Configuration file

This is the default mfserv configuration file.

```ini

STARTUP

[startup]

If flag=0, block the start of the module

flag=1

AUTORESTART

[autorestart]

If flag=1, then the autorestart feature is on

flag=1

MISC

[misc]

Max coredumps size (value for `ulimit -c`;

if core_size=-1, `ulimit -c` is not set)

core_size=0

tmp sub-directory (${MFMODULE_RUNTIME_HOME}/tmp) cleaning

0 => no automatic cleaning

x => clean files/directories older than x days

tmp_max_age=2

LOG

[log]

Log minimal level

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

minimal_level=INFO

Duplicate some log messages in JSON to a specific file (for external

monitoring tool)

If json_file value is :

null => the feature is desactivated

AUTO => the feature is desactivated (because it's not necessary anymore

since 1.2 version)

json_file=null

Minimal level for this json log file

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to json log file than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

json_minimal_level=WARNING

Send some log files to mfadmin

null => the feature is desactivated

AUTO => the feature is activated if [admin]/hostname != null

mfadmin_flag=AUTO

Minimal level for mfadmin send

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to mfadmin than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

mfadmin_minimal_level=WARNING

Maximum number of rotated files to keep

number_of_rotated_files=5

Max age of a log file before rotation (in seconds)

Default: 86400 (24H)

max_age_before_rotation=86400

Max size of a log file before rotation (in bytes)

Default: 104857600 (100 MB)

max_size_before_rotation=104857600

chmod on log files

Default : 0644

chmod=0644

Try to split stdout/stderr in distinct log files (when it's possible)

(1 => split, 0 => don't split)

try_to_split_stdout_stderr=0

Try to split multiple workers in distinct log files (when it's possible)

(1 => split, 0 => don't split)

try_to_split_multiple_workers=0

VECTOR

[vector]

UDP port used by vector syslog server (for mflog logs)

mflog_port = 5144

UDP port used by vector syslog server (for nginx logs)

nginxlog_port = 5145

ADMIN MODULE

[admin]

Hostname hosting the mfadmin module (if any)

null => no monitoring

localhost => send logs and metrics to the locally installed mfadmin module

* => send logs and metrics to the specified host (which must host an mfadmin

module)

hostname=null

Influxdb HTTP port on mfadmin host

(change this only if you changed influxdb http port on mfadmin host)

influxdb_http_port=18086

ElasticSearch HTTP port on mfadmin host

(change this only if you changed elasticsearch http port on mfadmin host)

(0 => no elasticsearch usage)

elasticsearch_http_port=15603

Loki HTTP port on mfadmin host

(change this only if you changed loki http port on mfadmin host)

(0 => no loki usage)

(13600 => default loki http port on mfadmin)

loki_http_port=0

If send_nginx_logs=1, send nginx access logs to the configured admin hostname

send_nginx_logs=1

If send_mflog_logs=1, send mflog logs to the configured admin hostname

send_mflog_logs=1

NGINX

[nginx]

Port of nginx daemon

IMPORTANT: this is the main port of the mfserv module

Note: you can use <1024 value here (80 for example) but ports <1024 need

an extra configuration step as root user:

On rocky 8

- ln -s {{MFEXT_HOME}}/opt/core/lib/libssl.so.3 /usr/lib64 (if libssl.so.3 is not available on /usr/lib64)

- ln -s {{MFEXT_HOME}}/opt/core/lib/libcrypto.so.3 /usr/lib64 (if libcrypto.so.3 is not available on /usr/lib64)

- setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"

- touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service

(for this change survives after a metwork update)

On rocky 9

- setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"

- touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service

(for this change survives after a metwork update)

On rocky 10

- ln -s {{MFEXT_HOME}}/opt/core/lib/libpcre.so.1 /usr/lib64 (if libpcre.so.1 is not available on /usr/lib64)

- setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"

- touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service

(for this change survives after a metwork update)

Or use another method than setcap :

see https://linuxconfig.org/how-to-bind-a-rootless-container-to-a-privileged-port-on-linux

To remove the capability set by setcap, use : setcap -r "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"

port=18868

Max body size for incoming http requests (in MB)

upload_max_body_size=100

Number of nginx workers

(the {{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}} special values

is probably a good start)

workers={{MFHARDWARE_NUMBER_OF_CPU_CORES_MULTIPLIED_BY_2}}

Default timeout (in seconds)

You can override this in plugin config.ini

timeout=60

If logging=0, do not log anything in nginx_access.log

logging=1

In which tmp directory nginx put big request bodies

clientbody_temp_path=@@@MFMODULE_RUNTIME_HOME@@@/var/nginx2

If flag=0, do not start nginx (can be useful in very special use cases)

