Skip to content

Latest commit

 

History

History
915 lines (557 loc) · 37.1 KB

CHANGELOG.md

File metadata and controls

915 lines (557 loc) · 37.1 KB
Raw

Changelog

Unreleased

Breaking Changes

Bug Fixes

  • Issue #506: Wrong route for multiple matching host glob patterns

    When multiple host glob patterns match an incoming request fabio can pick the wrong backend for the request. This is because the sorting code that should sort the matching patterns from most specific to least specific does not take into account that doamin names have their most specific part at the front. This has been fixed by reversing the domain names before sorting.

Improvements

Features

v1.5.9 - 16 May 2018

Notes

  • Issue #494: Tests fail with Vault > 0.9.6 and Consul > 1.0.6

    Needs more investigation.

Breaking Changes

  • None

Bug Fixes

  • Issue #460: Fix access logging when gzip is enabled

    Fabio was not writing access logs when the gzip compression was enabled.

    Thanks to @tino for finding this and providing and initial patch.

  • PR #468: Fix the regex of the example proxy.gzip.contenttype

    The example regexp for proxy.gzip.contenttype in fabio.properties was not properly escaped.

    Thanks to @tino for the patch.

  • Issue #421: Fabio routing to wrong backend

    Fabio does not close websocket connections if the connection upgrade fails. This can lead to connections being routed to the wrong backend if there is another HTTP router like nginx in front of fabio. The failed websocket connection creates a direct TCP tunnel to the original backend server and that connection is not closed properly.

    The patches detect an unsuccessful handshake and close the connection properly.

    Thanks to @craigday for the original reporting and debugging.

Improvements

  • Issue #427: Fabio does not remove service when one of the registered health-checks fail

    If a service has more than one health check then the behavior in whether the service is available differs between Consul and Fabio. Consul requires that all health checks for a service need to pass in order to return a positive DNS result. Fabio requires only one of the health checks to pass.

    A new config option registry.consul.checksRequired has been added which defaults to the current fabio behavior of one passing health check for the service to be added to the routing table. To make fabio behave like Consul you can set the option to all.

    Fabio will make all the default as of version 1.6.

    Thanks to @systemfreund for the patch.

  • Issue #448: Redirect http to https on the same destination

    Fabio will now handle redirecting from http to https on the same destination without a redirect loop.

    Thanks to @leprechau for the patch and to @atillamas for the original PR and the discussion.

  • PR #453: Handle proxy chains of any length

    Fabio will now validate that all elements of the X-Forwarded-For header are allowed by the given ACL of the route. See discussion in PR #449 for details.

    Thanks to @leprechau for the patch and to @atillamas for the original PR and the discussion.

  • Issue #452: Add improved glob matcher

    Fabio now uses the github.com/gobaws/glob package for glob matching which allows more complex patterns.

    Thanks to @sharbov for the patch.

Features

  • None

v1.5.8 - 18 Feb 2018

Breaking Changes

  • None

Bug Fixes

  • Fix windows build.

    fabio 1.5.7 broke the Windows build but this wasn't detected since the new build process did not build the Windows binaries. This has been fixed.

  • Issue #438: Do not add separator to noroute.html page

    fabio 1.5.7 added support for multiple routing tables in Consul and added a comment which described the origin to the output. The same comment was added to the noroute.html page since the same code is used to fetch it. This returned an invalid HTML page which has been fixed.

Improvements

  • PR #423: TCP+SNI support arbitrary large Client Hello

    With this patch fabio correctly parses ClientHello messages on TLS connections up to their maximum size.

    Thanks to @DanSipola for the patch.

Features

  • PR #426: Add option to allow Fabio to register frontend services in Consul on behalf of user services

    With this patch fabio can register itself multiple times under different names in Consul. By adding the register=name option to a route fabio will register itself under that name as well.

    Thanks to @rileyje for the patch.

