@@ -236,6 +236,8 @@ This set of parameters is used to control the way how the backend checks will be
...
@@ -236,6 +236,8 @@ This set of parameters is used to control the way how the backend checks will be
Please be aware that the `health-check-timeout` is really short by default, so in case if `/` of the backend is slow to reply configure proper path with `health-check-http-path` to not mark such backend down too fast, before increasing the check timeout.
Please be aware that the `health-check-timeout` is really short by default, so in case if `/` of the backend is slow to reply configure proper path with `health-check-http-path` to not mark such backend down too fast, before increasing the check timeout.
Thanks to using health-check it's possible to configure failover system. By providing `health-check-failover-url` or `health-check-failover-https-url` some special backend can be used to reply in case if original backend replies with error (codes like `5xx`). As a note one can setup this failover URL like `https://failover.example.com/?p=` so that the path from the incoming request will be passed as parameter. Additionally authentication to failover URL is supported with `health-check-authenticate-to-failover-backend` and SSL Proxy verification with `health-check-failover-ssl-proxy-verify` and `health-check-failover-ssl-proxy-ca-crt`.
"description":"HTTPS URL of the failover backend if it is different from health-check-failover-url parameter. Note: It requires https-url to be configured, as otherwise the differentiation does not make sense..",
"pattern":"^(http|https|ftp)://",
"title":"Failover HTTPS Backend URL",
"type":"string"
},
"health-check-authenticate-to-failover-backend":{
"description":"If set to true the frontend certificate will be used as authentication certificate to the failover backend. Note: failover backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
"enum":[
"false",
"true"
],
"title":"Authenticate to failover backend",
"type":"string"
},
"health-check-failover-ssl-proxy-verify":{
"default":"false",
"description":"If set to true, failover backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
"enum":[
"false",
"true"
],
"title":"Verify failover backend certificates",
"type":"string"
},
"health-check-failover-ssl-proxy-ca-crt":{
"default":"",
"description":"Content of the SSL Certificate Authority file of the failover backend (to be used with health-check-failover-ssl-proxy-verify)",
"description":"Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"description":"Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = slave_instance[prefix] %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
{%- do info_dict.__setitem__('health-check-failover-port', parsed.port or DEFAULT_PORT[parsed.scheme]) %}
{%- do info_dict.__setitem__('health-check-failover-path', parsed.path) %}
{%- do info_dict.__setitem__('health-check-failover-query', parsed.query) %}
{%- do info_dict.__setitem__('health-check-failover-fragment', parsed.fragment) %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- do slave_instance.__setitem__('health-check-failover-ssl-proxy-verify', ('' ~ slave_instance.get('health-check-failover-ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- for key in ['https-only', 'websocket-transparent'] %}
{%- for key in ['https-only', 'websocket-transparent'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
...
@@ -135,6 +147,7 @@ context =
...
@@ -135,6 +147,7 @@ context =
{%- endfor %}
{%- endfor %}
{%- do slave_instance.__setitem__('strict-transport-security', int(slave_instance['strict-transport-security'])) %}
{%- do slave_instance.__setitem__('strict-transport-security', int(slave_instance['strict-transport-security'])) %}
{%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('health-check-authenticate-to-failover-backend', ('' ~ slave_instance.get('health-check-authenticate-to-failover-backend', '')).lower() in TRUE_VALUES) %}
{#- Setup active check #}
{#- Setup active check #}
{%- do slave_instance.__setitem__('health-check', ('' ~ slave_instance.get('health-check', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('health-check', ('' ~ slave_instance.get('health-check', '')).lower() in TRUE_VALUES) %}
"description":"Maps the path received in requests to given zope path. Rules are applied in the order they are given. This requires the path received from the outside world (typically: frontend) to have its root correspond to Zope's root (for frontend: 'path' parameter must be empty), with the customary VirtualHostMonster construct (for frontend: 'type' must be 'zope').",
"type":"array",
"default":[["/","/"]],
"items":{
"type":"array",
"minItems":2,
"maxItems":2,
"items":[
{
"title":"External path",
"description":"Path as received from the outside world, based on VirtualHostRoot element.",
"type":"string"
},
{
"title":"Internal path",
"description":"Zope path, based on Zope root object, the external path should correspond to. '%(site-id)s' is replaced by the site-id value, and '%%' replaced by '%'.",
"type":"string"
}
]
}
},
"tcpv4port":{
"tcpv4port":{
"$ref":"./schemas-definitions.json#/tcpv4port"
"$ref":"./schemas-definitions.json#/tcpv4port"
}
}
...
@@ -59,6 +81,42 @@
...
@@ -59,6 +81,42 @@
"uniqueItems":true,
"uniqueItems":true,
"type":"array"
"type":"array"
},
},
"activity-timeout":{
"description":"How long a CMFActivity-initiated transaction may last, in seconds",
"default":null,
"type":["number","null"]
},
"publisher-timeout":{
"description":"How long a publisher-initiated transaction may last, in seconds",
"default":null,
"type":["number","null"]
},
"family-override":{
"description":"Family-wide options, possibly overriding global options",
"description":"Override global publisher timeout",
"type":["number","null"]
}
},
"type":"object"
}
},
"type":"object"
},
"hostalias-dict":{
"hostalias-dict":{
"description":"Hostname-to-domain-name mapping",
"description":"Hostname-to-domain-name mapping",
"default":{},
"default":{},
...
@@ -154,11 +212,6 @@
...
@@ -154,11 +212,6 @@
"type":"boolean",
"type":"boolean",
"default":false
"default":false
},
},
"webdav":{
"description":"Serve webdav queries, implies timerserver-interval=0 (disabled). Mixing webdav and non-webdav nodes in a single family will give unspecified results.",
"default":false,
"type":"boolean"
},
"longrequest-logger-interval":{
"longrequest-logger-interval":{
"description":"Period, in seconds, with which LongRequestLogger polls worker thread stack traces, or -1 to disable",
"description":"Period, in seconds, with which LongRequestLogger polls worker thread stack traces, or -1 to disable",
assertRoutingEqual('second','/foo/bar',prefix+'/erp5/web_site_module/123'+vhr+'/foo/bar')# Rules match whole-elements, so the rule order does not matter to