flag=1

If add_request_id_header=1 (default), we add the "X-Request-Id" header in

the response to the client

add_request_id_header=1

If accept_incoming_request_id_header=1, accept incoming X-Request-Id as

request_id and don't generate a new one (in this case)

accept_incoming_request_id_header=0

If add_x_forwarded_headers=1 (default), we add "X-Forwarded-*" headers

(and X-Real-Ip also)

add_x_forwarded_headers=1

extra networks allowed on /uuid endpoint (in addition to 127.0.0.1/32)

(coma separated list)

("null" => no extra uuid allowed)

example :

uuid_endpoint_extra_allows=5.6.0.0/16,1.2.3.4/32

uuid_endpoint_extra_allows=null

Advanced settings, change this only if you are sure what you are doing

healthcheck endpoint for mfserv (useful only if you have a loadbalancer

before mfserv)

null => no healthcheck endpoint

the endpoint returns HTTP/200 with body: OK if the module is RUNNING

correctly, else HTTP/503

health_location = /__health

Enable access log for the healthcheck endpoint

(1 => on, 0 => off)

health_access_log=0

Advanced settings, change this only if you are sure what you are doing

You can introduce a >0 value here to introduce a delay at the very beginning

of mfserv stop process to be sure that a possible loadbalancer before mfserv

detects the shutdown process (with healthcheck) before really stopping

mfserv module. The value to used depends on the frequency of configured

healthchecks (on your load balancer)

smart_stop_delay=0

Advanced settings, change this only if you are sure what you are doing

You can introduce a >0 value here to introduce a delay at the end of mfserv

start process to be sure everything is ready before changing healthcheck to

OK. It can be used to avoid that a loadbalancer before mfserv sends requests

prematurely to this module.

smart_start_delay=0

Advanced settings

Determines whether the connection with a plugin should be

closed when a client closes the connection without waiting for a response.

See: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort

proxy_ignore_client_abort=1

If your mfserv is behind a reverse proxy, you will loose the real client ip

in your logs. With these advanced parameters, you can configure

http://nginx.org/en/docs/http/ngx_http_realip_module.html nginx module

(set to 1 to activate)

real_ip=0

see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive

(1 => on, 0 => off)

real_ip_recursive=1

Defines the request header field whose value will be used to replace

the client address.

see http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header

real_ip_header=X-Forwarded-For

Coma separated trusted addresses that are known to send correct replacement

addresses.

See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from

(null value means no trusted addresses)

real_ip_set_from=172.16.0.0/12,192.168.0.0/16,10.0.0.0/8

Enables or disables emitting nginx version on error pages and

in the "Server" response header field.

(1 => enabled, 0 => disabled)

server_tokens=1

Enables or disables specifying the port in absolute redirects issued by nginx.

see http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect

(1 => on, 0 => off)

port_in_redirect=1

If >0, override the global setting [log]/max_size_before_rotation

for the nginx daemon (only)

max_size_before_rotation=-1

Port of nginx daemon in SSL mode

(null => no https support)

If you set a value here, you have also to set ssl_certificate and

ssl_certificate_key keys

Note: you can use <1024 value here (80 for example) but ports <1024 need

an extra configuration step as root user:

=> setcap cap_net_bind_service=+ep "{{MFEXT_HOME}}/opt/openresty/nginx/sbin/nginx"

(and)

=> touch /etc/metwork.config.d/mfserv/set_cap_net_bind_service

(for this change survives after a metwork update)

https_port=null

SSL certificate (full path)

See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate

ssl_certificate=/dev/null

SSL certificate secret key (full path)

See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate

ssl_certificate_key=/dev/null

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers

(don't change this unless you are a SSL guru)

ssl_ciphers=HIGH:!aNULL:!MD5

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols

(don't change this unless you are a SSL guru)

ssl_protocols=TLSv1 TLSv1.1 TLSv1.2

PLUGINS

[internal_plugins]

if install_welcome=1, install the welcome plugin during init

install_welcome=1

CIRCUS

[circus]

Advanced settings, you shouldn't change this

endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus.socket

Advanced settings, you shouldn't change this

pubsub_endpoint=ipc://@@@MFMODULE_RUNTIME_HOME@@@/var/circus_pubsub.socket

Arbiter config setting (default 5 was not enough to prevent "ConflictError: arbiter is already running..." with circus 0.17.2

check_delay = 15

TELEGRAF

[telegraf]

Telegraf statsd port (on this host)

Change this if it's already used

statsd_port=18127

if debug=1, put telegraf in trace mode (WARNING: produce a lot of logs)

debug=0

