http_proxy

This server provides http proxy, including http forward and http connect.

The following common keys are supported:

• escaper

• auditor

• user_group

• shared_logger

• listen_in_worker

• tls_server

• tls ticketer

• tcp_sock_speed_limit

• ingress_network_filter

• dst_host_filter_set

• dst_port_filter

• tcp_copy_buffer_size

• tcp_copy_yield_size

• tcp_misc_opts

• task_idle_check_interval

• task_idle_max_count

• flush_task_log_on_created

• flush_task_log_on_connected

• task_log_flush_interval

• extra_metrics_tags

The auth scheme supported by the server is determined by the type of the specified user group.

auth scheme	user group type	is supported
Basic	hashed_user	yes
Negotiate	gss_api	not yet

listen

optional, type: tcp listen

Set the listen config for this server.

The instance count setting will be ignored if listen_in_worker is correctly enabled.

default: not set

Added in version 1.7.20: change listen config to be optional

local_server_name

optional, type: host | seq

Set a list of local server names.

A request will be treated as a local request if:

• no local server name set

  The URL in HTTP header is relative

• local server name has been set

  The method is not CONNECT and the server name in Host request header matches the local server name

It is recommended to set local server name if you want to enable well-known URI support.

Added in version 1.11.5.

server_id

optional, type: http server id

Set the server id. If set, the header X-BD-Remote-Connection-Info will be added to response.

default: not set

auth_realm

optional, type: ascii str

Set the auth realm.

default: proxy

username_params

optional, type: username_params

Allow to extract egress path info from username params.

default: not set

Added in version 1.13.0.

tls_client

optional, type: openssl tls client config

Set TLS client parameters for https forward requests.

default: set with default value

ftp_client

optional, type: ftp client config

Set the ftp client config for FTP over Http requests.

default: set with default value

req_header_recv_timeout

optional, type: humanize duration

Set the max time to wait a full request header after the client connection become readable.

default: 30s

rsp_header_recv_timeout

optional, type: humanize duration

Set the max time duration after the full request sent and before receive of the whole response header.

default: 60s

req_header_max_size

optional, type: humanize usize

Set the max request header size.

default: 64KiB

rsp_header_max_size

optional, type: humanize usize

Set the max response header size.

default: 64KiB

log_uri_max_chars

optional, type: usize

Set the max number of characters of uri should be logged in logs.

The user level config value will take effect if set, see this user config option.

default: 1024

pipeline_size

optional, type: nonzero usize

Set the pipeline size for HTTP 1.0/1.1.

default: 10

Note

We only pipeline requests with no body.

pipeline_read_idle_timeout

optional, type: humanize duration

Set the idle timeout of the client side IDLE http connections.

default: 5min

no_early_error_reply

optional, type: bool

Set to true if no error reply should be sent out before user auth succeeded, the connection will be just closed in such case.

default: false

allow_custom_host

optional, type: bool

Set if custom Host header is allowed. If set to false, the Host header in http headers should have the same domain or ip address with the one in the request method line.

default: true

Note

we don’t require the Host header to be present in http headers no matter what have been set for this

drop_default_port_in_host

optional, type: bool

Set if the default port in Host header should be dropped before sent to upstream.

The default ports are:

• HTTP 80

• HTTPS 443

default: false

Added in version 1.11.10.

body_line_max_length

optional, type: int

Set the max line length for lines (trailer and chunk size) in http body.

default: 8192

http_forward_upstream_keepalive

optional, type: http keepalive

Set http keepalive config at server level.

default: set with default value

http_forward_mark_upstream

optional, type: bool

If set, the header X-BD-Upstream-Id header will be added to the response from upstream, with the value to be server_id. Local generated response will not contains this header.

default: false

echo_chained_info

optional, type: bool

Set whether to add custom header in response that provides chained information about the direct connection to upstream.

The custom headers are:

• X-BD-Upstream-Addr

• X-BD-Outgoing-IP

default: false

untrusted_read_speed_limit

optional, type: tcp socket speed limit

Enable untrusted read of the body of requests with no auth info, and set the read rate limit.

Set this if you need to be compatible with buggy java http clients which won’t handle the 407 error response in time.

default: not set, which means untrusted read is disabled

untrusted_read_limit

deprecated

Changed in version 1.11.8: deprecated, use untrusted_read_speed_limit instead

egress_path_selection_header

optional, type: str, alias: path_selection_header

Set the http custom header name to be used for path selection.

default: not set

steal_forwarded_for

optional, type: bool

Set if we should delete the Forwarded and X-Forwarded-For headers from the client’s request.

Note

If you want to remove those headers from https traffic, you need to enable TLS interception and also set this in auditor’s h1 interception config.

default: false