Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
darkl0rd
@darkl0rd
Hey guys, anyone who can tell me whether it's possible to do a) TLS termination b) based on the SNI header route one part of the traffic (TCP) to a given backend c) when the SNI doesn't match anything, treat it as HTTP traffic and do "regular" path based routing?
I'm currently investigating several solutions for doing this - Traefik only does L7, HaProxy can do it, but there is no dynamic backend configuration - docker flow proxy seems a viable candidate, except it can't create the tcp/http mix out of the box which I described.. so I just ran into your tool this afternoon, which seems promising, but before I start fiddling again - I was hoping someone might just be able to tell me whether it's possible or not.
darkl0rd
@darkl0rd
OK - never mind either way, just discovered that Docker Swarm doesn't work either :) I'll check back on this in a few months .. back to Docker Flow Proxy I guess.
Nick Doikov
@nickdoikov

you can add something like :

hostname_matching_strategy = "regexp"
unexpected_hostname_strategy = "default"

in . sni server section

Andrew Stanton
@acstanton515

I'd like to run gobetween in AWS ECS. But having hard time figuring how to pass it a default configuration. CloudWatch logs show:

gobetween v0.5.0
open /etc/gobetween/conf/gobetween.toml: no such file or directory

I see some volume options in ECS container definition, but not seeing how I would get a config file there to map to the /etc/gobetween/conf

I saw we can tell gobetween to use URL for config file, but the Dockerfile in GitHub specifically calls command options for hardcoded path.

CMD ["/usr/bin/gobetween", "-c", "/etc/gobetween/conf/gobetween.toml"]

So when attempting to pass env variables via ECS, we get a different error

gobetween v0.5.0
Passed GOBETWEEN env var and command-line arguments: only one allowed

Would it be possible to publish a different Dockerfile tag on yyyar's account for a more ECS friendly version, like with no static file configuration passed, so we can use the environment variable approach? Or any other ideas?

Andrew Stanton
@acstanton515

Okay, I figured out the way to do this in ECS Fargate.... I'm sure there are multiple paths to doing it without requiring any work from Gobetween team. But, the way I was able to do it was to override Dockerfile CMD by defining entryPoint in the container definition which I am sure would be easy for anyone with Docker experience to think of (this is my day 2 of exploring Docker and mostly through the lens of ECS):

"containerDefinitions": [
{
...
"entryPoint": [
"/usr/bin/gobetween"
],
...
"environment": [
{
"name": "GOBETWEEN",
"value": "[\"from-url\", \"http://some.url/gobetween.toml", \"-f\", \"toml\"]"
}
...

Illarion Kovalchuk
@illarion
thank you, we will update the doc
Yaroslav Pogrebnyak
@yyyar
gobetween now on Telegram! Announcing our official Telegram group here: https://t.me/joinchat/GdlUlg_gRfchk1BORU82PA Join now! :-)
Yaroslav Pogrebnyak
@yyyar
Also, to support gobetween please submit your use case here yyyar/gobetween#161 :-) Thank you so much!
Krast
@krast
hello, I try gobetween v0.6.0. tcp loadbalance roundrobin mode not work.

[servers.krast]
protocol = "tcp"
bind = "0.0.0.0:3000"
balance = "roundrobin"

max_connections = 10000
client_idle_timeout = "10m"
backend_idle_timeout = "10m"
backend_connection_timeout = "2s"

[servers.krast.discovery]
kind = "static"
static_list = [
"127.0.0.1:4000 weight=1",
"127.0.0.1:2000 weight=1"
]

[servers.krast.healthcheck]
fails = 1
passes = 1
interval = "1s"
timeout="1s"
kind = "ping"
ping_timeout_duration = "500ms"

I expect 4000,2000 next round 4000,2000 again and again. but not working as expected.
Can I use gobetween instead of haproxy?
Krast
@krast
image.png
My test like this.
simple http backend.
Illarion Kovalchuk
@illarion
@krast yes. I confirm the bug. Will be fixed soon in 0.6.1
Dave Cottlehuber
@dch
I see you have FreeBSD binary available, but I'd like to build from sources and include in FreeBSD ports tree. I tried some minor modifications but failed to get it working.
if you're able to help further I will open an issue on github to discuss
Dave Cottlehuber
@dch
dch@wintermute /r/gobetween> git commit -am 'hack FreeBSD support'
[master 40b5817] hack FreeBSD support
 1 file changed, 1 insertion(+)
dch@wintermute /r/gobetween> gsh
commit 40b5817fbe7825f815569e0e837291cc58ab7e25 (HEAD -> master)
Author: Dave Cottlehuber <dch@skunkwerks.at>
Date:   Fri Sep 7 10:56:05 2018 +0000