```

Configuration file

STARTUP

If flag=0, block the start of the module

AUTORESTART

If flag=1, then the autorestart feature is on

MISC

Max coredumps size (value for ulimit -c;

if core_size=-1, ulimit -c is not set)

tmp sub-directory (${MFMODULE_RUNTIME_HOME}/tmp) cleaning

0 => no automatic cleaning

x => clean files/directories older than x days

LOG

Log minimal level

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Duplicate some log messages in JSON to a specific file (for external

monitoring tool)

If json_file value is :

null => the feature is desactivated

AUTO => the feature is desactivated (because it's not necessary anymore

since 1.2 version)

Minimal level for this json log file

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to json log file than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

Send some log files to mfadmin

null => the feature is desactivated

AUTO => the feature is activated if [admin]/hostname != null

Minimal level for mfadmin send

DEBUG => everything,

INFO => everything but not DEBUG,

WARNING => everything but not DEBUG and INFO,

ERROR => everything but not DEBUG, INFO and WARNING,

CRITICAL => everything but not DEBUG, INFO, WARNING AND ERROR

Note: you can't send more messages to mfadmin than the configured global

minimal_level level (so also change the value of minimal_level key in

these uncommon use-cases)

Maximum number of rotated files to keep

Max age of a log file before rotation (in seconds)

Default: 86400 (24H)

Max size of a log file before rotation (in bytes)

Default: 104857600 (100 MB)

chmod on log files

Default : 0644

Try to split stdout/stderr in distinct log files (when it's possible)

(1 => split, 0 => don't split)

Try to split multiple workers in distinct log files (when it's possible)

(1 => split, 0 => don't split)

VECTOR

UDP port used by vector syslog server (for mflog logs)

UDP port used by vector syslog server (for nginx logs)

ADMIN MODULE

Hostname hosting the mfadmin module (if any)

null => no monitoring

localhost => send logs and metrics to the locally installed mfadmin module

* => send logs and metrics to the specified host (which must host an mfadmin

module)

Influxdb HTTP port on mfadmin host

(change this only if you changed influxdb http port on mfadmin host)

ElasticSearch HTTP port on mfadmin host

(change this only if you changed elasticsearch http port on mfadmin host)

(0 => no elasticsearch usage)

Loki HTTP port on mfadmin host

(change this only if you changed loki http port on mfadmin host)

(0 => no loki usage)

(13600 => default loki http port on mfadmin)

If send_nginx_logs=1, send nginx access logs to the configured admin hostname

If send_mflog_logs=1, send mflog logs to the configured admin hostname

NGINX

Port of nginx daemon

IMPORTANT: this is the main port of the mfserv module

Note: you can use <1024 value here (80 for example) but ports <1024 need

Max coredumps size (value for `ulimit -c`;

if core_size=-1, `ulimit -c` is not set)