diff options
| author | zhangzhihan <[email protected]> | 2020-09-25 12:12:25 +0800 |
|---|---|---|
| committer | zhangzhihan <[email protected]> | 2020-09-25 12:12:25 +0800 |
| commit | b57e742be88edfbe5e4ab986b8b2916499aac080 (patch) | |
| tree | fc2ea0d9fb126eb9991e530b61b07160d30cf0db /roles | |
| parent | 4177c779ef93979e850c6676ac50192ae0975357 (diff) | |
update
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/kni/templates/kni.conf.j2 | 52 | ||||
| -rw-r--r-- | roles/tfe/templates/tfe.conf.j2 | 6 |
2 files changed, 58 insertions, 0 deletions
diff --git a/roles/kni/templates/kni.conf.j2 b/roles/kni/templates/kni.conf.j2 index 034d319..844023c 100644 --- a/roles/kni/templates/kni.conf.j2 +++ b/roles/kni/templates/kni.conf.j2 @@ -81,3 +81,55 @@ remote_port = 8100 local_path = ./fs2_kni.status stat_cycle = 1 print_mode = 1 + +[ssl_dynamic_bypass] +enabled = 1 + +#kni dynamic bypass +[traceid2sslinfo_htable] +mho_screen_print_ctrl = 0 +mho_thread_safe = 1 +mho_mutex_num = 160 +mho_hash_slot_size = 80000 +mho_hash_max_element_num = 320000 +mho_expire_time = 300 +mho_eliminate_type = FIFO + +[sslinfo2bypass_htable] +mho_screen_print_ctrl = 0 +mho_thread_safe = 1 +mho_mutex_num = 160 +mho_hash_slot_size = 640000 +mho_hash_max_element_num = 2560000 +mho_expire_time = 300 +mho_eliminate_type = FIFO + +[proxy_tcp_option] +enabled = 1 +maat_table_compile = PXY_TCP_OPTION_COMPILE +maat_table_addr = PXY_TCP_OPTION_ADDR +maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN +enable_override = 0 +client_tcp_maxseg_enable = 0 +client_tcp_maxseg = 1460 +client_tcp_nodelay = 1 +client_tcp_ttl = 70 +client_tcp_keepalive_enable = 1 +client_tcp_keepalive_keepcnt = 8 +client_tcp_keepalive_keepidle = 30 +client_tcp_keepalive_keepintvl = 15 +client_tcp_user_timeout = 600 +server_tcp_maxseg_enable = 0 +server_tcp_maxseg = 1460 +server_tcp_nodelay = 1 +server_tcp_ttl = 75 +server_tcp_keepalive_enable = 1 +server_tcp_keepalive_keepcnt = 8 +server_tcp_keepalive_keepidle = 30 +server_tcp_keepalive_keepintvl = 15 +server_tcp_user_timeout = 600 +bypass_duplicated_packet = 0 +tcp_passthrough = 0 + +[share_session_attribute] +SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2 index b0e2077..6766871 100644 --- a/roles/tfe/templates/tfe.conf.j2 +++ b/roles/tfe/templates/tfe.conf.j2 @@ -66,9 +66,15 @@ service_cache_fail_time_window=30 # cert check_cert_crl=0 +{% if tsg_running_type == 2 %} trusted_cert_load_local=1 #trusted_cert_file=resource/tfe/tls-ca-bundle.pem trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem +{% else %} +trusted_cert_load_local=0 +trusted_cert_file=resource/tfe/tls-ca-bundle.pem +#trusted_cert_file=resource/tfe/tsg_diagnose_ca.pem +{% endif %} trusted_cert_dir=resource/tfe/trusted_storage # master key |