baidu / bfe-book Goto Github PK
View Code? Open in Web Editor NEWIn-depth Understanding of BFE《深入理解BFE》(Book for BFE, a CNCF open source project. both in English and in Chinese)
License: Creative Commons Attribution 4.0 International
In-depth Understanding of BFE《深入理解BFE》(Book for BFE, a CNCF open source project. both in English and in Chinese)
License: Creative Commons Attribution 4.0 International
house.baidu.com
In Chapter 22 the following configuration is displayed:
{
"Version": "1",
"DefaultNextProtos": ["http/1.1"],
"Config": {
"example_product": {
"SniConf": "example.org",
"CertName": "example.org.cert",
"NextProtos": [
"http/1.1"
],
"Grade": "C"
}
}
}
But that throws the next error:
[EROR] [9188] (github.com/bfenetworks/bfe/bfe_server.StartUp:45) StartUp(): InitHttps():in TlsRuleConfLoad() :tls_rule_conf.BfeTlsRuleConf.Config: tls_rule_conf.TlsRuleConf.SniConf: []string: decode slice: expect [ or n, but found ", error found in #10 byte of ...|niConf": "example.org"|..., bigger context ...|ample.org"
"SniConf": "example.org",
"CertName": "example.org.cert",
The correct thing to do is to use an array:
"SniConf": ["example.org"]
In the first image of the BFE的路由转发机制 chapter. The boolean argument is enclosed in quotation marks.
req_path_prefix_in("/setting, false")
https://github.com/baidu/bfe-book/blob/version1/design/route/route.md
感谢作者分享这本书。
在线看着不方便,所以我加了一个在线阅读版本: https://chaosstudygroup.github.io/bfe-book/ 。
建议每个章节添加一个下一节的链接 方便查看文档阅读
步骤 5:确定HTTP请求所属的租户
多租户支持是BFE根据云场景所设计提供的能力。目前BFE可以根据HTTP请求头中的Host字段或HTTP请求的目标IP地址来确定租户。
在本案例中,针对HTTP请求头中demo.example.com域名,BFE找到对应的租户为demo。
这个时候拿到的http请求的目标ip地址是没有办法确定租户吧,因为这个时候拿到的http请求的目标ip地址要么是bgw的ip或者是被bgw改写的bfe的ip。
透传方案
BFE在扩展模块mod_header中默认提供了捎带客户端IP地址和端口的功能。只要在BFE启动时配置加载mod_header,在转发后请求中就会包含这两个信息。
在经过BFE转发后,在请求头部会增加2个字段:
X-Real-Ip:用于传递原始的客户端IP地址
X-Real-Port:用于传递原始的客户端端口
有些人可能会考虑从“X-Forwarded-For”来获取客户端的IP地址。BFE使用独立定义的“X-Real-Ip”是为了避免“X-Forwarded-For”被伪造。如果请求在到达BFE时已经包含了“X-Real-Ip”字段,BFE会将这个字段的值重写为BFE所见的客户端IP地址,从而避免这个字段被伪造。
没明白为什么不能使用 X-Forwarded-For ,同“X-Real-Ip”处理,如果请求在到达BFE时已经包含 "X-Forwarded-For" 字段, BFE会将这个字段的值重写为BFE所见的客户端IP地址,从而避免这个字段被伪造。 有什么问题吗?
https://github.com/baidu/bfe-book/blob/version1/design/ideas/ideas.md?plain=1#L60
这里描述了两点bfe
相比于nginx
性能差的原因,但感觉网络模型也是非常重要的一点
nginx
的每个worker
是基于reactor
的单线程模型
对与bfe
而言,是否是每来一个连接,都要开一个新的协程处理请求?
比如这里:https://github.com/bfenetworks/bfe/blob/develop/bfe_server/http_server.go#L101
当来了一波并发,基于上述goroutine-per-connection模型
,要开大量的协程分别处理这些请求,此时GPM
的调度,cpu
上下文切换,都需要消耗大量cpu
时间,导致性能降低
上述的描述基于主观猜测,望指正~
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.