Configuration file
This is the default mfserv configuration file.
###################
##### STARTUP #####
###################
[startup]
# If flag=0, block the start of the module
flag=1
#######################
##### AUTORESTART #####
#######################
[autorestart]
# If flag=1, then the autorestart feature is on
flag=1
################
##### MISC #####
################
[misc]
# Max coredumps size (value for `ulimit -c`;
# if core_size=-1, `ulimit -c` is not set)
core_size=0
# tmp sub-directory (${MFMODULE_RUNTIME_HOME}/tmp) cleaning
# 0 => no automatic cleaning
# x => clean files/directories older than x days
tmp_max_age=2
###############
##### LOG #####
###############
[log]
# Log minimal level
# DEBUG => everything,
# INFO => everything but not DEBUG,
# WARNING => everything but not DEBUG and INFO,
# ERROR => everything but not DEBUG, INFO and WARNING,
# CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
minimal_level=INFO
# Duplicate some log messages in JSON to a specific file (for external
# monitoring tool)
# If json_file value is :
# null => the feature is desactivated
# AUTO => the feature is desactivated (because it's not necessary anymore
# since 1.2 version)
json_file=null
# Minimal level for this json log file
# DEBUG => everything,
# INFO => everything but not DEBUG,
# WARNING => everything but not DEBUG and INFO,
# ERROR => everything but not DEBUG, INFO and WARNING,
# CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
# Note: you can't send more messages to json log file than the configured global
# minimal_level level (so also change the value of minimal_level key in
# these uncommon use-cases)
json_minimal_level=WARNING
# Send some log files to mfadmin
# null => the feature is desactivated
# AUTO => the feature is activated if [admin]/hostname != null
mfadmin_flag=AUTO
# Minimal level for mfadmin send
# DEBUG => everything,
# INFO => everything but not DEBUG,
# WARNING => everything but not DEBUG and INFO,
# ERROR => everything but not DEBUG, INFO and WARNING,
# CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR
# Note: you can't send more messages to mfadmin than the configured global
# minimal_level level (so also change the value of minimal_level key in
# these uncommon use-cases)
mfadmin_minimal_level=WARNING
# Maximum number of rotated files to keep
number_of_rotated_files=5
# Max age of a log file before rotation (in seconds)
# Default: 86400 (24H)
max_age_before_rotation=86400
# Max size of a log file before rotation (in bytes)
# Default: 104857600 (100 MB)
max_size_before_rotation=104857600
# chmod on log files
# Default : 0644
chmod=0644
# Try to split stdout/stderr in distinct log files (when it's possible)
# (1 => split, 0 => don't split)
try_to_split_stdout_stderr=0
# Try to split multiple workers in distinct log files (when it's possible)
# (1 => split, 0 => don't split)
try_to_split_multiple_workers=0
##################
##### VECTOR #####
##################
[vector]
# UDP port used by vector syslog server (for mflog logs)
mflog_port = 5144
# UDP port used by vector syslog server (for nginx logs)
nginxlog_port = 5145
########################
##### ADMIN MODULE #####
########################
[admin]
# Hostname hosting the mfadmin module (if any)
# null => no monitoring
# localhost => send logs and metrics to the locally installed mfadmin module
# * => send logs and metrics to the specified host (which must host an mfadmin
# module)
hostname=null
# Influxdb HTTP port on mfadmin host
# (change this only if you changed influxdb http port on mfadmin host)
influxdb_http_port=18086
# ElasticSearch HTTP port on mfadmin host
# (change this only if you changed elasticsearch http port on mfadmin host)
# (0 => no elasticsearch usage)
elasticsearch_http_port=15603
# Loki HTTP port on mfadmin host
# (change this only if you changed loki http port on mfadmin host)
# (0 => no loki usage)
# (13600 => default loki http port on mfadmin)
loki_http_port=0
# If send_nginx_logs=1, send nginx access logs to the configured admin hostname
send_nginx_logs=1
# If send_mflog_logs=1, send mflog logs to the configured admin hostname
send_mflog_logs=1
#################
##### NGINX #####
#################
[nginx]
# Port of nginx daemon
# IMPORTANT: this is the main port of the mfserv module
# Note: you can use <1024 value here (80 for example) but ports <1024 need
# an extra configuration step as root user:
# => setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"
# (and)
# => touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service
# (for this change survives after a metwork update)
port=18868
# Max body size for incoming http requests (in MB)
upload_max_body_size=100
# Number of nginx workers
# (the {{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}} special values
# is probably a good start)
workers={{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}}
# Default timeout (in seconds)
# You can override this in plugin config.ini
timeout=60
# If logging=0, do not log anything in nginx_access.log
logging=1