  • PR #442: Add basic ip centric access control on routes

    With this patch fabio adds an allow and deny option to the routes which allows for basic ip white and black listing of IPv4 and IPv6 addresses. See http://fabiolb.net/feature/access-control/ for more details.

    Thanks to @leprechau for the patch and @microadam for the testing.

v1.5.7 - 6 Feb 2018

Breaking Changes

  • None

Bug Fixes

  • Issue #434: VaultPKI tests fail with go1.10rc1

    All unit tests pass now on go1.10rc1.

Improvements

  • Issue #369: Warn if fabio is run as root

    fabio 1.5.7 emits a recurring warning when run as root. This can be disabled when using the new -insecure flag which also provides a link to alternatives.

  • Issue #433: proxy.noroutestatus must be three digit code

    go1.10 will enforce that HTTP status codes must be three digit values [100,1000) and and otherwise the handler will panic. This change enforces that the proxy.noroutestatus has a valid status code value.

Features

  • Issue #396: treat registry.consul.kvpath as prefix

    This patch allows fabio to have multiple manual routing tables stored in consul, e.g. under fabio/config/foo and fabio/config/bar. The routing table fragments are concatenated in lexicographical order of the keys and the log output contains comments to indicate to which key the segment belongs.

  • PR #425: Add support for HSTS headers

    fabio has now support for adding HSTS headers to the response.

    Thanks to @leprechau for the patch.

v1.5.6 - 5 Jan 2018

Breaking Changes

  • None

Improvements

  • Issue #216/Issue #383/PR #414: Do not require globally unique service IDs

    Since version 1.0 fabio required all service ids in Consul to be globally unique although service ids only have to be unique per Consul agent. This patch fixes this.

    Thanks to @dropje86 and @alvaroaleman for the patch!

  • Issue #408: Log Consul state changes as DEBUG

    Health changed to xxx and similar log messages will be logged as DEBUG.

  • PR #415: Honor the -version flag

    fabio -version does now what you would expect it to do.

v1.5.5 - 21 Dec 2017

Breaking Changes

  • None

Features

  • PR #398: Add custom no route HTML page

    This patch adds support for a custom HTML template stored in Consul or on the file system which will be returned when there is no route.

    Thanks to @tino for the patch!

v1.5.4 - 10 Dec 2017

Breaking Changes

  • None

Features

  • Issue #87/PR #395: Add redirect support

    This patch adds support to redirect a request for a matching route to another URL. If the redirect=<code> option is set on a route fabio will send a redirect response to the dst address with the given code.

    The syntax for the urlprefix- tag is slightly different since the destination address is usually generated from the service registration stored in Consul.

    The $path pseudo-variable can be used to include the original request URI in the destination target.

    Thanks to @ctlajoie for providing this patch!

# redirect /foo to https://www.foo.com/
route add svc /foo https://www.foo.com/ opts "redirect=301"

# redirect /foo to https://www.foo.com/
urlprefix-/foo redirect=301,https://www.foo.com/

# redirect /foo to https://www.foo.com/foo
urlprefix-/foo redirect=301,https://www.foo.com$path

Bug Fixes

  • Issue #385: opts with host= with multiple routes does not work as expected

    When multiple routes for the same path had different host options then only the one set on the first route worked. This has been fixed so that the Host header is now set according to the selected target.

  • Issue #389: match exact host before glob matches

    When there is an exact match and a glob match for a hostname then the exact match is preferred.

Improvements

  • PR #380: Set X-Forwared-Host header if not present

    Fabio now sets the X-Forwarded-Host header if it isn't present.

  • Issue #400: Do not exit on SIGHUP

    Fabio will now ignore the SIGHUP signal. Additionally, the caught signal is logged with the action (exit or ignore).

v1.5.3 - 3 Nov 2017

Breaking Changes

  • None

Features

Bug Fixes

  • Issue #306: Add metrics for TCP and TCP+SNI proxy

    fabio now reports metrics for TCP and TCP+SNI connections.

