bfenetworks / bfe Goto Github PK

View Code? Open in Web Editor NEW

6.1K 203.0 941.0 45.27 MB

A modern layer 7 load balancer from baidu

Home Page: https://www.bfe-networks.net

License: Apache License 2.0

Makefile 0.14% Go 99.68% Yacc 0.11% HTML 0.01% Dockerfile 0.04% Shell 0.03%

bfe reverse-proxy load-balancer adc golang cncf

bfe's People

Contributors

Stargazers

Watchers

Forkers

0x7e unlimitedheaven helloliupan walllam githubljy l3ngd0n everlp s-xq kcodemaker mengfanqi 2betop cnlisea liuhongyu847433389 bfe-quality anymost lovejoy seven7777777 xudch iyangsj jdgou allensmile geshuning 0xccsec amdfansheng czfdlut jansci621 charliecaolucky changshoumeng davidleeux hadoop835 taoyuanyuan jingliming isgasho weipengsun kaiyuzheng wisre koalacxr theburn blake-li kodo-0000 hujter aitinan xuxueyun-one webqdguoxiuxiu neuyilan kerrigell okwindows johntech-o ares2013 super-rain cw2030 chaossir hewen1125 sdgdsffdsfff tianxinheihei lxq2537664558 ruanjian2007 yangqingxin1993 flamingstar bobgithubcom coder081 happileming nibelun donlinfeng zjw940419 wjtian tovi163 dut-yangliu ksharpdabu xuqinhaow khalily zengzifeng fossabot hevervie yanshuai615270 luohuan1994 ikingye anlinsa gholdzhang zengquan seaninshanghai jaczhao xianglongxiang zgy666 zhanglei oh8 linuxzhaoli highavailabilitylab ollcp mengzhuo perseveringin qianqiuyitong soarpenguin wangjianze gangliao shengbinxu ma3k4h3d arctanx999 lh6868 leglorious

bfe's Issues

mod_mirror

Description:

mirror of an original request by creating background request. Responses to mirror subrequests are ignored.

咨询下这个开源的bfe中是否包含gtc的外网调度能力？

之前在一些介绍材料中了解到BFE除了本身组件外，还有两个核心的调度组件，一个GSLB，另外一个GTC组件，这个开源的版本中，GTC外网调度能力是否包含？

bfe_tls: support security grade A+

Grade A+

Meets the requirement of Grade A
TLS version >= 1.2

这也没有一个可用的文档或者daemon学习?

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

好歹给点使用文档和范例呀

mod_logid: random logid

changes to logid:

change logid to a string value in length of 32
generated from 16 random bytes and encoded in hex format

mod_access doc: description of log fields

Add description of log fields for mod_access

not support tcp proxy?

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

mod_compress

compress response depending on the defined rules

question: how to reload the rules of route if I putted new rule?

For example this file:

https://github.com/baidu/bfe/blob/develop/conf/server_data_conf/route_rule.data

I add some new ProductRule rule, do I need to reload the bef to make the new rule take effect?

mod_key_log

Write key logs in NSS key log format so that external
programs(eg. wireshark) can decrypt TLS connections for trouble shooting.

Log format:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

mod_trace

Description:

Support OpenTracing for distributed tracing.

Reference:

Hash related condition primitive

req_cip_hash_in(patterns)
req_header_value_hash_in(header_name, patterns, case_insensitive)
req_cookie_value_hash_in(key, patterns, case_insensitive)
req_query_value_hash_in(key, patterns, case_insensitive)

mod_secure_link

Protect resources from unauthorized access by adding encoded data like the hash of a specific part of the URL.

https://github.com/baidu/bfe/blob/develop/docs/zh_cn/SUMMARY.md 这个页面的一些链接错了哦

https://github.com/baidu/bfe/blob/develop/docs/zh_cn/bfe_config/bfe.conf.md => https://github.com/baidu/bfe/blob/develop/docs/zh_cn/configuration/bfe.conf.md

reverseproxy：flush response header immediately if flushInterval<0

During response forward phase, if flushInterval <0, just flush response header after write

mod_acme

Description:

Use an ACME provider (like Let's Encrypt) for automatic certificate generation.

