Fabio Quick Start
一、Windows环境下安装
1.下载windows对应的fabio文件
请先安装go言语环境 https://studygolang.com/dl
在https://github.com/fabiolb/fabio/releases 中查找可用的发行版本。 以下是64位对应该的其中一个版本https://github.com/fabiolb/fabio/releases/download/v1.5.13/fabio-1.5.13-go1.13.4-windows_amd64.exe
2. 修改fabio配置文件
下载fabio.properties ,如文件保存为D:/fabio/fabio-windows_amd64.exe,将fabio.properties文件保存在同一目录(D:/fabio/)下。 修改consul服务地址
# The default is#registry.consul.addr = localhost:8500
修改fabio端口配置如果需要
# # HTTP listener on port 9999# proxy.addr = :9999
修改fabio ui端口地址如果需要
# The default is## registry.consul.register.addr = :9998
其它配置请自行查看fabio.properties文件
3. 启动fabio
fabio
D:/fabio/目录下打开命令行或者powershell, 输入fabio-windows_amd64 -cfg fabio.properties启动
4. 启动fabio ui
localhost:9998
二、Linux环境下安装
安装go
安装go言语环境 https://studygolang.com/dl
解压到/usr/local如:tar -C /usr/local -xzf goxxxxx.linux-amd64.tar.gz
设置环境变量
GOROOT 的值应该为Go语言的当前安装目录:export GOROOT=/usr/local/go
PATH 为了方便使用Go语言命令和 Go 程序的可执行文件,需要追加其值:
export PATH=$PATH:$GOROOT/bin:$GOBIN
永久环境变量
需要把这几个环境变量添加 profile 文件中(~/.bash_profile 或 /etc/profile)。如果是单用户使用,可以将环境变量添加在 home 目录下的 bash_profile 文件中,如果是多用户使用,需要添加在 /etc/profile 文件。(推荐大家在 /etc/profile 文件中设置环境变量)
打开 profile 文件,并将环境变量添加到文件末尾。
exprot GOROOT=/usr/local/goexport PATH=$PATH:$GOROOT/bin
下载fabio 在https://github.com/fabiolb/fabio/releases 中查找可用的发行版本. 之后刀windiws环境下找操作步骤基本相同
TODO
Windows和Linux都应将fabio以服务的方式启动,并添加到开机启动
三、启用https
修改fabio.properties,并重启fabio
#定义证书 如:epm.abc为证书名,type=file Tsl证书为指定文件, cert为公钥证书, key为证书私钥#其它方法请搜索proxy.cs =proxy.cs = cs=epm.abc;type=file;cert=_.ronds.com.crt;key=dc.ronds.com.key#修改 proxy.addr,添加cs参数为上一步定义的证书名,如:epm.abcproxy.addr = :9999;cs=epm.abc
fabio 详细配置
# proxy.cs configures one or more certificate sources. # # Each certificate source is configured with a list of # key/value options. Each source must have a unique # name which can then be referred to in a listener # configuration. # # cs=<name>;type=<type>;opt=arg;opt[=arg];... # # All certificates need to be provided in PEM format. # # The following types of certificate sources are available: # # File # # The file certificate source supports one certificate which is loaded at # startup and is cached until the service exits. # # The 'cert' option contains the path to the certificate file. The 'key' # option contains the path to the private key file. If the certificate file # contains both the certificate and the private key the 'key' option can be # omitted. The 'clientca' option contains the path to one or more client # authentication certificates. # # cs=<name>;type=file;cert=p/a-cert.pem;key=p/a-key.pem;clientca=p/clientAuth.pem # # Path # # The path certificate source loads certificates from a directory in # alphabetical order and refreshes them periodically. # # The 'cert' option provides the path to the TLS certificates and the # 'clientca' option provides the path to the certificates for client # authentication. # # TLS certificates are stored either in one or two files: # # www.example.com.pem or www.example.com-{cert,key}.pem # # TLS certificates are loaded in alphabetical order and the first certificate # is the default for clients which do not support SNI. # # The 'refresh' option can be set to specify the refresh interval for the TLS # certificates. Client authentication certificates cannot be refreshed since # Go does not provide a mechanism for that yet. # # The default refresh interval is 3 seconds and cannot be lower than 1 second # to prevent busy loops. To load the certificates only once and disable # automatic refreshing set 'refresh' to zero. # # cs=<name>;type=path;cert=path/to/certs;clientca=path/to/clientcas;refresh=3s # # HTTP # # The http certificate source loads certificates from an HTTP/HTTPS server. # # The 'cert' option provides a URL to a text file which contains all files # that should be loaded from this directory. The filenames follow the same # rules as for the path source. The text file can be generated with: # # ls -1 *.pem > list # # The 'clientca' option provides a URL for the client authentication # certificates analogous to the 'cert' option. # # Authentication credentials can be provided in the URL as request parameter, # as basic authentication parameters or through a header. # # The 'refresh' option can be set to specify the refresh interval for the TLS # certificates. Client authentication certificates cannot be refreshed since # Go does not provide a mechanism for that yet. # # The default refresh interval is 3 seconds and cannot be lower than 1 second # to prevent busy loops. To load the certificates only once and disable # automatic refreshing