Documentation ¶
Index ¶
- Constants
- Variables
- func ConfBasicCheck(cfg *ConfigBasic, confRoot string) error
- func ConfSessionCacheCheck(cfg *ConfigSessionCache, confRoot string) error
- func ConfSessionTicketCheck(cfg *ConfigSessionTicket, confRoot string) error
- func GetCipherSuites(cipherConf []string) ([]uint16, []uint16, error)
- func GetCurvePreferences(curveConf []string) ([]bfe_tls.CurveID, error)
- func GetTlsVersion(cfg *ConfigHttpsBasic) (maxVer, minVer uint16)
- func LoadClientCAFile(path string) (*x509.CertPool, error)
- func SetDefaultConf(conf *BfeConfig)
- type BfeConfig
- type ConfigBasic
- type ConfigHttpsBasic
- type ConfigSessionCache
- type ConfigSessionTicket
Constants ¶
View Source
const ( BalancerProxy = "PROXY" // layer4 balancer working in PROXY mode (eg. F5, Ctrix, ELB etc) BalancerNone = "NONE" // layer4 balancer not used )
View Source
const (
EquivCipherSep = "|" // separator for equivalent ciphers string
)
View Source
const (
// LibrarySuffix defines BFE plugin's file suffix.
LibrarySuffix = ".so"
)
Variables ¶
View Source
var CipherSuitesMap = map[string]uint16{ "TLS_RSA_WITH_RC4_128_SHA": bfe_tls.TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA": bfe_tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA": bfe_tls.TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA": bfe_tls.TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": bfe_tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA": bfe_tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": bfe_tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": bfe_tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": bfe_tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": bfe_tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": bfe_tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": bfe_tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, }
View Source
var CurvesMap = map[string]bfe_tls.CurveID{ "CurveP256": bfe_tls.CurveP256, "CurveP384": bfe_tls.CurveP384, "CurveP521": bfe_tls.CurveP521, }
View Source
var TlsVersionMap = map[string]uint16{ "VersionSSL30": bfe_tls.VersionSSL30, "VersionTLS10": bfe_tls.VersionTLS10, "VersionTLS11": bfe_tls.VersionTLS11, "VersionTLS12": bfe_tls.VersionTLS12, }
Functions ¶
func ConfBasicCheck ¶
func ConfBasicCheck(cfg *ConfigBasic, confRoot string) error
func ConfSessionCacheCheck ¶
func ConfSessionCacheCheck(cfg *ConfigSessionCache, confRoot string) error
func ConfSessionTicketCheck ¶
func ConfSessionTicketCheck(cfg *ConfigSessionTicket, confRoot string) error
func GetTlsVersion ¶
func GetTlsVersion(cfg *ConfigHttpsBasic) (maxVer, minVer uint16)
func LoadClientCAFile ¶
LoadClientCAFile loads client ca certificate in PEM format
func SetDefaultConf ¶
func SetDefaultConf(conf *BfeConfig)
Types ¶
type BfeConfig ¶
type BfeConfig struct { // basic server config Server ConfigBasic // basic https config HttpsBasic ConfigHttpsBasic // session cache config SessionCache ConfigSessionCache // session cache config SessionTicket ConfigSessionTicket }
type ConfigBasic ¶
type ConfigBasic struct { HttpPort int // listen port for http HttpsPort int // listen port for https MonitorPort int // web server port for monitor MaxCpus int // number of max cpus to use AcceptNum int // number of accept goroutine for each listener, default 1 MonitorEnabled bool // web server for monitor enable or not // settings of layer-4 load balancer Layer4LoadBalancer string // settings of communicate with http client TlsHandshakeTimeout int // tls handshake timeout, in seconds ClientReadTimeout int // read timeout, in seconds ClientWriteTimeout int // read timeout, in seconds GracefulShutdownTimeout int // graceful shutdown timeout, in seconds MaxHeaderBytes int // max header length in bytes in request MaxHeaderUriBytes int // max URI(in header) length in bytes in request MaxProxyHeaderBytes int // max header length in bytes in Proxy protocol KeepAliveEnabled bool // if false, client connection is shutdown disregard of http headers Modules []string // modules to load Plugins []string // plugins to load // location of data files for bfe_route HostRuleConf string // path of host_rule.data VipRuleConf string // path of vip_rule.data RouteRuleConf string // path of route_rule.data // location of other data files ClusterTableConf string // path of cluster_table.data GslbConf string // path of gslb.data ClusterConf string // path of cluster_conf.data NameConf string // path of name_conf.data // interval MonitorInterval int // interval for getting diff of proxy-state DebugServHttp bool // whether open server http debug log DebugBfeRoute bool // whether open bferoute debug log DebugBal bool // whether open bal debug log DebugHealthCheck bool // whether open health check debug log }
func (*ConfigBasic) Check ¶
func (cfg *ConfigBasic) Check(confRoot string) error
func (*ConfigBasic) SetDefaultConf ¶
func (cfg *ConfigBasic) SetDefaultConf()
type ConfigHttpsBasic ¶
type ConfigHttpsBasic struct { ServerCertConf string // config for server cert and key TlsRuleConf string // config for server tls rule CipherSuites []string // supported cipher suites CurvePreferences []string // curve preference MaxTlsVersion string // max tls version supported MinTlsVersion string // min tls version supported EnableSslv2ClientHello bool // support sslv2 client hello for backward compatibility ClientCABaseDir string // client root CAs base directory ClientCRLBaseDir string // client cert CRL base directory }
func (*ConfigHttpsBasic) Check ¶
func (cfg *ConfigHttpsBasic) Check(confRoot string) error
func (*ConfigHttpsBasic) SetDefaultConf ¶
func (cfg *ConfigHttpsBasic) SetDefaultConf()
SetDefaultConf sets default value of ConfigHttpsBasic. Note: DO NOT initialize multi-value fields (eg. CipherSuites/CurvePreferences)
type ConfigSessionCache ¶
type ConfigSessionCache struct { // disable tls session cache or not SessionCacheDisabled bool // address for redis servers Servers string // prefix for cache key KeyPrefix string // config for connection (ms) ConnectTimeout int ReadTimeout int WriteTimeout int // max idle connections in pool MaxIdle int // expire time for tls session state (s) SessionExpire int }
func (*ConfigSessionCache) Check ¶
func (cfg *ConfigSessionCache) Check(confRoot string) error
func (*ConfigSessionCache) SetDefaultConf ¶
func (cfg *ConfigSessionCache) SetDefaultConf()
type ConfigSessionTicket ¶
type ConfigSessionTicket struct { // disable session cache or not SessionTicketsDisabled bool // session ticket key (in hex format) SessionTicketKeyFile string }
func (*ConfigSessionTicket) Check ¶
func (cfg *ConfigSessionTicket) Check(confRoot string) error
func (*ConfigSessionTicket) SetDefaultConf ¶
func (cfg *ConfigSessionTicket) SetDefaultConf()
Click to show internal directories.
Click to hide internal directories.