baidu / bfe-book Goto Github PK
View Code? Open in Web Editor NEWIn-depth Understanding of BFE《深入理解BFE》(Book for BFE, a CNCF open source project. both in English and in Chinese)
License: Creative Commons Attribution 4.0 International
bfe-book's Issues
第十八章 信息的透传 疑问
透传方案
BFE在扩展模块mod_header中默认提供了捎带客户端IP地址和端口的功能。只要在BFE启动时配置加载mod_header,在转发后请求中就会包含这两个信息。
在经过BFE转发后,在请求头部会增加2个字段:
X-Real-Ip:用于传递原始的客户端IP地址
X-Real-Port:用于传递原始的客户端端口
有些人可能会考虑从“X-Forwarded-For”来获取客户端的IP地址。BFE使用独立定义的“X-Real-Ip”是为了避免“X-Forwarded-For”被伪造。如果请求在到达BFE时已经包含了“X-Real-Ip”字段,BFE会将这个字段的值重写为BFE所见的客户端IP地址,从而避免这个字段被伪造。
没明白为什么不能使用 X-Forwarded-For ,同“X-Real-Ip”处理,如果请求在到达BFE时已经包含 "X-Forwarded-For" 字段, BFE会将这个字段的值重写为BFE所见的客户端IP地址,从而避免这个字段被伪造。 有什么问题吗?
可以+一个反代HTTP2的配置示例么?
建议每个章节添加一个下一节的链接
建议每个章节添加一个下一节的链接 方便查看文档阅读
性能损耗的疑问
https://github.com/baidu/bfe-book/blob/version1/design/ideas/ideas.md?plain=1#L60
这里描述了两点bfe相比于nginx性能差的原因,但感觉网络模型也是非常重要的一点
nginx 的每个worker是基于reactor的单线程模型
对与bfe而言,是否是每来一个连接,都要开一个新的协程处理请求?
比如这里:https://github.com/bfenetworks/bfe/blob/develop/bfe_server/http_server.go#L101
当来了一波并发,基于上述goroutine-per-connection模型,要开大量的协程分别处理这些请求,此时GPM的调度,cpu上下文切换,都需要消耗大量cpu时间,导致性能降低
上述的描述基于主观猜测,望指正~
Error in the image code
In the first image of the BFE的路由转发机制 chapter. The boolean argument is enclosed in quotation marks.
req_path_prefix_in("/setting, false")
https://github.com/baidu/bfe-book/blob/version1/design/route/route.md
加了一个在线阅读版本
感谢作者分享这本书。
在线看着不方便,所以我加了一个在线阅读版本: https://chaosstudygroup.github.io/bfe-book/ 。
SniConf as string instead of array.
In Chapter 22 the following configuration is displayed:
{
"Version": "1",
"DefaultNextProtos": ["http/1.1"],
"Config": {
"example_product": {
"SniConf": "example.org",
"CertName": "example.org.cert",
"NextProtos": [
"http/1.1"
],
"Grade": "C"
}
}
}
But that throws the next error:
[EROR] [9188] (github.com/bfenetworks/bfe/bfe_server.StartUp:45) StartUp(): InitHttps():in TlsRuleConfLoad() :tls_rule_conf.BfeTlsRuleConf.Config: tls_rule_conf.TlsRuleConf.SniConf: []string: decode slice: expect [ or n, but found ", error found in #10 byte of ...|niConf": "example.org"|..., bigger context ...|ample.org"
"SniConf": "example.org",
"CertName": "example.org.cert",
The correct thing to do is to use an array:
"SniConf": ["example.org"]
BFE的转发模型 有些表述有问题?
步骤 5:确定HTTP请求所属的租户
多租户支持是BFE根据云场景所设计提供的能力。目前BFE可以根据HTTP请求头中的Host字段或HTTP请求的目标IP地址来确定租户。
在本案例中,针对HTTP请求头中demo.example.com域名,BFE找到对应的租户为demo。
这个时候拿到的http请求的目标ip地址是没有办法确定租户吧,因为这个时候拿到的http请求的目标ip地址要么是bgw的ip或者是被bgw改写的bfe的ip。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.