    hack FreeBSD support

diff --git a/Makefile b/Makefile
index 6976501..c729bc5 100644
--- a/Makefile
+++ b/Makefile
@@ -88,6 +88,7 @@ dist:
        @#             os    arch  cgo ext
        @for arch in "linux   386  1      "  "linux   amd64 1      "  \
                                 "windows 386  0 .exe "  "windows amd64 0 .exe "  \
+                                "freebsd 386  1      "  "freebsd amd64 1      "  \
                                 "darwin  386  0      "  "darwin  amd64 0      "; \
        do \
          set -- $$arch ; \
dch@wintermute /r/gobetween> gmake deps build
rm -rf ./vendor/src
rm -rf ./vendor/pkg
rm -rf ./vendor/bin
go get -v github.com/burntsushi/toml
github.com/burntsushi/toml (download)
go get -v github.com/miekg/dns
github.com/miekg/dns (download)
go get -v github.com/fsouza/go-dockerclient
github.com/fsouza/go-dockerclient (download)
github.com/docker/docker (download)
github.com/docker/go-units (download)
github.com/sirupsen/logrus (download)
Fetching https://golang.org/x/crypto/ssh/terminal?go-get=1
Parsing meta tags from https://golang.org/x/crypto/ssh/terminal?go-get=1 (status code 200)
get "golang.org/x/crypto/ssh/terminal": found meta tag get.metaImport{Prefix:"golang.org/x/crypto", VCS:"git", RepoRoot:"https://go.googlesource.com/crypto"} at https://golang.org/x/crypto/ssh/terminal?go-get=1
get "golang.org/x/crypto/ssh/terminal": verifying non-authoritative meta tag
Fetching https://golang.org/x/crypto?go-get=1
Parsing meta tags from https://golang.org/x/crypto?go-get=1 (status code 200)
golang.org/x/crypto (download)
Fetching https://golang.org/x/sys/unix?go-get=1
Parsing meta tags from https://golang.org/x/sys/unix?go-get=1 (status code 200)
get "golang.org/x/sys/unix": found meta tag get.metaImport{Prefix:"golang.org/x/sys", VCS:"git", RepoRoot:"https://go.googlesource.com/sys"} at https://golang.org/x/sys/unix?go-get=1
get "golang.org/x/sys/unix": verifying non-authoritative meta tag
Fetching https://golang.org/x/sys?go-get=1
Parsing meta tags from https://golang.org/x/sys?go-get=1 (status code 200)
golang.org/x/sys (download)
github.com/Nvveen/Gotty (download)
github.com/docker/docker/pkg/mount
# github.com/docker/docker/pkg/mount
vendor/src/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go:40:24: undefined: p
gmake: *** [Makefile:62: deps] Error 2
Dave Cottlehuber
@dch
updating the docker/docker dependency in vendors just caused an explosion of go errors
Illarion Kovalchuk
@illarion
Interesting
I managed to build it for freebsd
just set cgo_enabled to 0, like this:
"freebsd 386 0 " "freebsd amd64 0 "
Dave Cottlehuber
@dch
illarion: I still get this (on master branch BTW)
../go/src/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go:40:24: undefined: p
is it possible you've different stuff in vendor ?
Illarion Kovalchuk
@illarion
I cleaned vendor
make clean
make deps
make dist
and I get freebsd build
Illarion Kovalchuk
@illarion
But you're right, the freebds dependency has an error - it uses undefined variable 'p'
The question is why crosscompilation doesn't use it
bintut @bintut waves
Marvin Pascual
@bintut
I wonder how to support multiple groups of backends in gobetween-0.6.0
Is it possible? Say, the first backend group is WordPress, the second backend group is nginx w/ static contents, and so on and so forth...
Illarion Kovalchuk
@illarion
@bintut so what is your question?
Marvin Pascual
@bintut
How to configure gobetween to be the reverse proxy for multiple groups of backend services?
Does gobetween support SNI for multiple backend services?
Illarion Kovalchuk
@illarion
yes sni is supported
it should be described in documentation on gobetween.io and in wiki of github project
Marvin Pascual
@bintut
I'm sorry but I can't find in the documentation how to configure multiple backends on a single gobetween
Illarion Kovalchuk
@illarion
see discovery section
Marvin Pascual
@bintut
gobetween will be listening on a single HTTPS port. How can I differentiate between different backend services? How gobetween decides that the incoming traffic is for backendA and not for backendB, and so on and so forth?
Illarion Kovalchuk
@illarion
using sni

kind = "static"

static_list = [ # (required) [

"localhost:8000 weight=5", # "<host>:<port> weight=<int>" weight=1 by default

"localhost:8001 sni=www.foo.com" # ]

]

sorry for formatting, it is hard to copy paste examples using phone
take a look at config.toml