  • Issue #330: Strip option has no effect on websockets

    The strip=/prefix option now works correctly on web sockets

  • Issue #350: statsd - unable to parse line - gf metric

    fabio now correctly reports mean values for timers as gauge values to statsd.

Improvements

  • Issue #320: FATAL error when metrics cannot be delivered

    fabio adds a metrics.timeout and a metrics.retry config parameter to control when the the metrics backend should become available and changes the default behavior to retry for some time before giving up.

  • PR #366: add leveled logging

    Add a -log-level parameter which allows to control the log level.

  • Issue #367: nodes and services in maintenance can cause excessive logging

    Notifications about nodes and services in maintenance mode are now logged as DEBUG and therefore filtered out by default.

  • Issue #375: host option allows to set Host header

    The host option now allows to set the Host header to the provided value in addition to the special dst value.

v1.5.2 - 24 Jul 2017

Breaking Changes

  • None

Bug Fixes

  • Issue #305: 1.5.0 config compatibility problem

    In fabio 1.5.0 the key/value parsing was refactored and that introduced a bug where a second = failed to parse correctly and prevented fabio from starting.

Improvements

  • PR #321: Cleanup TCP proxy connections

    This patch updates the internal connection map when a connection is closed.

    Thanks to @crypto89 for this patch.

v1.5.1 - 6 Jul 2017

Improvements

  • Added Code of Conduct

  • Add support for detail format for log.routes.format

    The detail format prints the routing table with more detail than the other formats and it isn't intended to be machine readable.

./fabio -log.routes.format detail
2017/06/19 11:51:14 [INFO] Updated config to
+-- host=:3306
|   +-- path=
|       |-- addr=127.0.0.1:5001 weight 0.20 slots 2000/10000
|       +-- addr=127.0.0.1:5000 weight 0.80 slots 8000/10000
+-- host=:3307
    +-- path=
        +-- addr=127.0.0.1:5002 weight 1.00 slots 1/1

  • Issue #42: Add support for 'weight=f' option in urlprefix tag

    This allows to specify a manual weight on the urlprefix- tag. This can be used to manually distribute the load between multiple TCP endpoints or to have an active/standby setup by setting weight=1 on the active and weight=0 on the standby server.

  • Issue #274/PR #314: Avoid premature Vault token renewal

    Non-renewable tokens are no longer renewed. In addition, the token TTL is honored for token that can be renewed.

    Thanks to @pschultz for this patch.

  • PR #313: Tests work now with Vault 0.7.x

    Thanks to @pschultz for this patch.

v1.5.0 - 7 Jun 2017

Breaking Changes

  • Support for the deprecated proxy.addr format :port;certfile;keyfile;cafile has been dropped. Please use instead proxy.addr in combination with a certificate store.

Bug Fixes

Improvements

  • Upgrade to go1.8.3

  • Issue #133: websockets failing with 500 on rancher

    Rancher is a Java application which uses java.net.URL to compose the original request URL from the X-Forwarded-Proto and other headers. The java.net.URL class does not support the ws or wss protocol without a matching java.net.URLStreamHandler implementation. Java code should use the java.net.URI class for these types of URLs instead. However, the X-Forwarded-Proto header isn't specified as the Forwarded header (RFC 7239) and the common usage is to only use either http or https for websocket connections. In order not to break existing applications fabio now sets the X-Forwarded-Proto header to http for ws and to https for wss connections.

  • PR #292: Add unique request id

    fabio can now add a unique request id in form of a UUIDv4 to each request as a header. The name of the header is configurable and the value of the header can be logged to the access log.

    Thanks to @bkmit for this patch.

  • Issue #249: Make TLS version and cipher suites configurable

    fabio now allows to configure the TLS parameters for the handshake as part of the proxy.addr configuration. See fabio.properties for details.

  • Issue #280: Add protocol data to Forwarded header

    fabio adds httpproto, tlsver and tlsciphers to the Forwarded header.

  • Issue #290: Add profiling support

    fabio now supports optional memory, cpu, mutex and block (contention) profiling. Profiling is enabled through the profile.mode flag which determines the mode. The profile.path flag determines the output path.

