Skip to content

Configuration file

This is the default mfserv configuration file.

###################
##### STARTUP #####
###################
[startup]

# If flag=0, block the start of the module
flag=1


#######################
##### AUTORESTART #####
#######################
[autorestart]

# If flag=1, then the autorestart feature is on
flag=1


################
##### MISC #####
################
[misc]

# Max coredumps size (value for `ulimit -c`;
# if core_size=-1, `ulimit -c` is not set)
core_size=0

# tmp sub-directory (${MFMODULE_RUNTIME_HOME}/tmp) cleaning
# 0 => no automatic cleaning
# x => clean files/directories older than x days
tmp_max_age=2


###############
##### LOG #####
###############
[log]

# Log minimal level
#  DEBUG => everything,
#  INFO => everything but not DEBUG,
#  WARNING => everything but not DEBUG and INFO,
#  ERROR => everything but not DEBUG, INFO and WARNING,
#  CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
minimal_level=INFO

# Duplicate some log messages in JSON to a specific file (for external
# monitoring tool)
# If json_file value is :
# null => the feature is desactivated
# AUTO => the feature is desactivated (because it's not necessary anymore
#         since 1.2 version)
json_file=null

# Minimal level for this json log file
#  DEBUG => everything,
#  INFO => everything but not DEBUG,
#  WARNING => everything but not DEBUG and INFO,
#  ERROR => everything but not DEBUG, INFO and WARNING,
#  CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
# Note: you can't send more messages to json log file than the configured global
#       minimal_level level (so also change the value of minimal_level key in
#       these uncommon use-cases)
json_minimal_level=WARNING

# Send some log files to mfadmin
# null => the feature is desactivated
# AUTO => the feature is activated if [admin]/hostname != null
mfadmin_flag=AUTO

# Minimal level for mfadmin send
#  DEBUG => everything,
#  INFO => everything but not DEBUG,
#  WARNING => everything but not DEBUG and INFO,
#  ERROR => everything but not DEBUG, INFO and WARNING,
#  CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
# Note: you can't send more messages to mfadmin than the configured global
#       minimal_level level (so also change the value of minimal_level key in
#       these uncommon use-cases)
mfadmin_minimal_level=WARNING

# Maximum number of rotated files to keep
number_of_rotated_files=5

# Max age of a log file before rotation (in seconds)
# Default: 86400 (24H)
max_age_before_rotation=86400

# Max size of a log file before rotation (in bytes)
# Default: 104857600 (100 MB)
max_size_before_rotation=104857600

# chmod on log files
# Default : 0644
chmod=0644

# Try to split stdout/stderr in distinct log files (when it's possible)
# (1 => split, 0 => don't split)
try_to_split_stdout_stderr=0

# Try to split multiple workers in distinct log files (when it's possible)
# (1 => split, 0 => don't split)
try_to_split_multiple_workers=0


##################
##### VECTOR #####
##################
[vector]


# UDP port used by vector syslog server (for mflog logs)
mflog_port = 5144

# UDP port used by vector syslog server (for nginx logs)
nginxlog_port = 5145


########################
##### ADMIN MODULE #####
########################
[admin]

# Hostname hosting the mfadmin module (if any)
# null => no monitoring
# localhost => send logs and metrics to the locally installed mfadmin module
# * => send logs and metrics to the specified host (which must host an mfadmin
#      module)

hostname=null


# Influxdb HTTP port on mfadmin host
# (change this only if you changed influxdb http port on mfadmin host)
influxdb_http_port=18086

# ElasticSearch HTTP port on mfadmin host
# (change this only if you changed elasticsearch http port on mfadmin host)
# (0 => no elasticsearch usage)
elasticsearch_http_port=15603

# Loki HTTP port on mfadmin host
# (change this only if you changed loki http port on mfadmin host)
# (0 => no loki usage)
# (13600 => default loki http port on mfadmin)
loki_http_port=0


# If send_nginx_logs=1, send nginx access logs to the configured admin hostname
send_nginx_logs=1


# If send_mflog_logs=1, send mflog logs to the configured admin hostname
send_mflog_logs=1


#################
##### NGINX #####
#################
[nginx]

# Port of nginx daemon
# IMPORTANT: this is the main port of the mfserv module
# Note: you can use <1024 value here (80 for example) but ports <1024 need
#       an extra configuration step as root user:
#       => setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"
#       (and)
#       => touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service
#          (for this change survives after a metwork update)
port=18868

# Max body size for incoming http requests (in MB)
upload_max_body_size=100

# Number of nginx workers
# (the {{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}} special values
#  is probably a good start)
workers={{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}}

