Skip to content

Commit

Permalink
Merge pull request #785 from fabiolb/release/1.5.14
Browse files Browse the repository at this point in the history
updating documentation for pending 1.5.14 release
  • Loading branch information
nathanejohnson authored Sep 9, 2020
2 parents bbeb054 + 3e6149c commit d629d87
Show file tree
Hide file tree
Showing 6 changed files with 142 additions and 9 deletions.
39 changes: 39 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,44 @@
## Changelog

### [v1.6.14](https://github.com/fabiolb/fabio/releases/tag/v1.5.14) - 9 Sep 2020


#### Bug Fixes

* [PR #644](https://github.com/fabiolb/fabio/pull/644) - Better error handling (@danlsgiga)

* [PR #739](https://github.com/fabiolb/fabio/pull/739) - Fix infinite buffering of SSE responses when gzip is enabled (@ctlajoie)

* [PR #733](https://github.com/fabiolb/fabio/pull/733) - Add missing <svc> entry to example route (@BenjaminHerbert)

* [PR #674](https://github.com/fabiolb/fabio/pull/674) - Deprecate deregisterCriticalServiceAfter option (@pschultz)

* [PR #648](https://github.com/fabiolb/fabio/pull/648) - Issue #647 NormalizeHost (@murphymj25)

* [Issue #737](https://github.com/fabiolb/fabio/issues/737) - Preserve table state by storing buffer table in fixed strings (@leprechau)

* [PR #774](https://github.com/fabiolb/fabio/pull/774) - Documentation fixes (@Oxflotus)

* [PR #775](https://github.com/fabiolb/fabio/pull/775) - fix typo in comments (@josgraha)

* [PR #787](https://github.com/fabiolb/fabio/pull/787) - fix matchingHostNoGlob sometimes returns incorrect host (@nathanejohnson @leprechau)

#### Improvements

* [PR #626](https://github.com/fabiolb/fabio/pull/626): Add TCP Dynamic support (@murphymj25)

* [PR #635](https://github.com/fabiolb/fabio/pull/635): Add idleTimeout to config and to serve.go HTTP server (@galen0624)

* [PR #572](https://github.com/fabiolb/fabio/pull/572): Issue #558 - Add Polling Interval from Fabio to Consul to Fabio Config (@galen0624)

* [PR #615](https://github.com/fabiolb/fabio/pull/615): Issue #554 - Added compiled glob matching using LRU Cache (@galen0624 @magiconair @leprechau)

* [PR #715](https://github.com/fabiolb/fabio/pull/715): Add HTTP method and path to trace span operation name (@hobochili)

* [PR #489](https://github.com/fabiolb/fabio/pull/489): Pass encoded characters in path unchanged (@valentin-krasontovitsch)

* [PR #784](https://github.com/fabiolb/fabio/pull/784): Add https+tcp+sni listener support (@nathanejohnson)

### [v1.5.13](https://github.com/fabiolb/fabio/releases/tag/v1.5.13) - 18 Nov 2019

#### Bug Fixes
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile-goreleaser
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.10
FROM alpine:3.12
RUN apk update && apk add --no-cache ca-certificates
COPY fabio /usr/bin
ADD fabio.properties /etc/fabio/fabio.properties
Expand Down
73 changes: 67 additions & 6 deletions docs/content/faq/verifying-releases.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,67 @@ and by verifying the checksums with a GPG key.

You can verify the SHA256 checksums with the GPG key below.
You can also download it from most key servers using the ID

For fabio release 5.14 and newer:

[`76462AB9B0C185ABC66FD98F59861FC4870361CA`](http://pgp.key-server.io/search/0x76462AB9B0C185ABC66FD98F59861FC4870361CA)