  • Issue #294: Use upstream host name for request

    Add support for a host=dst option on the route to trigger fabio to use the target hostname for the outgoing request instead of the host name provided by the original request.

  • Issue #296: Sync X-Forwarded-Proto and Forwarded header when possible

    The X-Forwarded-Proto header and the proto value of the Forwarded header can get out of sync when an upstream load balancer sets the one but not the other header. Fabio would then not touch the existing header and derive the value for the unset header based on the connection.

    This patch changes this behavior so that the value for the missing header is derived from the other one. When both headers are set they are both left untouched since it cannot be decided which one is the source of truth.

  • Issue #300: Support Gzip encoding for websockets

    Setting the Accept-Encoding header to gzip and enabling gzip compression triggered a bug in fabio which prevented the use of gzip compression on websocket connections.

  • Issue #302: Add support for read-only UI

    The ui.access parameter can be used to configure the ui endpoint to be in either read-write or read-only mode.

  • Issue #304: Add support for X-Forwarded-Prefix header

    The X-Forwarded-Prefix header is added when the strip=/foo option is used on a route and contains the path that was stripped (e.g. /foo).

v1.4.4 - 8 May 2017

Bug Fixes

  • Issue #271: Support websocket for HTTPS upstream

    This patch fixes that websocket connections are not forwarded to an HTTPS upstream server.

  • Issue #279: fabio does not start with multiple listeners

    Commit 5a23cb1 found in #265 added code for not swallowing the errors but did not capture the loop variable for the go routines when starting listeners. This prevented fabio from starting up properly when being configured with more than one listener.

  • Issue #289: Fabio does not advertise http/1.1 on TLS connections

    This patch makes fabio announce both h2 and http/1.1 as application level protocols on TLS connections.

Improvements

  • The listener code no longer swallows the errors and exits if it cannot create a listening socket.

  • Issue #278: Add service name to access log fields

    Add $upstream_service which contains the service name of the selected target to the available access log fields.

v1.4.3 - 24 Apr 2017

Bug Fixes

  • Issue #269: Access log cannot be disabled

    The access logging feature that was added in v1.4.1 did not allow to disable the access logging output and all fabio instances were writing an access log by default. Also, the logging setup code would leave fabio registered in consul in case of a failure.

Improvements

  • PR #268: Add support for TLSSkipVerify for https consul fabio check

    When the fabio admin port is configured to use HTTPS then the consul health check has to use HTTPS as well. The new registry.consul.register.checkTLSSkipVerify option allows to disable TLS certificate validation for this check. This requires consul 0.7.2 or higher.

    Thanks to @Ginja for providing this patch.

  • Demo server supports HTTPS

    The demo/server/server now supports https and wss to test the HTTPS upstream support. To run an HTTPS server run the following

    # generate some test certs
cd $GOPATH/src/github.com/fabiolb/fabio
build/issue-225-gen-cert.bash

# build and run the demo server
cd demo/server
go build
./server -certFile ../cert/server/server-cert.pem -keyFile ../cert/server/server-key.pem -proto https -prefix "/foo tlsskipverify=true"

  • Add route options to UI

    The UI now shows the combined options from all targets for a route.

  • Add fabio logo to UI

    The Fabio logo is displayed on all UI pages.

v1.4.2 - 10 Apr 2017

The vault tests do not yet pass with vault 0.7.0 and support for vault 0.7.0 has yet to be confirmed. fabio is known to work with vault 0.6.4.

Features

  • PR #257, Issue #181: Add HTTPS Upstream Support

    Upstream servers can now be served via HTTPS. To enable this for a route add the proto=https option to the urlprefix- tag. The upstream certificate needs to be in the system certificate chain for the certificate validation to succeed. To disable certificate validation for upstream requests add the tlsskipverify=true option. Support for certificate stores for upstream servers may come at a later point.