# Default timeout (in seconds)
# You can override this in plugin config.ini
timeout=60

# If logging=0, do not log anything in nginx_access.log
logging=1

# In which tmp directory nginx put big request bodies
clientbody_temp_path=@@@MFMODULE_RUNTIME_HOME@@@/var/nginx2

# If flag=0, do not start nginx (can be useful in very special use cases)
flag=1

# If add_request_id_header=1 (default), we add the "X-Request-Id" header in
# the response to the client
add_request_id_header=1

# If accept_incoming_request_id_header=1, accept incoming X-Request-Id as
# request_id and don't generate a new one (in this case)
accept_incoming_request_id_header=0

# If add_x_forwarded_headers=1 (default), we add "X-Forwarded-*" headers
# (and X-Real-Ip also)
add_x_forwarded_headers=1

# extra networks allowed on /uuid endpoint (in addition to 127.0.0.1/32)
# (coma separated list)
# ("null" => no extra uuid allowed)
# example :
# uuid_endpoint_extra_allows=5.6.0.0/16,1.2.3.4/32
uuid_endpoint_extra_allows=null

# Advanced settings, change this only if you are sure what you are doing
# healthcheck endpoint for mfserv (useful only if you have a loadbalancer
#                                  before mfserv)
# null => no healthcheck endpoint
# the endpoint returns HTTP/200 with body: OK if the module is RUNNING
# correctly, else HTTP/503
health_location = /__health

# Advanced settings, change this only if you are sure what you are doing
# You can introduce a >0 value here to introduce a delay at the very beginning
# of mfserv stop process to be sure that a possible loadbalancer before mfserv
# detects the shutdown process (with healthcheck) before really stopping
# mfserv module. The value to used depends on the frequency of configured
# healthchecks (on your load balancer)
smart_stop_delay=0

# Advanced settings, change this only if you are sure what you are doing
# You can introduce a >0 value here to introduce a delay at the end of mfserv
# start process to be sure everything is ready before changing healthcheck to
# OK. It can be used to avoid that a loadbalancer before mfserv sends requests
# prematurely to this module.
smart_start_delay=0

# Advanced settings
# Determines whether the connection with a plugin should be
# closed when a client closes the connection without waiting for a response.
# See: <http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort>
proxy_ignore_client_abort=1

# If your mfserv is behind a reverse proxy, you will loose the real client ip
# in your logs. With these advanced parameters, you can configure
# http://nginx.org/en/docs/http/ngx_http_realip_module.html nginx module
# (set to 1 to activate)
real_ip=0

# see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
# (1 => on, 0 => off)
real_ip_recursive=1

# Defines the request header field whose value will be used to replace
# the client address.
# see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_header=X-Forwarded-For

# Coma separated trusted addresses that are known to send correct replacement
# addresses.
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
# (null value means no trusted addresses)
real_ip_set_from=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8

# Enables or disables emitting nginx version on error pages and
# in the "Server" response header field.
# (1 => enabled, 0 => disabled)
server_tokens=1

# Enables or disables specifying the port in absolute redirects issued by nginx.
# see http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect
# (1 => on, 0 => off)
port_in_redirect=1

# If >0, override the global setting [log]/max_size_before_rotation
# for the nginx daemon (only)
max_size_before_rotation=-1

# Port of nginx daemon in SSL mode
# (null => no https support)
# If you set a value here, you have also to set ssl_certificate and
# ssl_certificate_key keys
# Note: you can use <1024 value here (80 for example) but ports <1024 need
#       an extra configuration step as root user:
#       => setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"
#       (and)
#       => touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service
#          (for this change survives after a metwork update)
https_port=null

# SSL certificate (full path)
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
ssl_certificate=/dev/null

# SSL certificate secret key (full path)
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
ssl_certificate_key=/dev/null

# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
# (don't change this unless you are a SSL guru)
ssl_ciphers=HIGH:!aNULL:!MD5

# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
# (don't change this unless you are a SSL guru)
ssl_protocols=TLSv1 TLSv1.1 TLSv1.2


###################
##### PLUGINS #####
###################
[internal_plugins]

# if install_welcome=1, install the welcome plugin during init
install_welcome=1


##################
##### CIRCUS #####
##################
[circus]

# Advanced settings, you shouldn't change this
endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus.socket

# Advanced settings, you shouldn't change this
pubsub_endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus_pubsub.socket


####################
##### TELEGRAF #####
####################
[telegraf]

# Telegraf statsd port (on this host)
# Change this if it's already used
statsd_port=18127

# if debug=1, put telegraf in trace mode (WARNING: produce a lot of logs)
debug=0