gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
0f1d3dac473ea80ae6424447ed77e6cf350866ac
solutions-tsg-scripts/roles/tfe/templates/tfe.conf.j2
zhangzhihan 198f0ab8a0 20.07
2020-07-28 14:55:32 +08:00

132 lines
2.9 KiB
Django/Jinja
Raw Blame History

[system]
nr_worker_threads={{ tfe.nr_threads }}
enable_breakpad=0
enable_breakpad_upload=0
breakpad_minidump_dir=/run/tfe/crashreport/
breakpad_upload_url=http://127.0.0.1:9000/
disable_coredump=0
[kni]
ip=192.168.100.1
cmsg_port=2475
watchdog_switch=1
watchdog_port=2476
[ssl]
ssl_max_version=tls13
ssl_min_version=ssl3
no_session_cache=0
no_session_ticket=0
log_master_key=0
trusted_cert_load_local=1
trusted_cert_file=resource/tfe/tls-ca-bundle.pem
trusted_cert_dir=resource/tfe/trusted_storage
key_log_file=log/sslkeylog.log
no_alpn=0
stek_group_num=4
stek_rotation_time=3600
service_cache_expire_seconds=600
# SSL mid cert cache
# default 0
mc_cache_enable=1
# default eth0
{% if tsg_running_type == 0 or 1 %}
mc_cache_eth={{ server.tun_name }}
{% else %}
mc_cache_eth={{ nic_inner_ctrl.name }}
{% endif %}
# default NULL
mc_cache_broker_list={{ log_kafkabrokers.address }}
# default PXY-EXCH-INTERMEDIA-CERT
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
[key_keeper]
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store
#0 on cache 1 off cache
mode= normal
no_cache=0
cert_store_host= {{ cert_store_server.address }}
cert_store_port= {{ cert_store_server.port }}
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
# health_check only for "mode=normal"
# default 1
enable_health_check=1
[debug]
passthrough_all_tcp=0
[traffic_mirror]
{% if tsg_running_type == 0 or 1 %}
device=lo
{% else %}
device={{ nic_traffic_mirror.name }}
{% endif %}
type=0
[ratelimit]
#read_rate=200000
#read_burst=200000
#write_rate=200000
#write_burst=200000
[tcp]
so_keepalive=1
tcp_keepcnt=8
tcp_keepintvl=15
tcp_keepidle=30
tcp_user_timeout=600
tcp_ttl_upstream=75
tcp_ttl_downstream=70
[log]
level=10
[stat]
statsd_server={{ fs_remote.address }}
statsd_port={{ fs_remote.port }}
statsd_cycle=5
# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
statsd_format=2
[http]
loglevel=10
[kafka]
enable=1
{% if tsg_running_type == 0 or 1 %}
nic_name={{ server.ethname }}
{% else %}
nic_name={{ nic_mgr.name }}
{% endif %}
kafka_brokerlist={{ log_kafkabrokers.address }}
kafka_topic=PROXY-EVENT-LOG
device_id_filepath=/opt/tsg/etc/tsg_sn.json
[maat]
# 0:json 1: redis 2: iris
maat_input_mode=1
table_info=resource/pangu/table_info.conf
json_cfg_file=resource/pangu/pangu_http.json
stat_file=log/pangu_scan.status
full_cfg_dir=pangu_policy/full/index/
inc_cfg_dir=pangu_policy/inc/index/
maat_redis_server={{ maat_redis_server.address }}
maat_redis_port_range={{ maat_redis_server.port }}
maat_redis_db_index={{ maat_redis_server.db }}
effect_interval_s=1
#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
accept_path=/opt/tsg/etc/tsg_device_tag.json
[dynamic_maat]
maat_input_mode=1
table_info=resource/pangu/dynamic_maat_table_info.conf
maat_redis_server={{ dynamic_maat_redis_server.address }}
maat_redis_port_range={{ dynamic_maat_redis_server.port }}
maat_redis_db_index={{ dynamic_maat_redis_server.db }}
effect_interval_s=1
Reference in New Issue View Git Blame Copy Permalink