-
Notifications
You must be signed in to change notification settings - Fork 28
/
proxy.toml
118 lines (94 loc) · 3.37 KB
/
proxy.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# workdir = "./work"
[proxy]
# addr = "0.0.0.0:6000"
# advertise-addr = ""
# tcp-keep-alive = true
# possible values:
# "" => disable proxy protocol.
# "v2" => accept proxy protocol if any, require backends to support proxy protocol.
# proxy-protocol = ""
# graceful-wait-before-shutdown is recommanded to be set to 0 when there's no other proxy(e.g. NLB) between the client and TiProxy.
# possible values:
# 0 => begin to drain clients immediately.
# 30 => HTTP status returns unhealthy and the SQL port accepts new connections for the last 30 seconds. After that, refuse new connections and drain clients.
# graceful-wait-before-shutdown = 0
# graceful-close-conn-timeout is recommanded to be set longer than the lifecycle of a transaction.
# possible values:
# 0 => force closing connections immediately.
# 15 => close connections when they have finished current transactions (AKA drain clients). After 15s, force closing all the connections.
graceful-close-conn-timeout = 15
# possible values:
# "" => enable static routing.
# "pd-addr:pd-port" => automatically tidb discovery.
# pd-addrs = "127.0.0.1:2379"
# possible values:
# 0 => no limitation.
# 100 => accept as many as 100 connections.
# max-connections = 0
# It's a tradeoff between memory and performance.
# possible values:
# 0 => default value
# 1K to 16M
# conn-buffer-size = 0
[api]
# addr = "0.0.0.0:3080"
# enable HTTP basic auth or not.
#
# enable-basic-auth = false
# user = ""
# password = ""
# same as [proxy.proxy-protocol], but for HTTP port
# proxy-protocol = ""
[log]
# level = "info"
# possible values:
# "tidb" => formats used by tidb, check https://github.com/tikv/rfcs/blob/master/text/0018-unified-log-format.md.
# "json" => structured json formats.
# "console" => log format for human.
# encoder = "tidb"
[log.log-file]
# non-empty filename will enable logging to file.
#
# filename = ""
# max-size = 300
# max-days = 3
# max-backups = 3
[security]
# tls object is either of type server, client, or peer
# [xxxx]
# ca = "ca.pem"
# cert = "c.pem"
# key = "k.pem"
# auto-certs = true # mostly used by tests. It will generate certs if no cert/key is specified.
# rsa-key-size = 4096 # generated RSA keysize if auto-certs is enabled.
# autocert-expire-duration = "72h" # default expire duration for auto certs.
# skip-ca = true
# min-tls-version = "1.1" # specify minimum TLS version
# client object:
# 1. requires: ca or skip-ca(skip verify server certs)
# 2. optionally: cert/key will be used if server asks, i.e. server-side client verification
# 3. useless/forbid: auto-certs
# server object:
# 1. requires: cert/key or auto-certs(generate a temporary cert, mostly for testing)
# 2. optionally: ca will enable server-side client verification. If skip-ca is true with non-empty ca, server will only verify clients if it can provide any cert. Otherwise, clients must provide a cert.
# client object
[security.cluster-tls]
# access to other components like TiDB or PD, will use this
# skip-ca = true
# client object
[security.sql-tls]
# access to TiDB SQL(4000) port will use this
skip-ca = true
# server object
[security.server-tls]
# proxy SQL port will use this
# auto-certs = true
# server object
[security.server-http-tls]
# proxy HTTP port will use this
# auto-certs = true
# require-backend-tls = false
[advance]
# ignore-wrong-namespace = true
[balance]
# policy = "resource"