set 'refresh' to zero. # # cs=<name>;type=http;cert=https://host.com/path/to/cert/list&token=123 # cs=<name>;type=http;cert=https://user:pass@host.com/path/to/cert/list # cs=<name>;type=http;cert=https://host.com/path/to/cert/list;hdr=Authorization: Bearer 1234 # # Consul # # The consul certificate source loads certificates from consul. # # The 'cert' option provides a KV store URL where the the TLS certificates are # stored. # # The 'clientca' option provides a URL to a path in the KV store where the the # client authentication certificates are stored. # # The filenames follow the same rules as for the path source. # # The TLS certificates are updated automatically whenever the KV store # changes. The client authentication certificates cannot be updated # automatically since Go does not provide a mechanism for that yet. # # cs=<name>;type=consul;cert=http://localhost:8500/v1/kv/path/to/cert&token=123 # # Vault # # The Vault certificate store uses HashiCorp Vault as the certificate # store. # # The 'cert' option provides the path to the TLS certificates and the # 'clientca' option provides the path to the certificates for client # authentication. # # The 'refresh' option can be set to specify the refresh interval for the TLS # certificates. Client authentication certificates cannot be refreshed since # Go does not provide a mechanism for that yet. # # The default refresh interval is 3 seconds and cannot be lower than 1 second # to prevent busy loops. To load the certificates only once and disable # automatic refreshing set 'refresh' to zero. # # The path to vault must be provided in the VAULT_ADDR environment # variable. The token can be provided in the VAULT_TOKEN environment # variable, or provided by using the Vault fetch token option. By default the # token is loaded once from the VAULT_TOKEN environment variable. See Vault PKI for details. # # cs=<name>;type=vault;cert=secret/fabio/certs # # Vault PKI # # The Vault PKI certificate store uses HashiCorp Vault's PKI backend to issue # certificates on-demand. # # The 'cert' option provides a PKI backend path for issuing certificates. The # 'clientca' option works in the same way as for the generic Vault source. # # The 'refresh' option determines how long before the expiration date # certificates are re-issued. Values smaller than one hour are silently changed # to one hour, which is also the default. # # cs=<name>;type=vault-pki;cert=pki/issue/example-dot-com;refresh=24h;clientca=secret/fabio/client-certs # # This source will issue server certificates on-demand using the PKI backend # and re-issue them 24 hours before they expire. The CA for client # authentication is expected to be stored at secret/fabio/client-certs. # # 'vaultfetchtoken' enables fetching the vault token from a file on the filesystem or an environment # variable at the Vault refresh interval. If fetching the token from a file the 'file:[path]' syntax should be used, # if fetching the token from an env variable, the 'env:[ENV]' syntax should be used. # # cs=<name>;type=vault;cert=secret/fabio/certs;vaultfetchtoken=env:VAULT_TOKEN # # Common options # # All certificate stores support the following options: # # caupgcn: Upgrade a self-signed client auth certificate with this common-name # to a CA certificate. Typically used for self-singed certificates # for the Amazon AWS Api Gateway certificates which do not have the # CA flag set which makes them unsuitable for client certificate # authentication in Go. For the AWS Api Gateway set this value # to 'ApiGateway' to allow client certificate authentication. # This replaces the deprecated parameter 'aws.apigw.cert.cn' # which was introduced in version 1.1.5. # # Examples: # # # file based certificate source # proxy.cs = cs=some-name;type=file;cert=p/a-cert.pem;key=p/a-key.pem # # # path based certificate source # proxy.cs = cs=some-name;type=path;path=path/to/certs # # # HTTP certificate source # proxy.cs = cs=some-name;type=http;cert=https://user:pass@host:port/path/to/certs # # # Consul certificate source # proxy.cs = cs=some-name;type=consul;cert=https://host:port/v1/kv/path/to/certs?token=abc123 # # # Vault certificate source # proxy.cs = cs=some-name;type=vault;cert=secret/fabio/certs # # # Vault PKI certificate source # proxy.cs = cs=some-name;type=vault-pki;cert=pki/issue/example-dot-com # # # Multiple certificate sources # proxy.cs = cs=srcA;type=path;path=path/to/certs,\ # cs=srcB;type=http;cert=https://user:pass@host:port/path/to/certs # # # path based certificate source for AWS Api Gateway # proxy.cs = cs=some-name;type=path;path=path/to/certs;clientca=path/to/clientcas;caupgcn=ApiGateway # # The default is # # proxy.cs = # proxy.addr configures listeners. # # Each listener is configured with and address and a # list of optional arguments in the form of # # [host]:port;opt=arg;opt[=arg];... # # Each listener has a protocol which is configured # with the 'proto' option for which it routes and # forwards traffic. # # The supported protocols are: # # * http for HTTP based protocols # * https for HTTPS based protocols # * tcp for a raw TCP proxy with or witout TLS support # * tcp+sni for an SNI aware TCP proxy # * tcp-dynamic for a consul driven TCP proxy # # If no 'proto' option is specified then the protocol # is either 'http' or 'https' depending on whether a # certificate source is configured via the 'cs' option # which contains the name of the certificate source. # # The TCP+SNI proxy analyzes the ClientHello message # of TLS connections to extract the server name # extension and then forwards the encrypted traffic # to the destination without decrypting the traffic. # # General options: # # rt: Sets the read timeout as a duration value (e.g. '3s') # # wt: Sets the write timeout as a duration value (e.g. '3s') # # strictmatch: When set to 'true' the certificate source must provide # a certificate that matches the hostname for the connection # to be established. Otherwise, the first certificate is used # if no matching certificate was found. This matches the default # behavior of the Go TLS server implementation. # # pxyproto: When set to 'true' the listener will respect upstream v1 # PROXY protocol headers. # NOTE: PROXY protocol was on by default from 1.1.3 to 1.5.10. # This changed to off when this option was introduced with # the 1.5.11 release. # For more information about the PROXY protocol, please see: # http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt # # pxytimeout: Sets PROXY protocol header read timeout as a duration (e.g. '250ms'). # This defaults to 250ms if not set when 'pxyproto' is enabled. # # refresh: Sets the refresh interval to check the route table for updates. # Used when 'tcp-dynamic' is enabled. # # TLS options: # # tlsmin: Sets the minimum TLS version for the handshake. This value # is one of [ssl30, tls10, tls11, tls12] or the corresponding # version number from https://golang.org/pkg/crypto/tls/#pkg-constants # # tlsmax: Sets the maximum TLS version for the handshake. See 'tlsmin' # for the format. # # tlsciphers: Sets the list of allowed ciphers for the handshake. The value # is a quoted comma-separated list of the hex cipher values or # the constant names from https://golang.org/pkg/crypto/tls/#pkg-constants, # e.g. "0xc00a,0xc02b" or "TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" # # Examples: # # # HTTP listener on port 9999 # proxy.addr = :9999 # # # HTTP listener on IPv4 with read timeout # proxy.addr = 1.2.3.4:9999;rt=3s # # # HTTP listener on IPv6 with write timeout # proxy.addr = [2001:DB8::A/32]:9999;wt=5s # # # Multiple listeners # proxy.addr = 1.2.3.4:9999;rt=3s,[2001:DB8::A/32]:9999;wt=5s # # # HTTPS listener on port 443 with certificate source # proxy.addr = :443;cs=some-name # # # HTTPS listener on port 443 with certificate source and TLS options # proxy.addr = :443;cs=some-name;tlsmin=tls10;tlsmax=tls11;tlsciphers="0xc00a,0xc02b" # # # TCP listener on port 1234 with port routing # proxy.addr = :1234;proto=tcp # # # TCP listener on port 443 with SNI routing # proxy.addr = :443;proto=tcp+sni # # # TCP listeners using consul for config with 5 second refresh interval # proxy.addr = 0.0.0.0:0;proto=tcp-dynamic;refresh=5s # # The default is # # proxy.addr = :9999 # proxy.localip configures the ip address of the proxy which is added # to the Header configured by header.clientip and to the 'Forwarded: by=' attribute. # # The local non-loopback address is detected during startup # but can be overwritten with this property. # # The default is # # proxy.localip = # proxy.strategy configures the load balancing strategy. # # rnd: pseudo-random distribution # rr: round-robin distribution # # "rnd" configures a pseudo-random distribution by using the microsecond # fraction of the time of the request. # # "rr" configures a round-robin distribution. # # The default is # # proxy.strategy = rnd # proxy.matcher configures the path matching algorithm. # # prefix: prefix matching # glob: glob matching # iprefix: case-insensitive prefix matching # # The default is # # proxy.matcher = prefix # proxy.noroutestatus configures the response code when no route was found. # # The default is # # proxy.noroutestatus = 404 # proxy.shutdownwait configures the time for a graceful shutdown. # # After a signal is caught the proxy will immediately suspend # routing traffic and respond with a 503 Service Unavailable # for the duration of the given period. # # The default is # # proxy.shutdownwait = 0s # proxy.responseheadertimeout configures the response header timeout. # # This configures the ResponseHeaderTimeout of the http.Transport. # # The default is # # proxy.responseheadertimeout = 0s # proxy.keepalivetimeout configures the keep-alive timeout. # # This configures the KeepAliveTimeout of the network dialer. # # The default is # # proxy.keepalivetimeout = 0s # proxy.dialtimeout configures the connection timeout for # outgoing connections. # # This configures the DialTimeout of the network dialer. # # The default is # # proxy.dialtimeout = 30s # proxy.flushinterval configures periodic flushing of the # response buffer for SSE (server-sent events) connections. # They are detected when the 'Accept' header is # 'text/event-stream'. # # The default is # # proxy.flushinterval = 1s # proxy.globalflushinterval configures periodic flushing of the # response buffer for non-SSE connections. By default it is not enabled. # # The default is # # proxy.globalflushinterval = 0 # proxy.maxconn configures the maximum number of cached # incoming and outgoing connections. # # This configures the MaxIdleConnsPerHost of the http.Transport. # # The default is # # proxy.maxconn = 10000 # proxy.header.clientip configures the header for the request ip. # # The remoteIP is taken from http.Request.RemoteAddr. # # The default is # # proxy.header.clientip = # proxy.header.tls configures the header to set for TLS connections. # # When set to a non-empty value the proxy will set this header on every # TLS request to the value of ${proxy.header.tls.value} # # The default is # # proxy.header.tls = # proxy.header.tls.value = # proxy.header.requestid configures the header for the adding a unique request id. # When set non-empty value the proxy will set this header on every request to the # unique UUID value. # # The default is # # proxy.header.requestid = # proxy.header.sts.maxage enables and configures the max-age of HSTS for TLS requests. # When set greater than zero this enables the Strict-Transport-Security header # and sets the max-age value in the header. # # The default is # # proxy.header.sts.maxage = 0 # proxy.header.sts.subdomains instructs HSTS to include subdomains. # When set to true, the 'includeSubDomains' option will be added to # the Strict-Transport-Security header. # # The default is # # proxy.header.sts.subdomains = false # proxy.header.sts.preload instructs HSTS to include the preload directive. # When set to true, the 'preload' option will be added to the # Strict-Transport-Security header. # # Sending the preload directive from your site can have PERMANENT CONSEQUENCES # and prevent users from accessing your site and any of its subdomains if you # find you need to switch back to HTTP. Please read the details at # https://hstspreload.org/#removal before sending the header with "preload". # # The default is # # proxy.header.sts.preload = false # proxy.gzip.contenttype configures which responses should be compressed. # # By default, responses sent to the client are not compressed even if the # client accepts compressed responses by setting the 'Accept-Encoding: gzip' # header. By setting this value responses are compressed if the Content-Type # header of the response matches and the response is not already compressed. # The list of compressable content types is defined as a regular expression. # The regular expression must follow the rules outlined in golang.org/pkg/regexp. # # A typical example is # # proxy.gzip.contenttype = ^(text/.*|application/(javascript|json|font-woff|xml)|.*\\+(json|xml))(;.*)?$ # # The default is # # proxy.gzip.contenttype = # proxy.auth configures one or more auth schemes. # # Each auth scheme is configured with a list of # key/value options. Each source must have a unique # name which can then be referred to in a routing # rule. # # name=<name>;type=<type>;opt=arg;opt[=arg];... # # The following types of auth schemes are available: # # Basic # # The basic auth scheme leverages http basic authentication using # one htpasswd file which is loaded at startup and by default is cached until # the service exits. However, it's possible to refresh htpasswd file # periodically by setting the refresh interval with 'refresh' option. # # The 'file' option contains the path to the htpasswd file. The 'realm' # option contains