gorouter job from cf/235

The Router maintains a list of live routes for the applications running on each DEA. The Router load balances requests (based on their Host header) between each application instance registered for a specific route. It requires to be behind a load balancer that can terminate SSL connections.

Github source: edc3e3c9 or master branch

Properties¶

dropsonde¶

enabled¶

Enable the dropsonde emitter library

Default

false

metron_endpoint¶

dropsonde_port¶

The port used to emit dropsonde messages to the Metron agent.

Default

3457

host¶

The host used to emit messages to the Metron agent.

Default

127.0.0.1

port¶

The port used to emit legacy messages to the Metron agent.

Default

3456

nats¶

machines¶

IP of each NATS cluster member.

password¶

port¶

user¶

request_timeout_in_seconds¶

Timeout in seconds for Router -> Endpoint roundtrip.

Default

900

router¶

cipher_suites¶

An ordered list of supported SSL cipher suites containing golang tls constants separated by colons The cipher suite will be chosen according to this order during SSL handshake

Default

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA

debug_addr¶

Address at which to serve debug info

Default

0.0.0.0:17001

dns_health_check_host¶

Host to ping for confirmation of DNS resolution, only used when Routing API is enabled

Default

consul.service.cf.internal

drain_wait¶

Delay in seconds after drain begins before server stops listening. During this time the server will respond with 503 Service Unavailable to requests having header User-Agent: HTTP-Monitor/1.1. This accommodates requests in transit sent while health check responded ok.

Default

0

enable_access_log_streaming¶

Enables streaming of access log to syslog. Warning: this comes with a performance cost; due to higher I/O, max request rate is reduced.

Default

false

enable_ssl¶

Enable ssl termination on the router

Default

false

extra_headers_to_log¶

A list of headers that log events will be annotated with

Default

[]

logging_level¶

Log level for router

Default

info

logrotate¶

freq_min¶

The frequency in minutes which logrotate will rotate VM logs

Default

5

rotate¶

The number of files that logrotate will keep around on the VM

Default

7

size¶

The size at which logrotate will decide to rotate the log file

Default

2M

number_of_cpus¶

Number of CPUs to utilize, the default (-1) will equal the number of available CPUs

Default

-1

offset¶

Default

0

port¶

Listening Port for Router.

Default

80

requested_route_registration_interval_in_seconds¶

On startup, the router will delay listening for requests by this duration to increase likelihood that it has a complete routing table before serving requests. The router also broadcasts the same duration as a recommended interval to registering clients via NATS.

Default

20

route_services_recommend_https¶

Route Services are told where to send requests after processing using the X-CF-Forwarded-Url header. When this property is true, the scheme for this URL is https. When false, the scheme is http. As requests from Route Services to applications on CF transit load balancers and gorouter, disable this property for deployments that have TLS termination disabled.

Default

true

route_services_secret¶

Support for route services is disabled when no value is configured. A robust passphrase is recommended.

Default

""

route_services_secret_decrypt_only¶

To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again.

Default

""

route_services_timeout¶

Expiry time of a route service signature in seconds

Default

60

secure_cookies¶

Set secure flag on http cookies

Default

false

skip_oauth_tls_verification¶

Skip TLS verification when talking to UAA

Default

false

ssl_cert¶

The public ssl cert for ssl termination

Default

""

ssl_key¶

The private ssl key for ssl termination

Default

""

ssl_skip_validation¶

Skip SSL client cert validation

Default

false

status¶

password¶

Password for HTTP basic auth to the varz/status endpoint.

port¶

Port for the Router varz/status endpoint.

Default

8080

user¶

Username for HTTP basic auth to the varz/status endpoint.

trace_key¶

If the X-Vcap-Trace request header is set and has this value, trace headers are added to the response.

Default

22

routing-api¶

auth_disabled¶

Disables UAA authentication

Default

false

port¶

Port on which routing-api is running.

Default

3000

routing_api¶

enabled¶

Enable the GoRouter to receive routes from the Routing API

Default

false

uaa¶

clients¶

gorouter¶

secret¶

Password for UAA client for the gorouter.

port¶

Port on which UAA is running.

Default

8080

ssl¶

port¶

Secure Port on which UAA is running.

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/gorouter/ directory (learn more).

• bin/dns_health_check (from dns_health_check.erb)
• bin/drain (from drain)
• bin/gorouter_ctl (from gorouter_ctl.erb)
• config/cert.pem (from cert.pem.erb)
• config/gorouter.yml (from gorouter.yml.erb)
• config/gorouter_logrotate.cron (from gorouter_logrotate.cron.erb)
• config/key.pem (from key.pem.erb)
• config/logrotate.conf (from logrotate.conf.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• common
• gorouter