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF40mfQBEADHOlocoiOY66SLZtzJjCNKFeerYH2zHNU3sLK+sHp/76MUrPV4
uDG3T6a6QK0HUKLy/hxKh/wftNCOaSYTwNVbYJ1EYBnBEgxuKNM8K5xOCKjwWrXF
J80xoXBJXXmJvOFHEoWjUnDAMVUJyf3bt0sT0vOA5OTdbd2LhimDOpeIiO/umZKp
0ZsDcjUPUuIenqnKyk4UwAfXdWxrj2g5/But1n3nasvgtEtQg9CaSloh6Zgzcy+3
I+jpCn2FLOay+THABkM+XmjSYudkIFlqsZwkB2GxwTaRXENt8QUK7i4GWVCcPN6x
gYgIz9uLZQXkkxGZvasC5fUm/W6F0pyz1wUbbizhDuBhoez3XdJdhW8nWCT6rg5M
ejgkSVoG/fqoG9SoFXeTlQjZJSc8+0pTgWsqnuwmM+eFllvORSKS7uwBNg7jvFPv
4yLGCR5bGxTX7VM4XPkLR2pUF/nHmSohiGOWpqw+PRVwOWBBMi+r4c4SckR4MMOB
NK+KJTQnildsnqw/mvf98Op4GrAtD4MQDFRKD2TSIq60qFTe6MF77P50Z33r6x5x
CPN7XYTzZKPPiHf5uWtyOvH3V+vxHX2N0zAsRADXW+Jsly/Wwt0k8Km3beaF/Jvw
AFQwneh50L5Pv+Tb+8b6xS8gvIeGPgs4lcxRDxFEcFKN58OjtDelN212cQARAQAB
tCVhZG1pbkBmYWJpb2xiLm5ldCA8YWRtaW5AZmFiaW9sYi5uZXQ+iQJUBBMBCgA+
FiEEdkYqubDBhavGb9mPWYYfxIcDYcoFAl40mfQCGwMFCQk/xgAFCwkIBwMFFQoJ
CAsFFgIDAQACHgECF4AACgkQWYYfxIcDYcqCgQ/8CfH2EBmBlHB7jlI4nFu17fqV
WTXxhuo2UcTCQ3G8at32V27FZTFq64rtY7/QmY3HyHhdn77NXzIlLDsaD07IEBpw
GFf05V1vVm/Y+DB/3vmHr+bEP5bB4RZqYz+U1cSGTEg2S3sOuz416gJdoCFN8Lin
1fHRuGfZTJ2j2oQhUsYbt+GBpPm7xtpqK4yfCd4gT2vhDzbDG9QSLMrrLh/aA6Ya
IcZZCsXpnRPhfvPrp0LuIY9Lml+EaMfNxsoXYl2W5c+BpXG93ThSLKPc8XM/7e4A
CkRWNLKihVZNDmGCIy2FIFIV9YlEIhAAtZPhsUE3rnrIUgHETPYwDvAJB4pbJrLe
bwnRuWZlYNsPZp8W4RxbQVcHpsg+sWoyAkykWxs9FbxgXEGd0+wP5tumFquyfijg
eQLnsFU7KlQA+5Rh6ulrvzMNHFBYLoPa+U1soR6Jg0hCPhkzc+6tzTrmUCg7H7+i
49szuN2KZr6k5GR+f2p9mOlnHmjJSJVULtnBQJMfTEnqzszvw9OgO1j72x7hTVRO
UQSV6NXr0GFr293iTJS1x2/zFETCZelxVwbyp0t/psDz8nv6aXMcSjzcoWgmRRcP
zpfNidLLp3Ym9XKtz7kvPI/PRTsHoO+qw6H6Kw8jMxxIv5hApCI/YOt5GFBlXmZq
hBckyt1rS0kW5zQsStS5Ag0EXjSZ9AEQAMrim1LXqnqdMJlc6sj++TZgoLeYmtSI
4n/J1AGk9/BIumJKgCL5TPvUhz7HUWjhOqhtH/1/EyxPTI25Up7QcQKb0TYG/6Gn
3mIeBsvTdPZWmwq0e7aCrTSU8bYNnuMKAFxlPPG/lu7v1QQkaPgbEMOZI7cDA7V8
TLs/uQcAjGPdu2f2mJ/m+kgjeOwud+43CF4aI2/eVd39DqjjDrRImUc3OXypE4vW
PRq2ooSnS7VE0yU3QBubdPB8Y7x7R5bDE9fgLjZ9t//bSLgZfVzZoc7TvycH9opk
zr1LD4XEdZYFWc1h7++ci+f75/QQppPto3ItK61oUnpyO5J0Bl/Ay7086xU8b5Be
mPFDVMUE8SW2a+baaDKwbYUvImSI2CwNkCuYieGuAueMkY+Coe7AdaDhtuzINkby
e9ALGGbpRi/ByURQoW9akQt+ap7I8/bdp+IFYWT8K1HFogd5y0+TYaatpnT9jJYM
64GtnDhyD2ncyLNM1a7YOn4e+WWiK8datzn962VsaSXjAPKvVROkgLoedDU9oiDm
ITDZgcsyY6ATgYmzlN2Qm8ubig1adZdGWsWzv0d9Qj8AEzsPqRVrQ6Ofc/sNi5Y3
ELSOpWUOetbKEBFYe3oA2Bu6LOqd3lcKittWke3RMkehKFqxFdmBwjcrCtIjLicv
IemWK6rAAYmJABEBAAGJAjwEGAEKACYWIQR2Riq5sMGFq8Zv2Y9Zhh/EhwNhygUC
XjSZ9AIbDAUJCT/GAAAKCRBZhh/EhwNhyrzoEACe9SVpr6TaFvIcfcvj9d4FOmiK
Tgm64SEnYDDs6JhzD3p38Ut80d6y2vg9WUMUA3dhftbAyr/rqkZghiV3UhWJGPJm
AGWVG3p5TpSPCloFUlHHMWXCJm4UAoo75ud15PYD8CtUfOYc68A7a+9f+1dC5gRy
rVjBltWshsai+CjksRlg64wGMvJL7ghcsGoxFOzU/khGvo5JZ3OzObscYLxBKPnY
sUPerHnKB63CYxNfkd2aziapE7zXqoN1ZAFKwsBp38CiuBIT+8bb6+vAy9azfW/J
mGqjn4vfBUpdTsPbRRRI3CAoUN8R5QqVCCzV6hcv2p921ZWNpO0QxaHJYq0W3mwH
ls5eJOWJwx3qZ8ZB84fnuUb1YhzNjOSJDjgE8ZJ1iHf+ZTpqNRNbsyshfPcI5FYR
/PKPXTGNTeTFAXiQ/UjxFK/UEVWs3mDfqtyvC+Z5s7jCGabPwoOvWeHGMHUWWZRv
NU+TL+pUMWY29wKsDsk7zriokCDApNnJJb52/tIzk/XHMLPBjGSoYinKYMALYbAp
6UvSeJ6cJ/+5vwXJadMyiYrsPPQiuVCUfVg6KcX6B/+2MaKoyY3s8DaZ1vFdtZcg
1tjLI383GOEuDGfUDOgrlTikgpxbT2q4Zq80aQhPD8mMlpqdTO4UWfvwwx0FPH04
5xVKlvTztaHhtaWHkg==
=b3Un
-----END PGP PUBLIC KEY BLOCK-----