# In which tmp directory nginx put big request bodies
clientbody_temp_path=@@@MFMODULE_RUNTIME_HOME@@@/var/nginx2
# If flag=0, do not start nginx (can be useful in very special use cases)
flag=1
# If add_request_id_header=1 (default), we add the "X-Request-Id" header in
# the response to the client
add_request_id_header=1
# If accept_incoming_request_id_header=1, accept incoming X-Request-Id as
# request_id and don't generate a new one (in this case)
accept_incoming_request_id_header=0
# If add_x_forwarded_headers=1 (default), we add "X-Forwarded-*" headers
# (and X-Real-Ip also)
add_x_forwarded_headers=1
# extra networks allowed on /uuid endpoint (in addition to 127.0.0.1/32)
# (coma separated list)
# ("null" => no extra uuid allowed)
# example :
# uuid_endpoint_extra_allows=5.6.0.0/16,1.2.3.4/32
uuid_endpoint_extra_allows=null
# Advanced settings, change this only if you are sure what you are doing
# healthcheck endpoint for mfserv (useful only if you have a loadbalancer
# before mfserv)
# null => no healthcheck endpoint
# the endpoint returns HTTP/200 with body: OK if the module is RUNNING
# correctly, else HTTP/503
health_location = /__health
# Advanced settings, change this only if you are sure what you are doing
# You can introduce a >0 value here to introduce a delay at the very beginning
# of mfserv stop process to be sure that a possible loadbalancer before mfserv
# detects the shutdown process (with healthcheck) before really stopping
# mfserv module. The value to used depends on the frequency of configured
# healthchecks (on your load balancer)
smart_stop_delay=0
# Advanced settings, change this only if you are sure what you are doing
# You can introduce a >0 value here to introduce a delay at the end of mfserv
# start process to be sure everything is ready before changing healthcheck to
# OK. It can be used to avoid that a loadbalancer before mfserv sends requests
# prematurely to this module.
smart_start_delay=0
# Advanced settings
# Determines whether the connection with a plugin should be
# closed when a client closes the connection without waiting for a response.
# See: <http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort>
proxy_ignore_client_abort=1
# If your mfserv is behind a reverse proxy, you will loose the real client ip
# in your logs. With these advanced parameters, you can configure
# http://nginx.org/en/docs/http/ngx_http_realip_module.html nginx module
# (set to 1 to activate)
real_ip=0
# see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
# (1 => on, 0 => off)
real_ip_recursive=1
# Defines the request header field whose value will be used to replace
# the client address.
# see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
real_ip_header=X-Forwarded-For
# Coma separated trusted addresses that are known to send correct replacement
# addresses.
# See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
# (null value means no trusted addresses)
real_ip_set_from=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8
# Enables or disables emitting nginx version on error pages and
# in the "Server" response header field.
# (1 => enabled, 0 => disabled)
server_tokens=1
# If >0, override the global setting [log]/max_size_before_rotation
# for the nginx daemon (only)
max_size_before_rotation=-1
# Port of nginx daemon in SSL mode
# (null => no https support)
# If you set a value here, you have also to set ssl_certificate and
# ssl_certificate_key keys
# Note: you can use <1024 value here (80 for example) but ports <1024 need
# an extra configuration step as root user:
# => setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"
# (and)
# => touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service
# (for this change survives after a metwork update)
https_port=null
# SSL certificate (full path)
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
ssl_certificate=/dev/null
# SSL certificate secret key (full path)
# See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
ssl_certificate_key=/dev/null
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
# (don't change this unless you are a SSL guru)
ssl_ciphers=HIGH:!aNULL:!MD5
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
# (don't change this unless you are a SSL guru)
ssl_protocols=TLSv1 TLSv1.1 TLSv1.2
###################
##### PLUGINS #####
###################
[internal_plugins]
# if install_welcome=1, install the welcome plugin during init
install_welcome=1
##################
##### CIRCUS #####
##################
[circus]
# Advanced settings, you shouldn't change this
endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus.socket
# Advanced settings, you shouldn't change this
pubsub_endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus_pubsub.socket
####################
##### TELEGRAF #####
####################
[telegraf]
# Telegraf statsd port (on this host)
# Change this if it's already used
statsd_port=18127
# if debug=1, put telegraf in trace mode (WARNING: produce a lot of logs)
debug=0