github.com/technosophos/deis@v1.7.1-0.20150915173815-f9005256004b/docs/customizing_deis/router_settings.rst (about) 1 :title: Customizing router 2 :description: Learn how to tune custom Deis settings. 3 4 .. _router_settings: 5 6 Customizing router 7 ========================= 8 The following settings are tunable for the :ref:`router` component. 9 10 Dependencies 11 ------------ 12 Requires: :ref:`builder <builder_settings>`, :ref:`controller <controller_settings>`, :ref:`store-gateway <store_gateway_settings>` 13 14 Required by: none 15 16 Considerations: none 17 18 Settings set by router 19 -------------------------- 20 The following etcd keys are set by the router component, typically in its /bin/boot script. 21 22 ============================= =================================================================================== 23 setting description 24 ============================= =================================================================================== 25 /deis/router/hosts/$HOST IP address and port of the host running this router (there can be multiple routers) 26 ============================= =================================================================================== 27 28 Settings used by router 29 --------------------------- 30 The following etcd keys are used by the router component. 31 32 ======================================= ================================================================================================================================================================================================================================================================================================================================== 33 setting description 34 ======================================= ================================================================================================================================================================================================================================================================================================================================== 35 /deis/builder/host host of the builder component (set by builder) 36 /deis/builder/port port of the builder component (set by builder) 37 /deis/config/\*/deis_whitelist comma separated list of IPs (or CIDR) allowed to connect to the application containers (set by controller) Example: "0.0.0.0:some_optional_label,10.0.0.0/8" 38 /deis/controller/host host of the controller component (set by controller) 39 /deis/controller/port port of the controller component (set by controller) 40 /deis/domains/\* domain configuration for applications (set by controller) 41 /deis/router/affinityArg for requests with the indicated query string variable, hash its contents to perform session affinity (default: undefined) 42 /deis/router/bodySize nginx body size setting (default: 1m) 43 /deis/router/defaultTimeout default timeout value in seconds. Should be greater then the frontfacing load balancers timeout value (default: 1300) 44 /deis/router/builder/timeout/connect proxy_connect_timeout for deis-builder (default: 10000). Unit in miliseconds 45 /deis/router/builder/timeout/tcp proxy_timeout for deis-builder (default: 1200000). Unit in miliseconds 46 /deis/router/controller/timeout/connect proxy_connect_timeout for deis-controller (default: 10m) 47 /deis/router/controller/timeout/read proxy_read_timeout for deis-controller (default: 20m) 48 /deis/router/controller/timeout/send proxy_send_timeout for deis-controller (default: 20m) 49 /deis/router/controller/whitelist comma separated list of IPs (or CIDR) allowed to connect to the controller (default: not set) Example: "0.0.0.0:some_optional_label,10.0.0.0/8" 50 /deis/router/enforceHTTPS redirect all HTTP traffic to HTTPS (default: false) 51 /deis/router/enforceWhitelist deny all connections unless specifically whitelisted (default: false) 52 /deis/router/firewall/enabled nginx naxsi firewall enabled (default: false) 53 /deis/router/firewall/errorCode nginx default firewall error code (default: 400) 54 /deis/router/errorLogLevel nginx error_log level (default: error) Valid options: debug, info, notice, warn, error, crit, alert, emerg 55 /deis/router/gzip nginx gzip setting (default: on) 56 /deis/router/gzipCompLevel nginx gzipCompLevel setting (default: 5) 57 /deis/router/gzipDisable nginx gzipDisable setting (default: "msie6") 58 /deis/router/gzipHttpVersion nginx gzipHttpVersion setting (default: 1.1) 59 /deis/router/gzipMinLength