For release 5.13 and older:

[`D8B19A29317E92E470D7CD67021E03CADDA53977`](http://pgp.key-server.io/search/0xD8B19A29317E92E470D7CD67021E03CADDA53977)


Expand Down Expand Up @@ -78,18 +139,18 @@ For example:

```
# This is the public key from above - one-time step.
gpg --import magiconair.asc
gpg --import fabiolb.asc
# Download the binary and signature files.
curl -OsL https://github.com/eBay/fabio/releases/download/v1.3.2/fabio-1.3.2-go1.7.1_linux-amd64
curl -OsL https://github.com/eBay/fabio/releases/download/v1.3.2/fabio-1.3.2.sha256
curl -OsL https://github.com/eBay/fabio/releases/download/v1.3.2/fabio-1.3.2.sha256.sig
curl -OsL https://github.com/fabiolb/fabio/releases/download/v1.5.14/fabio-1.5.14-go1.7.1_linux-amd64
curl -OsL https://github.com/fabiolb/fabio/releases/download/v1.5.14/fabio-1.5.14.sha256
curl -OsL https://github.com/fabiolb/fabio/releases/download/v1.5.14/fabio-1.5.14.sha256.sig
# Verify the signature file is untampered.
gpg --verify fabio-1.3.2.sha256.sig fabio-1.3.2.sha256
gpg --verify fabio-1.5.14.sha256.sig fabio-1.5.14.sha256
# Verify the SHASUM matches the binary.
shasum -a 256 -c fabio-1.3.2.sha256
shasum -a 256 -c fabio-1.5.14.sha256
```