Reference:

https://go-acme.github.io/lego/

Default value for cluster config

Set default value of cluster configuration items to Reduce configuration costs:

BackendConf

TimeoutConnSrv: 2000 // 2 sec
TimeoutResponseHeader: 60000 // 60 sec
MaxIdleConnsPerHost: 0
RetryLevel: 0

CheckConf

Schem: "http",
Uri: "/health_check",
Host: "",
StatusCode: 0,
FailNum: 5,
CheckInterval: 1000

GslbBasic

CrossRetry: 0
RetryMax: 2
HashStrategy: 0
SessionSticky: false

ClusterBasic

TimeoutReadClient: 30000 // 30s
TimeoutWriteClient: 60000 // 60s
TimeoutReadClientAgain: 60000 // 60s
ReqWriteBufferSize: 512 // 512B
ReqFlushInterval: 0
ResFlushInterval: -1
CancelOnClientClose: false

mod_access: support CLF format

Description：

Add builtin RequestTemplate：COMMON

Reference:

https://www.w3.org/Daemon/User/Config/Logging.html#common-logfile-format

metrics: compatible with prometheus

expose metrics in prometheus text-based format
See: https://prometheus.io/docs/instrumenting/exposition_formats/

mod_header doc: description of variables

Add description of variables for mod_header

mod_access: update log fields

Remove following fields:

req_content_len
res_content_len
http
client_read_time
cluster_time

Rename following fields:

body_len_in -> req_body_len
body_len_out -> res_body_len
uri -> url

Contain related condition primitive

req_header_value_contain()
req_cookie_value_contain()
req_query_value_contain()

mod_userid

Description:

Sets cookies suitable for client identification.

Format of data config:

{
    Version: "version_num",
    Config: {
        "product1": [
             {
                 "Cond": "cond_expression",
                 "Params": {
                     "Name": "UID",
                     "Domain": "example.org",
                     "Path": "/",
                     "Expire": 31536000
                 }
             }
         ]
    }
}

mod_prison

Limit the amount of connections/requests a user can make in a given period of time.

bfe_stream: log verbose information when connection finished

log verbose information:

vip of connection
sni of connection
backend ip
duration

Add license compliance check into development workflow

Add license scanning, dependency analysis & intelligent compliance
into development workflow.

balance: optimize lock of BalTable

Use Rlock for read operation on BalTable (Lookup/GetState, etc)

mod_http_code

Maintain basic status about request/response forwarded

mod_access

Writes information about client sessions/requests in the access log

Rename the bfe_ prefix

Because the project name is BFE, and start with the bfe string, then the custom go modules are also named bfe_xxx, it is a redundant naming rule.

Default value for bfe core config

Set default value of core config items to Reduce configuration costs:

[server]
httpPort = 8080
httpsPort = 8443
monitorPort = 8299
maxCpus = 0
layer4LoadBalancer = ""
tlsHandshakeTimeout = 30
clientReadTimeout = 60
clientWriteTimeout = 60
keepAliveEnabled = true
gracefulShutdownTimeout = 10
maxHeaderBytes = 1048576
maxHeaderUriBytes = 8192

hostRuleConf = server_data_conf/host_rule.data
vipRuleConf = server_data_conf/vip_rule.data
routeRuleConf = server_data_conf/route_rule.data
clusterConf = server_data_conf/cluster_conf.data
nameConf = server_data_conf/name_conf.data

clusterTableConf = cluster_conf/cluster_table.data
gslbConf = cluster_conf/gslb.data

monitorInterval = 20
debugServHttp = false
debugBfeRoute = false
debugBal = false
debugHealthCheck = false

[httpsBasic]
serverCertConf = tls_conf/server_cert_conf.data
tlsRuleConf = tls_conf/tls_rule_conf.data

cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256|TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
cipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA
cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
cipherSuites=TLS_RSA_WITH_RC4_128_SHA
cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA

curvePreferences=CurveP256
enableSslv2ClientHello = true
clientCABaseDir = tls_conf/client_ca

[sessionCache]
sessionCacheDisabled = true
servers = ""
keyPrefix = "bfe"
connectTimeout = 50
readTimeout = 50
writeTimeout = 50
maxIdle = 20
sessionExpire = 3600

[sessionTicket]
sessionTicketsDisabled = true
sessionTicketKeyFile = tls_conf/session_ticket_key.data