http_proxy_steal_forwarded_for>` config option in http_proxy for more info
if you want to delete existing forwarded headers.
See the doc of supported escapers for detailed protocol info.
**default**: classic, which means *X-Forwarded-\** headers will be appended
enable_tls_server
-----------------
**optional**, **type**: bool
Set whether tls is enabled for all local sites.
Requests to local sites without valid tls server config will be dropped.
**default**: false
.. _configuration_server_http_rproxy_global_tls_server:
global_tls_server
-----------------
**optional**, **type**: :ref:`rustls server config <conf_value_rustls_server_config>`
Set global TLS server config on the server. This will be used if no tls server config set on the matched local site.
**default**: not set
client_hello_recv_timeout
-------------------------
**optional**, **type**: :ref:`humanize duration <conf_value_humanize_duration>`
Set the timeout value for the receive of the complete TLS ClientHello message.
**default**: 1s
hosts
-----
**required**, **type**: :ref:`host matched object <conf_value_host_matched_object>` <:ref:`host <configuration_server_http_rproxy_host>`>
Set the hosts we should handle based on host match rules.
Example 1:
.. code-block:: yaml
hosts:
services:
upstream: www.example.net
Example 2:
.. code-block:: yaml
hosts:
- exact_match:
- www.example.net
- example.net
services:
upstream: www.example.net
- child_match: example.org
set_default: true
services:
upstream: www.example.org
**default**: not set
.. _configuration_server_http_rproxy_host:
Host
^^^^
This is the config for each local host on this server.
tls_server
""""""""""
**optional**, **type**: :ref:`rustls server config <conf_value_rustls_server_config>`
Set TLS server config for this local site.
If not set, the :ref:`global tls server <configuration_server_http_rproxy_global_tls_server>` config will be used.
**default**: not set
upstream
""""""""
**required**, **type**: :ref:`upstream str <conf_value_upstream_str>`
Set the target upstream address. The default port is 80 which can be omitted.
tls_client
""""""""""
**optional**, **type**: :ref:`openssl tls client config <conf_value_openssl_tls_client_config>`
Set TLS parameters for this local TLS client if https is needed.
If set to empty map, a default config is used.
**default**: not set
tls_name
""""""""
**optional**, **type**: :ref:`tls name <conf_value_tls_name>`
Set the tls server name to verify tls certificate of the upstream site.
If not set, the host part of the upstream address will be used.
**default**: not set
Reference in a new issue View git blame Copy permalink