github.com/anycable/anycable-go@v1.5.1/docs/configuration.md (about) 1 # AnyCable-Go configuration 2 3 You can configure AnyCable-Go via CLI options, e.g.: 4 5 ```sh 6 $ anycable-go --rpc_host=localhost:50051 --headers=cookie \ 7 --redis_url=redis://localhost:6379/5 --redis_channel=__anycable__ \ 8 --host=localhost --port=8080 9 ``` 10 11 Or via the corresponding environment variables (i.e. `ANYCABLE_RPC_HOST`, `ANYCABLE_REDIS_URL`, etc.). 12 13 ## Primary settings 14 15 Here is the list of the most commonly used configuration parameters. 16 17 **NOTE:** To see all available options run `anycable-go -h`. 18 19 --- 20 21 **--host**, **--port** (`ANYCABLE_HOST`, `ANYCABLE_PORT` or `PORT`) 22 23 Server host and port (default: `"localhost:8080"`). 24 25 **--path** (`ANYCABLE_PATH`) 26 27 WebSocket endpoint path (default: `"/cable"`). 28 29 You can specify multiple paths separated by commas. 30 31 You can also use wildcards (at the end of the paths) or path placeholders: 32 33 ```sh 34 anycable-go --path="/cable,/admin/cable/*,/accounts/{tenant}/cable" 35 ``` 36 37 **--allowed_origins** (`ANYCABLE_ALLOWED_ORIGINS`) 38 39 Comma-separated list of hostnames to check the Origin header against during the WebSocket Upgrade. 40 Supports wildcards, e.g., `--allowed_origins=*.evilmartians.io,www.evilmartians.com`. 41 42 **--broadcast_adapter** (`ANYCABLE_BROADCAST_ADAPTER`, default: `redis`) 43 44 [Broadcasting adapter](./broadcasting.md) to use. Available options: `redis` (default), `redisx`, `nats`, and `http`. 45 46 When HTTP adapter is used, AnyCable-Go accepts broadcasting requests on `:8090/_broadcast`. 47 48 You can also enable multiple adapters at once by specifying them separated by commas. 49 50 **--broker** (`ANYCABLE_BROKER`, default: `none`) 51 52 [Broker](./broker.md) adapter to use. 53 54 **--pubsub** (`ANYCABLE_PUBSUB`, default: `none`) 55 56 Pub/Sub adapter to use to distribute broadcasted messages within the cluster (when non-distributed broadcasting adapter is used). **Required for broker**. 57 58 **--streams_secret** (`ANYCABLE_STREAMS_SECRET`) 59 60 A secret key used to verify [signed_streams](./signed_streams.md). If not set, the `--secret` setting is used (see below). 61 62 ## RPC settings 63 64 **--rpc_host** (`ANYCABLE_RPC_HOST`) 65 66 RPC service address (default: `"localhost:50051"`). You can also specify the scheme part to indicate which RPC protocol to use, gRPC or HTTP (gRPC is assumed by default). See below for more details on [HTTP RPC](#http-rpc). 67 68 **--norpc** (`ANYCABLE_NORPC=true`) 69 70 This setting disables the RPC component completely. That means, you can only use AnyCable in a standalone mode (with [JWT authentication](./jwt_identification.md) and [signed streams](./signed_streams.md)). 71 72 **--headers** (`ANYCABLE_HEADERS`) 73 74 Comma-separated list of headers to proxy to RPC (default: `"cookie"`). 75 76 **--proxy-cookies** (`ANYCABLE_PROXY_COOKIES`) 77 78 Comma-separated list of cookies to proxy to RPC (default: all cookies). 79 80 ## Security/access settings 81 82 **--secret** (`ANYCABLE_SECRET`) 83 84 A common secret key used by the following components (unless a specific key is specified): [JWT authentication](./jwt_identification.md), [signed streams](./signed_streams.md). 85 86 **--broadcast_key** (`ANYCABLE_BROADCAST_KEY`) 87 88 A secret key used to authenticate broadcast requests. See [broadcasting docs](./broadcasting.md). You can use the special "none" value to disable broadcasting authentication. 89 90 **--noauth** (`ANYCABLE_NOAUTH=true`) 91 92 This setting disables client authentication checks (so, anyone is allowed to connect). Use it with caution. **NOTE**: if you use _enforced_ JWT authentication, the `--noauth` option has no effect. 93 94 **--public_streams** (`ANYCABLE_PUBLIC_STREAMS=true`) 95 96 Setting this value allows direct subscribing to streams using unsigned names (see more in the [signed streams docs](./signed_streams.md)). 97 98 **--public** (`ANYCABLE_PUBLIC=true`) 99 100 This is a shortcut to specify both `--noauth`, `--public_streams` and `--broadcast_key=none`, so you can use AnyCable without any protection. **Do not do this in production**. 101 102 ## HTTP API 103 104 **--http_broadcast_port** (`ANYCABLE_HTTP_BROADCAST_PORT`, default: `8090`) 105 106 You can specify on which port to receive broadcasting requests (NOTE: it could be the same port as the main HTTP server listens to). 107 108 ## Redis configuration 109 110 **--redis_url** (`ANYCABLE_REDIS_URL` or `REDIS_URL`) 111 112 Redis URL to connect to (default: `"redis://localhost:6379/5"`). Used by the corresponding pub/sub, broadcasting, and broker adapters. 