nginx gzipMinLength setting (default: 256) 60 /deis/router/gzipProxied nginx gzipProxied setting (default: any) 61 /deis/router/gzipTypes nginx gzipTypes setting (default: "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component") 62 /deis/router/gzipVary nginx gzipVary setting (default: on) 63 /deis/router/gzipDisable nginx gzipDisable setting (default: "msie6") 64 /deis/router/gzipTypes nginx gzipTypes setting (default: "application/x-javascript application/xhtml+xml application/xml application/xml+rss application/json text/css text/javascript text/plain text/xml") 65 /deis/router/hsts/enabled enable HTTP Strict Transport Security headers for HTTPS requests (default: false) 66 /deis/router/hsts/maxAge maximum number of seconds user agents should observe HSTS rewrites (default: 10886400) 67 /deis/router/hsts/includeSubDomains enforce HSTS for requests on all subdomains (default: false) 68 /deis/router/hsts/preload allow the domain to be included in the HSTS preload list (default: false) 69 /deis/router/maxWorkerConnections maximum number of simultaneous connections that can be opened by a worker process (default: 768) 70 /deis/router/serverNameHashMaxSize nginx server_names_hash_max_size setting (default: 512) 71 /deis/router/serverNameHashBucketSize nginx server_names_hash_bucket_size (default: 64) 72 /deis/router/sslCert cluster-wide SSL certificate 73 /deis/router/sslCiphers cluster-wide enabled SSL ciphers 74 /deis/router/sslKey cluster-wide SSL private key 75 /deis/router/sslDhparam cluster-wide SSL dhparam 76 /deis/router/sslProtocols nginx ssl_protocols setting (default: TLSv1 TLSv1.1 TLSv1.2) 77 /deis/router/sslSessionCache nginx ssl_session_cache setting (default: not set) 78 /deis/router/sslSessionTickets nginx ssl_session_tickets setting (default: on) 79 /deis/router/sslSessionTimeout nginx ssl_session_timeout setting (default: 10m) 80 /deis/router/sslBufferSize nginx ssl_buffer_size setting (default: 4k) 81 /deis/router/workerProcesses nginx number of worker processes to start (default: auto i.e. available CPU cores) 82 /deis/router/proxyProtocol nginx PROXY protocol enabled 83 /deis/router/proxyRealIpCidr nginx IP with CIDR used by the load balancer in front of deis-router (default: 10.0.0.0/8) 84 /deis/services/* healthy application containers reported by deis/publisher 85 /deis/store/gateway/host host of the store gateway component (set by store-gateway) 86 /deis/store/gateway/port port of the store gateway component (set by store-gateway) 87 ======================================= ================================================================================================================================================================================================================================================================================================================================== 88 89 Using a custom router image 90 --------------------------- 91 You can use a custom Docker image for the router component instead of the image 92 supplied with Deis: 93 94 .. code-block:: console 95 96 $ deisctl config router set image=myaccount/myimage:latest 97 98 This will pull the image from the public Docker registry. You can also pull from a private 99 registry: 100 101 .. code-block:: console 102 103 $ deisctl config router set image=registry.mydomain.org:5000/myaccount/myimage:latest 104 105 Be sure that your custom image functions in the same way as the `stock router image`_ shipped with 106 Deis. Specifically, ensure that it sets and reads appropriate etcd keys. 107 108 .. _`stock router image`: https://github.com/deis/deis/tree/master/router 109 110 111 .. _proxy_protocol: 112 113 PROXY Protocol 114 -------------- 115 116 PROXY is a simple protocol supported by nginx, HAProxy, Amazon ELB, and others. It provides a method 117 to obtain information about the original requests IP address sent to a load 118 balancer in front of Deis :ref:`router`. 119 120 The Protocol works by prepending, for example, the following to the request: 121 122 .. code-block:: text 123 124 PROXY TCP4 129.164.129.164\r\n 125 126 The :ref:`router` will pick up the IP information and forward it to the application in the 127 ``X-Forwarded-For`` header. 128 129 Load Balancers supporting the HTTP protocol may not need this, except in cases where one would run 130 WebSockets on a Load Balancer without support for WebSockets (for example AWS ELB) and one also 131 wants to know the IP address of the original request.