Nothing Special   »   [go: up one dir, main page]

Skip to content

Protocols

Illarion Kovalchuk edited this page Jul 24, 2020 · 20 revisions

TCP

Default protocol for gobetween is tcp. Anyway, you can specify it explicitly in config:

[servers.default]
protocol = "tcp"

TLS

(since 0.4.0)

You can configure gobetween to listen TLS and perform TLS termination so traffic would be decrypted and passed through TCP to backends.

You just need to set you server protocol to tls and configure tls section:

#(since 0.6.0)
#
## Acme (letsencrypt) configuration.
## Letsencrypt allows server obtain free TLS certificates automagically.
## See https://letsencrypt.org for details.
##
## Each server that requires acme certificates should have acme_hosts configured in tls section.
#
[acme]                           # (optional)
challenge = "http"               # (optional) http | sni | dns
http_bind = "0.0.0.0:80"         # (optional) It is possible to bind to other port, but letsencrypt will send requests to http(80) anyway
cache_dir = "/tmp"               # (optional) directory to put acme certificates

[servers.default]
protocol = "tls"

  [servers.default.tls]             # (required) if protocol == "tls"
  cert_path = "/path/to/file.crt"   # (required) path to crt file
  key_path = "/path/to/file.key"    # (required) path to key file
  min_version = "tls1"              # (optional) "ssl3" | "tls1" | "tls1.1" | "tls1.2" - minimum allowed tls version
  max_version = "tls1.2"            # (optional) maximum allowed tls version
  ciphers = []                      # (optional) list of supported ciphers. Empty means all supported. For a list see https://golang.org/pkg/crypto/tls/#pkg-constants
  prefer_server_ciphers = false     # (optional) if true server selects server's most preferred cipher
  session_tickets = true            # (optional) if true enables session tickets

  # since (0.6.0) either following parameters should be set, or both cert_path and key_path
  acme_hosts = []                   # (*optional) list of acme hosts, to provide certificates for

UDP

(since 0.4.0)

You can configure gobetween to listen and balance UDP traffic.

You just need to set you server protocol to udp and configure optional udp section:

[servers.default]
protocol = "udp"
  [servers.default.udp] # (optional)
  max_requests  = 0     # (optional) if > 0 accepts no more requests than max_requests and closes session (since 0.5.0)
  max_responses = 0     # (required) if > 0 accepts no more responses that max_responses from backend and closes session (will be optional since 0.5.0)
  transparent = false   # (optional) [NOTE: does not work for Windows] if true - work in transparent mode, when forwarded udp packets have client source address (requires additional host configuration) (since 0.8.0)

UDP is sessionless protocol, working on level of individual packets, but in order to support multiple packets exchange, gobetween associates elected backend with client address. This association ("session") is dropped if client_idle_timeout or backend_idle_timeout is overdue, or if there were more than max_responses responses from backend, or more than max_requests from the client.

(since 0.6.0) If neither client_idle_timeout nor backend_idle_timeout are specified, and no max_requests and max_responses as well, UDP 'sessions' will be tracked forever and gobetween memory footprint will grow. Starting from version 0.6.0 gobetween forbids such configuration and requires to add timeouts or request/response limits.

(since 0.6.0) Fire and forget mode If max_requests set to 1, gobetween uses special "fire and forget" mode, when it does not create association (session), selects backend each time packet is received from any client, transmits that one packet to backend and doesn't wait for responses. Please note that since 0.8.0 gobetween caches connections to backends in this mode, this may increase memory consumption.

Note: UDP supports only exec healthcheck type (before 0.7.0). Since 0.7.0 UDP supports exec and probe healthcheck types

(since 0.8.0) Gobetween supports transparent mode (with transparent = true). In this mode go-between forwards packets without changing source address, so that responses are sent directly from the backend to the packets origin and backends see original IP. This setup may not work if there's no route available from the backend server to original client. NOTE Transparent mode is not available for Windows. More information: Transparent UDP proxy