113 114 **--redis_channel** (`ANYCABLE_REDIS_CHANNEL`) 115 116 Redis channel for broadcasting (default: `"__anycable__"`). When using the `redisx` adapter, it's used as a name of the Redis stream. 117 118 **--redis_disable_cache** (`ANYCABLE_REDIS_DISABLE_CACHE`) 119 120 Disable [`CLIENT TRACKING`](https://redis.io/commands/client-tracking/) (it could be blocked by some managed Redis providers). 121 122 ## NATS configuration 123 124 **--nats_servers** (`ANYCABLE_NATS_SERVERS`) 125 126 The list of [NATS][] servers to connect to (default: `"nats://localhost:4222"`). Used by the corresponding pub/sub, broadcasting, and broker adapters. 127 128 **--nats_channel** (`ANYCABLE_NATS_CHANNEL`) 129 130 NATS channel for broadcasting (default: `"__anycable__"`). 131 132 ## Logging settings 133 134 **--log_level** (`ANYCABLE_LOG_LEVEL`) 135 136 Logging level (default: `"info"`). 137 138 **--debug** (`ANYCABLE_DEBUG`) 139 140 Enable debug mode (more verbose logging). 141 142 ## Presets 143 144 AnyCable-Go comes with a few built-in configuration presets for particular deployments environments, such as Heroku or Fly. The presets are detected and activated automatically. As an indication, you can find a line in the logs: 145 146 ```sh 147 INFO ... context=config Loaded presets: fly 148 ``` 149 150 To disable automatic presets activation, provide `ANYCABLE_PRESETS=none` environment variable (or pass the corresponding option to the CLI: `anycable-go --presets=none`). 151 152 **NOTE:** Presets do not override explicitly provided configuration values. 153 154 ### Preset: fly 155 156 Automatically activated if all of the following environment variables are defined: `FLY_APP_NAME`, `FLY_REGION`, `FLY_ALLOC_ID`. 157 158 The preset provide the following defaults: 159 160 - `host`: "0.0.0.0" 161 - `http_broadcast_port`: `$PORT` (set to the same value as the main HTTP port). 162 - `broadcast_adapter`: "http" (unless Redis is configured) 163 - `enats_server_addr`: "nats://0.0.0.0:4222" 164 - `enats_cluster_addr`: "nats://0.0.0.0:5222" 165 - `enats_cluster_name`: "\<FLY_APP_NAME\>-\<FLY_REGION\>-cluster" 166 - `enats_cluster_routes`: "nats://\<FLY_REGION\>.\<FLY_APP_NAME\>.internal:5222" 167 - `enats_gateway_advertise`: "\<FLY_REGION\>.\<FLY_APP_NAME\>.internal:7222" (**NOTE:** You must set `ANYCABLE_ENATS_GATEWAY` to `nats://0.0.0.0:7222` and configure at least one gateway address manually to enable gateways). 168 169 Also, [embedded NATS](./embedded_nats.md) is enabled automatically if no other pub/sub adapter neither Redis is configured. Similarly, pub/sub, broker and broadcast adapters using embedded NATS are configured automatically, too. Thus, by default, AnyCable-Go setups a NATS cluster automatically (within a single region), no configuration is required. 170 171 If the `ANYCABLE_FLY_RPC_APP_NAME` env variable is provided, the following defaults are configured as well: 172 173 - `rpc_host`: "dns:///\<FLY_REGION\>.\<ANYCABLE_FLY_RPC_APP_NAME\>.internal:50051" 174 175 ### Preset: heroku 176 177 Automatically activated if all of the following environment variables are defined: `HEROKU_DYNO_ID`, `HEROKU_APP_ID`. **NOTE:** These env vars are defined only if the [Dyno Metadata feature](https://devcenter.heroku.com/articles/dyno-metadata) is enabled. 178 179 The preset provides the following defaults: 180 181 - `host`: "0.0.0.0". 182 - `http_broadcast_port`: `$PORT` (to make HTTP endpoint accessible from other applications). 183 184 ## Per-client settings 185 186 A client MAY override default values for the settings listed below by providing the corresponding parameters in the WebSocket URL query string: 187 188 - `?pi=<seconds>`: ping interval (overrides `--ping_interval`). 189 - `?ptp=<s | ms | ns>`: ping timestamp precision (overrides `--ping_timestamp_precision`). 190 191 For example, using the following URL, you can set the ping interval to 10 seconds and the timestamp precision to milliseconds: 192 193 ```txt 194 ws://localhost:8080/cable?pi=10&ptp=ms 195 ``` 196 197 ## TLS 198 199 To secure your `anycable-go` server provide the paths to SSL certificate and private key: 200 201 ```sh 202 anycable-go --port=443 -ssl_cert=path/to/ssl.cert -ssl_key=path/to/ssl.key 203 204 => INFO time context=http Starting HTTPS server at 0.0.0.0:443 205 ``` 206 207 If your RPC server requires TLS you can enable it via `--rpc_enable_tls` (`ANYCABLE_RPC_ENABLE_TLS`). 208 209 If RPC server uses certificate issued by private CA, then you can pass either its file path or PEM contents with `--rpc_tls_root_ca` (`ANYCABLE_RPC_TLS_ROOT_CA`). 