## Note
Expand Down
1 change: 1 addition & 0 deletions docs/content/feature/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ The following list provides a list of features supported by fabio.
* [Server-Sent Events/SSE](/feature/sse/) - support for Server-Sent Events/SSE
* [TCP Proxy Support](/feature/tcp-proxy/) - raw TCP proxy support
* [TCP-SNI Proxy Support](/feature/tcp-sni-proxy/) - forward TLS connections based on hostname without re-encryption
* [HTTPS TCP-SNI Proxy Support](/feature/https-tcp-sni-proxy/) - forward TLS connections based on hostname without re-encryption, or fallback to fabio terminating TLS and path routing as a fallback
* [Traffic Shaping](/feature/traffic-shaping/) - forward N% of traffic upstream without knowing the number of instances
* [Web UI](/feature/web-ui/) - web ui to examine the current routing table
* [Websocket Support](/feature/websockets/) - websocket support
24 changes: 24 additions & 0 deletions docs/content/feature/https-tcp-sni-proxy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
title: "HTTPS TCP-SNI Proxy"
since: "1.5.14"
---

fabio can run a TCP+SNI routing proxy on a listener, and have fallback to https functionality.
This is effectively an amalgam of the TCP-SNI Proxy and the HTTPS functionality.

To enable this feature configure a listener as follows:

```
fabio -proxy.addr=':443;proto=https+tcp+sni;cs=somecertstore'
```

For host matches that are proto=tcp or have a scheme of tcp://, this will proxy TCP using SNI.

You would register your service in [Consul](https://consul.io) with a `urlprefix-` tag that
matches the host from the SNI extension for any services that should be proxied TCP (TLS
terminated by upstream). If the upstream service you'd like to proxy TCP responds to
`https://foo.com/...` then you should register a `urlprefix-foo.com/ proto=tcp` tag for this
service.

For path based matching, you would do the typical `urlprefix-/path/` and this would cause
fabio to terminate TLS using the cs= line specified in the config.
12 changes: 10 additions & 2 deletions docs/content/ref/proxy.addr.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ The supported protocols are:
* `grpcs` for GRPC+TLS based protocols
* `tcp` for a raw TCP proxy with or witout TLS support
* `tcp+sni` for an SNI aware TCP proxy
* `tcp-dynamic` for a consul driven TCP proxy
* `https+tcp+sni` for an SNI aware TCP proxy with https fallthrough

If no `proto` option is specified then the protocol
is either `http` or `https` depending on whether a
Expand Down Expand Up @@ -56,8 +58,8 @@ to the destination without decrypting the traffic.
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt

* `pxytimeout`: Sets PROXY protocol header read timeout as a duration (e.g. '250ms').
This defaults to 250ms if not set when 'pxyproto' is enabled.

This defaults to 250ms if not set when `pxyproto` is enabled.
* `refresh`: Sets the refresh interval to check the route table for updates. Used when `tcp-dynamic` is enabled.
#### TLS options

* `tlsmin`: Sets the minimum TLS version for the handshake. This value
Expand Down Expand Up @@ -104,6 +106,12 @@ to the destination without decrypting the traffic.
# TCP listener on port 443 with SNI routing
proxy.addr = :443;proto=tcp+sni

# TCP listener on port 443 with SNI routing with HTTPS fallthrough
proxy.addr = :443;proto=https+tcp+sni;cs=some-name

# TCP listeners using consul for config with 5 second refresh interval
proxy.addr = 0.0.0.0:0;proto=tcp-dynamic;refresh=5s

The default is

proxy.addr = :9999

0 comments on commit d629d87

Please sign in to comment.