-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathhelios.docker.yaml
More file actions
114 lines (105 loc) · 3.91 KB
/
helios.docker.yaml
File metadata and controls
114 lines (105 loc) · 3.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
server:
port: 8080 # Port for the proxy server
tls:
enabled: false # Enable TLS/SSL termination
certFile: "certs/cert.pem" # Path to TLS certificate file
keyFile: "certs/key.pem" # Path to TLS private key file
timeouts:
read: 15 # ReadTimeout in seconds (protects against slow-read attacks)
write: 15 # WriteTimeout in seconds (prevents slow writes)
idle: 60 # IdleTimeout in seconds (keep-alive timeout)
handler: 30 # Handler timeout in seconds (end-to-end request timeout)
shutdown: 30 # Graceful shutdown timeout in seconds
backend_dial: 10 # Backend connection dial timeout in seconds
backend_read: 30 # Backend response read timeout in seconds
backend_idle: 90 # Backend idle connection timeout in seconds
backends:
- name: "server1"
address: "http://backend1:8080"
weight: 5
- name: "server2"
address: "http://backend2:8080"
weight: 2
- name: "server3"
address: "http://backend3:8080"
weight: 1
load_balancer:
strategy: "ip_hash" # Options: "round_robin", "least_connections", "weighted_round_robin", "ip_hash", "ip_hash_consistent"
# ip_hash: Fast, perfect distribution, but 90% remapping on scale (breaks sessions)
# ip_hash_consistent: Jump Hash - 50% slower, minimal remapping (13%), good for stateful apps
websocket_pool:
enabled: true # Enable WebSocket connection pooling
max_idle: 10 # Maximum idle connections per backend
max_active: 100 # Maximum active connections per backend (0 = unlimited)
idle_timeout_seconds: 300 # Idle connection timeout (5 minutes)
health_checks:
active:
enabled: true
interval: 10 # Interval in seconds
timeout: 7 # Timeout in seconds
path: "/"
passive:
enabled: true
unhealthy_threshold: 3 # Number of failures before marking as unhealthy
unhealthy_timeout: 30 # Time in seconds to keep backend unhealthy
rate_limit:
enabled: true
max_tokens: 100 # Maximum tokens in bucket
refill_rate_seconds: 1 # Refill rate in seconds
circuit_breaker:
enabled: true
max_requests: 5 # Max requests in half-open state
interval_seconds: 60 # Time window for failure counting
timeout_seconds: 60 # Time to wait before moving from open to half-open
failure_threshold: 5 # Number of failures to open circuit
success_threshold: 2 # Number of successes to close circuit
admin_api:
enabled: true
port: 9091 # Port for admin API server
auth_token: "change-me" # JWT token for authentication (change in production)
# IP-based access control (optional)
# ip_allow_list:
# - "127.0.0.1" # Allow localhost
# - "192.168.1.0/24" # Allow local network
# - "10.0.0.0/8" # Allow private network
# ip_deny_list:
# - "203.0.113.0/24" # Block specific subnet
metrics:
enabled: true
port: 9090 # Port for metrics server
path: "/metrics" # Path for metrics endpoint
logging:
level: "info" # Log level: debug, info, warn, error
format: "text" # Log format: text (console) or json (machine-readable)
include_caller: false # Include file and line number in logs
request_id:
enabled: true # Auto-generate and propagate request IDs
header: "X-Request-ID" # Header name for request ID
trace:
enabled: true # Enable distributed tracing
header: "X-Trace-ID" # Header name for trace ID
plugins:
enabled: true
chain:
- name: logging
- name: size_limit
config:
max_request_body: 10485760 # 10MB in bytes
max_response_body: 52428800 # 50MB in bytes
- name: gzip
config:
level: 5 # Compression level (1-9, default: 5)
min_size: 1024 # Minimum response size to compress (bytes, default: 1024)
content_types:
- "text/html"
- "text/css"
- "text/plain"
- "application/json"
- "application/javascript"
- "application/xml"
- name: headers
config:
set:
X-App: Helios
request_set:
X-From: LB