Skip to content

gorouter job from cf/246

The Router maintains a list of live routes for the applications running on each DEA. The Router load balances requests (based on their Host header) between each application instance registered for a specific route. It requires to be behind a load balancer that can terminate SSL connections.

Github source: e49436ed or master branch

Properties

metron

port

The port used to emit dropsonde messages to the Metron agent.

Default
3457

nats

machines

IP of each NATS cluster member.

password

port

user

request_timeout_in_seconds

Timeout in seconds for Router -> Endpoint roundtrip.

Default
900

router

balancing_algorithm

Algorithm used to distribute requests for a route across backends. Supported values are round-robin and least-connection

Default
round-robin

cipher_suites

An ordered list of supported SSL cipher suites containing golang tls constants separated by colons The cipher suite will be chosen according to this order during SSL handshake

Default
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA

debug_address

Address at which to serve debug info

Default
0.0.0.0:17002

dns_health_check_host

Host to ping for confirmation of DNS resolution, only used when Routing API is enabled

Default
consul.service.cf.internal

drain_wait

Delay in seconds after drain begins before server stops listening. During this time the server will respond with 503 Service Unavailable to requests having header User-Agent: {Value of router.healthcheck_user_agent}. This accommodates requests in transit sent during the time the health check responded with ok.

Default
0

enable_access_log_streaming

Enables streaming of access log to syslog.

Default
false

enable_proxy

Enables support for the popular PROXY protocol, allowing downstream load balancers that do not support HTTP to pass along client information.

Default
false

enable_ssl

Enable ssl termination on the router

Default
false

extra_headers_to_log

An array of headers that access log events will be annotated with

Default
[]

force_forwarded_proto_https

Enables setting X-Forwarded-Proto header if SSL termination happened upstream and incorrectly set the header value. When this property is set to true gorouter sets the header X-Forwarded-Proto to https. When this value set to false, gorouter set the header X-Forwarded-Proto to the protocol of the incoming request

Default
false

healthcheck_user_agent

User-Agent for the health check agent (usually the Load Balancer).

Default
HTTP-Monitor/1.1
Example
ELB-HealthChecker/1.0

load_balancer_healthy_threshold

Time period in seconds to wait until declaring the router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.

Default
20

logging_level

Log level for router

Default
info

logrotate

freq_min

The frequency in minutes which logrotate will rotate VM logs

Default
5
rotate

The number of files that logrotate will keep around on the VM

Default
7
size

The size at which logrotate will decide to rotate the log file

Default
2M

number_of_cpus

Number of CPUs to utilize, the default (-1) will equal the number of available CPUs

Default
-1

offset

Default
0

port

Listening Port for Router.

Default
80

requested_route_registration_interval_in_seconds

On startup, the router will delay listening for requests by this duration to increase likelihood that it has a complete routing table before serving requests. The router also broadcasts the same duration as a recommended interval to registering clients via NATS.

Default
20

route_services_recommend_https

Route Services are told where to send requests after processing using the X-CF-Forwarded-Url header. When this property is true, the scheme for this URL is https. When false, the scheme is http. As requests from Route Services to applications on CF transit load balancers and gorouter, disable this property for deployments that have TLS termination disabled.

Default
true

route_services_secret

Support for route services is disabled when no value is configured. A robust passphrase is recommended.

Default
""

route_services_secret_decrypt_only

To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again.

Default
""

route_services_timeout

Expiry time of a route service signature in seconds

Default
60

secure_cookies

Set secure flag on http cookies

Default
false

ssl_cert

The public ssl cert for ssl termination

Default
""

ssl_key

The private ssl key for ssl termination

Default
""

ssl_skip_validation

Skip SSL client cert validation

Default
false

status

password

Password for HTTP basic auth to the /varz and /routes endpoints.

port

Port for the /health, /varz, and /routes endpoints.

Default
8080
user

Username for HTTP basic auth to the /varz and /routes endpoints.

suspend_pruning_if_nats_unavailable

Suspend pruning of routes when NATs is unavailable and maintain the current routing table. WARNING: This strategy favors availability over consistency and there is a possibility of routing to an incorrect endpoint in the case of port re-use. To be used with caution.”

Default
false

trace_key

If the X-Vcap-Trace request header is set and has this value, trace headers are added to the response.

Default
22

tracing

enable_zipkin

Enables the addition of the X-B3-Trace-Id header to incoming requests. If the header already exists on the incoming request, it will not be overwritten.

Default
false

routing_api

auth_disabled

When false, Routing API requires OAuth tokens for authentication.

Default
false

enabled

When enabled, GoRouter will fetch HTTP routes from the Routing API in addition to routes obtained via NATS.

Default
false

port

Port on which Routing API is running.

Default
3000

uaa

ca_cert

Certificate authority for communication between clients and uaa.

Default
""

clients

gorouter
secret

Password for UAA client for the gorouter.

port

Port on which UAA is running.

Default
8080

ssl

port

Secure Port on which UAA is running.

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/gorouter/ directory (learn more).

  • bin/dns_health_check (from dns_health_check.erb)
  • bin/drain (from drain)
  • bin/gorouter_ctl (from gorouter_ctl)
  • bin/run_gorouter (from run_gorouter.erb)
  • config/cert.pem (from cert.pem.erb)
  • config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
  • config/gorouter.yml (from gorouter.yml.erb)
  • config/gorouter_logrotate.cron (from gorouter_logrotate.cron.erb)
  • config/key.pem (from key.pem.erb)
  • config/logrotate.conf (from logrotate.conf.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.