realm name (optional, default is the scheme name). # The 'refresh' option can set the htpasswd file refresh interval. Minimal # refresh interval is 1s to void busy loop. # By default refresh is disabled i.e. set to zero. # # name=<name>;type=basic;file=p/creds.htpasswd;realm=foo # # Examples # # # single basic auth scheme # # name=mybasicauth;type=basic;file=p/creds.htpasswd; # # # single basic auth scheme with refresh interval set to 30 seconds # # name=mybasicauth;type=basic;file=p/creds.htpasswd;refresh=30s # # # basic auth with multiple schemes # # proxy.auth = name=mybasicauth;type=basic;file=p/creds.htpasswd # name=myotherauth;type=basic;file=p/other-creds.htpasswd;realm=myrealm # log.access.format configures the format of the access log. # # If the value is either 'common' or 'combined' then the logs are written in # the Common Log Format or the Combined Log Format as defined below: # # 'common': $remote_host - - [$time_common] "$request" $response_status $response_body_size # 'combined': $remote_host - - [$time_common] "$request" $response_status $response_body_size "$header.Referer" "$header.User-Agent" # # Otherwise, the value is interpreted as a custom log format which is defined # with the following parameters. Providing an empty format when logging is # enabled is an error. To disable access logging leave the log.access.target # value empty. # # $header.<name> - request http header (name: [a-zA-Z0-9-]+) # $remote_addr - host:port of remote client # $remote_host - host of remote client # $remote_port - port of remote client # $request - request <method> <uri> <proto> # $request_args - request query parameters # $request_host - request host header (aka server name) # $request_method - request method # $request_scheme - request scheme # $request_uri - request URI # $request_url - request URL # $request_proto - request protocol # $response_body_size - response body size in bytes # $response_status - response status code # $response_time_ms - response time in S.sss format # $response_time_us - response time in S.ssssss format # $response_time_ns - response time in S.sssssssss format # $time_rfc3339 - log timestamp in YYYY-MM-DDTHH:MM:SSZ format # $time_rfc3339_ms - log timestamp in YYYY-MM-DDTHH:MM:SS.sssZ format # $time_rfc3339_us - log timestamp in YYYY-MM-DDTHH:MM:SS.ssssssZ format # $time_rfc3339_ns - log timestamp in YYYY-MM-DDTHH:MM:SS.sssssssssZ format # $time_unix_ms - log timestamp in unix epoch ms # $time_unix_us - log timestamp in unix epoch us # $time_unix_ns - log timestamp in unix epoch ns # $time_common - log timestamp in DD/MMM/YYYY:HH:MM:SS -ZZZZ # $upstream_addr - host:port of upstream server # $upstream_host - host of upstream server # $upstream_port - port of upstream server # $upstream_request_scheme - upstream request scheme # $upstream_request_uri - upstream request URI # $upstream_request_url - upstream request URL # $upstream_service - name of the upstream service # # The default is # # log.access.format = common # log.access.target configures where the access log is written to. # # Options are 'stdout'. If the value is empty no access log is written. # # The default is # log.access.target =stdout # log.level configures the log level. # # Valid levels are TRACE, DEBUG, INFO, WARN, ERROR and FATAL. # # The default is # log.level = TRACE # log.routes.format configures the log output format of routing table updates. # # Changes to the routing table are written to the standard log. This option # configures the output format: # # detail: detailed routing table as ascii tree # delta: additions and deletions in config language # all: complete routing table in config language # # The default is # # log.routes.format = delta # registry.backend configures which backend is used. # Supported backends are: consul, static, file, custom # if custom is used fabio makes an api call to a remote system # expecting the below json response # [ # { # "cmd": "string", # "service": "string", # "src": "string", # "dest": "string", # "weight": float, # "tags": ["string"], # "opts": {"string":"string"} # } # ] # # The default is # # registry.backend = consul # registry.timeout configures how long fabio tries to connect to the registry # backend during startup. # # The default is # # registry.timeout = 10s # registry.retry configures the interval with which fabio tries to # connect to the registry during startup. # # The default is # # registry.retry = 500ms # registry.static.routes configures a static routing table. # # Example: # # registry.static.routes = \ # route add svc / http://1.2.3.4:5000/ # # The default