gorouter job from cf/246
The Router maintains a list of live routes for the applications running on each DEA. The Router load balances requests (based on their Host header) between each application instance registered for a specific route. It requires to be behind a load balancer that can terminate SSL connections.
Github source:
e49436ed
or
master branch
Properties¶
metron
¶
port
¶The port used to emit dropsonde messages to the Metron agent.
- Default
3457
nats
¶
machines
¶IP of each NATS cluster member.
password
¶
port
¶
user
¶
request_timeout_in_seconds
¶
Timeout in seconds for Router -> Endpoint roundtrip.
- Default
900
router
¶
balancing_algorithm
¶Algorithm used to distribute requests for a route across backends. Supported values are round-robin and least-connection
- Default
round-robin
cipher_suites
¶An ordered list of supported SSL cipher suites containing golang tls constants separated by colons The cipher suite will be chosen according to this order during SSL handshake
- Default
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA
debug_address
¶Address at which to serve debug info
- Default
0.0.0.0:17002
dns_health_check_host
¶Host to ping for confirmation of DNS resolution, only used when Routing API is enabled
- Default
consul.service.cf.internal
drain_wait
¶Delay in seconds after drain begins before server stops listening. During this time the server will respond with 503 Service Unavailable to requests having header User-Agent: {Value of router.healthcheck_user_agent}. This accommodates requests in transit sent during the time the health check responded with
ok
.
- Default
0
enable_access_log_streaming
¶Enables streaming of access log to syslog.
- Default
false
enable_proxy
¶Enables support for the popular PROXY protocol, allowing downstream load balancers that do not support HTTP to pass along client information.
- Default
false
enable_ssl
¶Enable ssl termination on the router
- Default
false
extra_headers_to_log
¶An array of headers that access log events will be annotated with
- Default
[]
force_forwarded_proto_https
¶Enables setting X-Forwarded-Proto header if SSL termination happened upstream and incorrectly set the header value. When this property is set to true gorouter sets the header X-Forwarded-Proto to https. When this value set to false, gorouter set the header X-Forwarded-Proto to the protocol of the incoming request
- Default
false
healthcheck_user_agent
¶User-Agent for the health check agent (usually the Load Balancer).
- Default
HTTP-Monitor/1.1- Example
ELB-HealthChecker/1.0
load_balancer_healthy_threshold
¶Time period in seconds to wait until declaring the router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.
- Default
20
logging_level
¶Log level for router
- Default
info
logrotate
¶
freq_min
¶The frequency in minutes which logrotate will rotate VM logs
- Default
5
rotate
¶The number of files that logrotate will keep around on the VM
- Default
7
size
¶The size at which logrotate will decide to rotate the log file
- Default
2M
number_of_cpus
¶Number of CPUs to utilize, the default (-1) will equal the number of available CPUs
- Default
-1
offset
¶
- Default
0
port
¶Listening Port for Router.
- Default
80
requested_route_registration_interval_in_seconds
¶On startup, the router will delay listening for requests by this duration to increase likelihood that it has a complete routing table before serving requests. The router also broadcasts the same duration as a recommended interval to registering clients via NATS.
- Default
20
route_services_recommend_https
¶Route Services are told where to send requests after processing using the X-CF-Forwarded-Url header. When this property is true, the scheme for this URL is https. When false, the scheme is http. As requests from Route Services to applications on CF transit load balancers and gorouter, disable this property for deployments that have TLS termination disabled.
- Default
true
route_services_secret
¶Support for route services is disabled when no value is configured. A robust passphrase is recommended.
- Default
""
route_services_secret_decrypt_only
¶To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again.
- Default
""
route_services_timeout
¶Expiry time of a route service signature in seconds
- Default
60
secure_cookies
¶Set secure flag on http cookies
- Default
false
ssl_cert
¶The public ssl cert for ssl termination
- Default
""
ssl_key
¶The private ssl key for ssl termination
- Default
""
ssl_skip_validation
¶Skip SSL client cert validation
- Default
false
status
¶
password
¶Password for HTTP basic auth to the /varz and /routes endpoints.
port
¶Port for the /health, /varz, and /routes endpoints.
- Default
8080
user
¶Username for HTTP basic auth to the /varz and /routes endpoints.
suspend_pruning_if_nats_unavailable
¶Suspend pruning of routes when NATs is unavailable and maintain the current routing table. WARNING: This strategy favors availability over consistency and there is a possibility of routing to an incorrect endpoint in the case of port re-use. To be used with caution.”
- Default
false
trace_key
¶If the X-Vcap-Trace request header is set and has this value, trace headers are added to the response.
- Default
22
tracing
¶
enable_zipkin
¶Enables the addition of the X-B3-Trace-Id header to incoming requests. If the header already exists on the incoming request, it will not be overwritten.
- Default
false
routing_api
¶
auth_disabled
¶When false, Routing API requires OAuth tokens for authentication.
- Default
false
enabled
¶When enabled, GoRouter will fetch HTTP routes from the Routing API in addition to routes obtained via NATS.
- Default
false
port
¶Port on which Routing API is running.
- Default
3000
uaa
¶
ca_cert
¶Certificate authority for communication between clients and uaa.
- Default
""
clients
¶
gorouter
¶
secret
¶Password for UAA client for the gorouter.
port
¶Port on which UAA is running.
- Default
8080
ssl
¶
port
¶Secure Port on which UAA is running.
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/gorouter/
directory
(learn more).
bin/dns_health_check
(fromdns_health_check.erb
)bin/drain
(fromdrain
)bin/gorouter_ctl
(fromgorouter_ctl
)bin/run_gorouter
(fromrun_gorouter.erb
)config/cert.pem
(fromcert.pem.erb
)config/certs/uaa/ca.crt
(fromuaa_ca.crt.erb
)config/gorouter.yml
(fromgorouter.yml.erb
)config/gorouter_logrotate.cron
(fromgorouter_logrotate.cron.erb
)config/key.pem
(fromkey.pem.erb
)config/logrotate.conf
(fromlogrotate.conf.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.