Skip to content

gorouter job from cf/268

Gorouter maintains a dynamic routing table based on updates received from NATS and (when enabled) the Routing API. This routing table maps URLs to backends. The router finds the URL in the routing table that most closely matches the host header of the request and load balances across the associated backends.

Github source: 4057a140 or master branch

Properties

metron

port

The port used to emit dropsonde messages to the Metron agent.

Default
3457

nats

machines

IPs of each NATS cluster member

Example
|+
  - 192.168.50.123
  - 192.168.52.123

password

Password for NATS authentication

Example
natSpa55w0rd

port

TCP port of NATS servers

Example
4222

user

User name for NATS authentication

Example
nats

request_timeout_in_seconds

Timeout in seconds for Router -> Endpoint roundtrip.

Default
900

router

balancing_algorithm

Algorithm used to distribute requests for a route across backends. Supported values are round-robin and least-connection

Default
round-robin

cipher_suites

An ordered list of golang supported standard SSL cipher suites containing golang tls constants (https://github.com/golang/go/blob/release-branch.go1.7/src/crypto/tls/cipher_suites.go#L269-L285) separated by colons. The cipher suite will be chosen according to this order during SSL handshake

Default
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

debug_address

Address at which to serve debug info

Default
127.0.0.1:17002

dns_health_check_host

Host to ping for confirmation of DNS resolution, only used when Routing API is enabled

Default
consul.service.cf.internal

drain_wait

Delay in seconds after shut down is initiated before server stops listening. During this time the server will reject requests to the /health endpoint. This accommodates requests forwarded by a load balancer until it considers the router unhealthy.

Default
20

enable_access_log_streaming

Enables streaming of access log to syslog.

Default
false

enable_proxy

Enables support for the popular PROXY protocol, allowing downstream load balancers that do not support HTTP to pass along client information.

Default
false

enable_ssl

When enabled, Gorouter will listen on port 443 and terminate TLS for requests received on this port.

Default
false

extra_headers_to_log

An array of headers that access log events will be annotated with

Default
[]

force_forwarded_proto_https

Enables setting X-Forwarded-Proto header if SSL termination happened upstream and incorrectly set the header value. When this property is set to true gorouter sets the header X-Forwarded-Proto to https. When this value set to false, gorouter set the header X-Forwarded-Proto to the protocol of the incoming request

Default
false

healthcheck_user_agent

DEPRECATED. Use /health endpoint on port specified by status.port. User-Agent for the health check agent (usually the Load Balancer).

Default
HTTP-Monitor/1.1
Example
ELB-HealthChecker/1.0

isolation_segments

Routes with these isolation segments will be registered. Used in combination with routing_table_sharding_mode.

Default
[]

load_balancer_healthy_threshold

Time period in seconds to wait until declaring the router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.

Default
20

logging_level

Log level for router

Default
info

logrotate

freq_min

The frequency in minutes which logrotate will rotate VM logs

Default
5
rotate

The number of files that logrotate will keep around on the VM

Default
7
size

The size at which logrotate will decide to rotate the log file

Default
2M

max_idle_connections

Maximum total idle keepalive connections to backends. When 0, support for keepalive connections is disabled. Maximum idle connections per backend is 100.

Default
0

number_of_cpus

Number of CPUs to utilize, the default (-1) will equal the number of available CPUs

Default
-1

offset

Default
0

port

Listening Port for Router.

Default
80

requested_route_registration_interval_in_seconds

On startup, the router will delay listening for requests by this duration to increase likelihood that it has a complete routing table before serving requests. The router also broadcasts the same duration as a recommended interval to registering clients via NATS. This must be less than 60, otherwise monit will mark the process as failed.

Default
20

route_services_recommend_https

Route Services are told where to send requests after processing using the X-CF-Forwarded-Url header. When this property is true, the scheme for this URL is https. When false, the scheme is http. As requests from Route Services to applications on CF transit load balancers and gorouter, disable this property for deployments that have TLS termination disabled.

Default
true

route_services_secret

Support for route services is disabled when no value is configured. A robust passphrase is recommended.

Default
""

route_services_secret_decrypt_only

To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again.

Default
""

route_services_timeout

Expiry time of a route service signature in seconds

Default
60

routing_table_sharding_mode

all: all routes will be registered. shared-and-segments: both routes for the configured isolation segments and those that do not have an isolation segment specified will be registered. segments: only routes for the configured isolation segments will be registered.

Default
all

secure_cookies

Set secure flag on http cookies

Default
false

ssl_cert

The public ssl cert for ssl termination

Default
""

ssl_key

The private ssl key for ssl termination

Default
""

ssl_skip_validation

Skip validation of TLS certificates received from route services and UAA

Default
false

status

password

Password for HTTP basic auth to the /varz and /routes endpoints.

port

Port for the /health, /varz, and /routes endpoints.

Default
8080
user

Username for HTTP basic auth to the /varz and /routes endpoints.

Default
router-status

suspend_pruning_if_nats_unavailable

Suspend pruning of routes when NATs is unavailable and maintain the current routing table. WARNING: This strategy favors availability over consistency and there is a possibility of routing to an incorrect endpoint in the case of port re-use. To be used with caution.”

Default
false

trace_key

If the X-Vcap-Trace request header is set and has this value, trace headers are added to the response.

Default
22

tracing

enable_zipkin

Enables the addition of the X-B3-Trace-Id header to incoming requests. If the header already exists on the incoming request, it will not be overwritten.

Default
false

routing_api

auth_disabled

When false, Routing API requires OAuth tokens for authentication.

Default
false

enabled

When enabled, GoRouter will fetch HTTP routes from the Routing API in addition to routes obtained via NATS.

Default
false

port

Port on which Routing API is running.

Default
3000

uri

URL where the routing API can be reached internally

Default
http://routing-api.service.cf.internal

uaa

ca_cert

Certificate authority for communication between clients and uaa.

Default
""

clients

gorouter
secret

Password for UAA client for the gorouter.

ssl

port

Secure Port on which UAA is running.

token_endpoint

UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.

Default
uaa.service.cf.internal

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/gorouter/ directory (learn more).

  • bin/dns_health_check (from dns_health_check.erb)
  • bin/drain (from drain)
  • bin/gorouter_ctl (from gorouter_ctl)
  • bin/post-start (from post-start.erb)
  • bin/publish_to_nats (from publish_to_nats.erb)
  • bin/run_gorouter (from run_gorouter.erb)
  • config/cert.pem (from cert.pem.erb)
  • config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
  • config/gorouter.yml (from gorouter.yml.erb)
  • config/gorouter_logrotate.cron (from gorouter_logrotate.cron.erb)
  • config/key.pem (from key.pem.erb)
  • config/logrotate.conf (from logrotate.conf.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.