is # # registry.static.routes = # registry.static.noroutehtmlpath configures the KV path for the HTML of the # noroutes page. # # The default is # # registry.static.noroutehtmlpath = # registry.file.path configures a file based routing table. # The value configures the path to the file with the routing table. # # The default is # # registry.file.path = # registry.file.noroutehtmlpath configures the KV path for the HTML of the # noroutes page. # # The default is # # registry.file.noroutehtmlpath = # registry.consul.addr configures the address of the consul agent to connect to. # # The default is # registry.consul.addr = 192.168.1.21:8500 # registry.consul.token configures the acl token for consul. # # The default is # # registry.consul.token = # registry.consul.tls.keyfile the path to the TLS certificate private key used for Consul communication. # # This is the full path to the TLS private key while using TLS transport to # communicate with Consul # # The default is # # registry.consul.tls.keyfile = # registry.consul.tls.certfile the path to the TLS certificate used for Consul communication. # # This is the full path to the TLS certificate while using TLS transport to # communicate with Consul # # The default is # # registry.consul.tls.certfile = # registry.consul.tls.cafile the path to the ca certificate used for Consul communication. # # This is the full path to the CA certificate while using TLS transport to # communicate with Consul # # The default is # # registry.consul.tls.cafile = # registry.consul.tls.capath the path to the folder containing CA certificates. # # This is the full path to the folder with CA certificates while using TLS transport to # communicate with Consul # # The default is # # registry.consul.tls.capath = # registry.consul.tls.insecureskipverify enable SSL verification with Consul. # # registry.consul.tls.insecureskipverify enables or disables SSL verification while using TLS transport to # communicate with Consul # # The default is # # registry.consul.tls.insecureskipverify = false # registry.consul.kvpath configures the KV path for manual routes. # # The consul KV path is watched for changes which get appended to # the routing table. This allows for manual overrides and weighted # round-robin routes. The key itself (e.g. fabio/config) and all # subkeys (e.g. fabio/config/foo and fabio/config/bar) are combined # in alphabetical order. # # The default is # # registry.consul.kvpath = /fabio/config # registry.consul.noroutehtmlpath configures the KV path for the HTML of the # noroutes page. # # The consul KV path is watched for changes. # # The default is # # registry.consul.noroutehtmlpath = /fabio/noroute.html # registry.consul.service.status configures the valid service status # values for services included in the routing table. # # The values are a comma separated list of # "passing", "warning", "critical" and "unknown" # # The default is # # registry.consul.service.status = passing # registry.consul.tagprefix configures the prefix for tags which define routes. # # Services which define routes publish one or more tags with host/path # routes which they serve. These tags must have this prefix to be # recognized as routes. # # The default is # # registry.consul.tagprefix = urlprefix- # registry.consul.register.enabled configures whether fabio registers itself in consul. # # Fabio will register itself in consul only if this value is set to "true" which # is the default. To disable registration set it to any other value, e.g. "false" # # The default is # # registry.consul.register.enabled = true # registry.consul.register.addr configures the address for the service registration. # # Fabio registers itself in consul with this host:port address. # It must point to the UI/API endpoint configured by ui.addr and defaults to its # value. # # The default is # # registry.consul.register.addr = :9998 # registry.consul.register.name configures the name for the service registration. # # Fabio registers itself in consul under this service name. # # The default is # # registry.consul.register.name = fabio # registry.consul.register.tags configures the tags for the service registration. # # Fabio registers itself with these tags. You can provide a comma separated list of tags. # # The default is # # registry.consul.register.tags = # registry.consul.register.checkInterval configures the interval for the health check. # # Fabio registers an http health check on http(s)://${ui.addr}/health # and this value tells consul how often to check it. # # The default is # # registry.consul.register.checkInterval = 1s # registry.consul.register.checkTimeout configures the timeout for the health check. # # Fabio registers an http health check on http(s)://${ui.addr}/health # and this value tells consul how long to wait for a response. # # The default is # # registry.consul.register.checkTimeout = 3s # registry.consul.register.checkTLSSkipVerify configures TLS verification for the health check. # # Fabio registers an http health check on http(s)://${ui.addr}/health # and this value tells consul to skip TLS certificate validation for # https checks. # # The default is # # registry.consul.register.checkTLSSkipVerify = false # registry.consul.register.checkDeregisterCriticalServiceAfter configures # automatic deregistration of a service after the health check is critical for # this length of time. # # Fabio registers an http health check on http(s)://${ui.addr}/health # and this value tells consul to deregister the associated service if the check # is critical for the specified duration. # # The default is # # registry.consul.register.checkDeregisterCriticalServiceAfter = 90m # registry.consul.checksRequired configures how many health checks # must pass in order for fabio to consider a service available. # # Possible values are: # one: at least one health check must pass # all: all health checks must pass # # The default is # # registry.consul.checksRequired = one # registry.consul.serviceMonitors configures the concurrency for # route updates. Fabio will make up to the configured number of # concurrent calls to Consul to fetch status data for route # updates. # # The default is # # registry.consul.serviceMonitors = 1 # registry.custom.host configures the host:port for fabio to make the API call # # The default is # # registry.custom.host = # registry.custom.scheme configures the scheme use to make the API call # must be one of http, https # # The default is # # registry.custom.scheme = https # registry.custom.checkTLSSkipVerify disables the TLS validation for the API call # # The default is # # registry.custom.checkTLSSkipVerify = false # registry.custom.timeout controls the timeout for the API call # # The default is # # registry.custom.timeout = 5s # registry.custom.pollinginterval is the length of time between API calls # # The default is # #registry.custom.pollinginterval = 10s # registry.custom.path is the path used in the custom back end API Call # # The path does not need to contain the initial '/' # # Example: # # registry.custom.path = api/v1/ # # The default is # # registry.custom.path = # registry.custom.queryparams is the query parameters used in the custom back # end API Call # # Multiple query parameters should be separated with an & # # Example: # # registry.custom.queryparams = foo=bar&bar=foo # # The default is # # registry.custom.queryparams = # glob.matching.disabled disables glob matching on route lookups # If glob matching is enabled there is a performance decrease # for every route lookup. At a large number of services (> 500) this # can have a significant impact on performance. If glob matching is disabled # Fabio performs a static string compare for route lookups. # # The default is # # glob.matching.disabled = false # metrics.target configures the backend the metrics values are # sent to. # # Possible values are: # <empty>: do not report metrics # stdout: report metrics to stdout # graphite: report metrics to Graphite on ${metrics.graphite.addr} # statsd: report metrics to StatsD on ${metrics.statsd.addr} # circonus: report metrics to Circonus (http://circonus.com/) # # The default is # # metrics.target = # metrics.prefix configures the template for the prefix of all reported metrics. # # Each metric has a unique name which is hard-coded to # # prefix.service.host.path.target-addr # # The value is expanded by the text/template package and provides # the following variables: # # - Hostname: the Hostname of the server # - Exec: the executable name of application # # The following additional functions are defined: # # - clean: lowercase value and replace '.' and ':' with '_' # # Template may include regular string parts to customize final prefix # # Example: # # Server hostname: test-001.something.com # Binary executable name: fabio # # The template variables are: # # .Hostname = test-001.something.com # .Exec = fabio # # which results to the following prefix string when using the # default template: # # test-001_something_com.fabio # # The default is # # metrics.prefix = {{clean .Hostname}}.{{clean .Exec}} # metrics.names configures the template for the route metric names. # The value i
曾经年少多少事 而今皆付谈笑中!