210 211 If RPC uses self-signed certificate, you can disable RPC server certificate verification by setting `--rpc_tls_verify` (`ANYCABLE_RPC_TLS_VERIFY`) to `false`, but this is insecure, use only in test/development. 212 213 ## Disconnect settings 214 215 AnyCable-Go notifies an RPC server about disconnected clients asynchronously with a rate limit. We do that to allow other RPC calls to have higher priority (because _live_ clients are usually more important) and to avoid load spikes during mass disconnects (i.e., when a server restarts). 216 217 That could lead to the situation when the _disconnect queue_ is overwhelmed, and we cannot perform all the `Disconnect` calls during server shutdown. Thus, **RPC server may not receive all the disconnection events** (i.e., `disconnect` and `unsubscribed` callbacks in your code). 218 219 If you rely on `disconnect` callbacks in your code, you can tune the default disconnect queue settings to provide better guarantees\*: 220 221 **--disconnect_rate** (`ANYCABLE_DISCONNECT_RATE`) 222 223 The max number of `Disconnect` calls per-second (default: 100). 224 225 **--disconnect_timeout** (`ANYCABLE_DISCONNECT_TIMEOUT`) 226 227 The number of seconds to wait before forcefully shutting down a disconnect queue during the server graceful shutdown (default: 5). 228 229 Thus, the default configuration can handle a backlog of up to 500 calls. By increasing both values, you can reduce the number of lost disconnect notifications. 230 231 **--disconnect_mode** (`ANYCABLE_DISCONNECT_MODE`) 232 233 This parameter defines when a Disconnect call should be made for a session. The default is "auto", which means that the Disconnect call is made only if we detected the client _interest_ in it. Currently, we only skip Disconnect calls for sessions authenticated via [JWT](./jwt_identification.md) and using [signed streams](./signed_streams.md) (Hotwire or CableReady). 234 235 Other available modes are "always" and "never". Thus, to disable Disconnect call completely, use `--disconnect_mode=never`. 236 237 Using `--disconnect_mode=always` is useful when you have some logic in the `ApplicationCable::Connetion#disconnect` method and you want to invoke it even for JWT and signed streams sessions. 238 239 **NOTE:** AnyCable tries to make a Disconnect call for active sessions during the server shutdown. However, if the server is killed with `kill -9` or crashes, the disconnect queue is not flushed, and some disconnect events may be lost. If you experience higher queue sizes during deployments, consider increasing the shutdown timeout by tuning the `--shutdown_timeout` parameter. 240 241 ### Slow drain mode 242 243 <p class="pro-badge-header"></p> 244 245 AnyCable-Go PRO provides the **slow drain** mode for disconnecting clients during shutdown. When it is enabled, AnyCable do not try to disconnect all active clients as soon as a shutdown signal is received. Instead, spread the disconnects over the graceful shutdown period. This way, you can reduce the load on AnyCable servers during deployments (i.e., avoid the _thundering herd_ situation). 246 247 You can enable this feature by providing the `--shutdown_slowdrain` option or setting the `ANYCABLE_SHUTDOWN_SLOWDRAIN` environment variable to `true`. You should see the following log message on shutdown indicating that the slow drain mode is enabled: 248 249 ```sh 250 INFO 2023-08-04T07:16:14.339Z context=node Draining 1234 active connections slowly for 24.7s 251 ``` 252 253 The actual _drain period_ is slightly less than the shutdown timeout—we need to reserve some time to complete RPC calls. Also, there is a maximum interval between disconnects (500ms), so we don't wait too long when the number of clients is not that big. 254 255 ## GOMAXPROCS 256 257 We use [automaxprocs][] to automatically set the number of OS threads to match Linux container CPU quota in a virtualized environment, not a number of _visible_ CPUs (which is usually much higher). 258 259 This feature is enabled by default. You can opt-out by setting `GOMAXPROCS=0` (in this case, the default Go mechanism of defining the number of threads is used). 260 261 You can find the actual value for GOMAXPROCS in the starting logs: 262 263 ```sh 264 INFO 2022-06-30T03:31:21.848Z context=main Starting AnyCable 1.2.0-c4f1c6e (with mruby 1.2.0 (2015-11-17)) (pid: 39705, open file limit: 524288, gomaxprocs: 8) 265 ``` 266 267 [automaxprocs]: https://github.com/uber-go/automaxprocs 268 [NATS]: https://nats.io