    Thanks to @shadowfax-chc for providing this patch.

    See: https://github.com/fabiolb/fabio/wiki/Features#https-upstream-support

  • PR #258: Allow UI/API to be served over HTTPS

    The UI/API endpoint can now be served via HTTPS. To enable this configure the ui.addr property with a cs=<cert store> option like the proxy.addr listeners.

    Thanks to @shadowfax-chc for providing this patch.

Improvements

  • Upgrade to go1.8.1
  • Run tests with consul 0.8.0
  • Improve CHANGELOG

v1.4.1 - 4 Apr 2017

Features

v1.4 - 25 Mar 2017

Features

  • Issue #1, Issue #179: Add generic TCP Proxy support

    fabio now supports raw TCP proxying support by setting the proto=tcp option on the urlprefix- tag. The target needs to be the external port of the service, e.g. urlprefix-:3306 for a MySQL proxy. fabio needs to have a TCP listener configured for that port through the proxy.addr option, e.g. proxy.addr=:3306;proto=tcp.

    The TCP proxy also supports TLS which is configured through the cs=<cert store> option like the HTTPS listeners.

  • Issue #163: Support glob host matching

    This patch adds support for glob host matching the hostname in routes like urlprefix-*.foo.com/bar.

Improvements

  • Upgrade to Go 1.8 and drop support for Go 1.7

  • Issue #178: Add tests and timeouts to TCP+SNI proxy

    Add full integration tests and support for read/write timeouts through the rt= and wt= options on the listener config for the TCP+SNI proxy. The initial implementation was only tested manually.

  • Issue #248: Start listener after routing table is initialized

    fabio now waits for the first routing table before serving requests. This should remove 503s during restarts on heavily loaded sites.

v1.3.8 - 14 Feb 2017

Features

Improvements

  • Upgrade to Go 1.7.5
  • Issue #238: Make route update logging format configurable. Log delta by default
  • Issue #240: Retry registry during startup

v1.3.7 - 19 Jan 2017

Features

Bug Fixes

  • Issue #207: Bad statsd mean metric format
  • Issue #217: fabio 1.3.6 UI displays host and path as 'undefined' in the routes page
  • Issue #218: requests and notfound metric missing

v1.3.6 - 17 Jan 2017

Improvements

  • Upgrade to Go 1.7.4
  • Issue #111: Refactor urlprefix tags (step 1: options and new parser)
  • Issue #186: runtime error: integer divide by zero
  • Issue #199: Refactor config loader tests
  • Issue #215: Re-enable HTTP/2 support

v1.3.5 - 30 Nov 2016

Improvements

v1.3.4 - 28 Oct 2016

Features

  • Issue #119: Transparent response body compression

Improvements

  • Upgrade to Go 1.7.3

v1.3.3 - 12 Oct 2016

Improvements

  • Drop support for Go 1.6 since tests now use t.Run()
  • PR #167: Use Go's net.JoinHostPort which will auto-detect ipv6
  • Issue #177: TCP+SNI proxy does not work with PROXY protocol

Bug Fixes

  • Issue #172: Consul cert store URL with token not parsed correctly

v1.3.2 - 11 Sep 2016

Bug Fixes

v1.3.1 - 9 Sep 2016

Bug Fixes

  • Issue #157: ParseListen may set the wrong protocol

v1.3 - 9 Sep 2016

Features

Improvements

  • Issue #125: Extended metrics
  • Issue #134: Vault token should not require 'root' or 'sudo' privileges
  • PR #154: Make route metric names configurable

v1.2.1 - 25 Aug 2016

Features

Improvements

  • Issue #136: Always deregister from consul
  • PR #143: Improve error message on missing trailing slash

Bug Fixes

  • Issue #146: fabio fails to start with "[FATAL] 1.2. missing 'cs' in cs"

v1.2 - 16 Jul 2016

Features

Improvements

v1.1.6 - 12 Jul 2016

Bug Fixes

  • Issue #108: TLS handshake error: failed to verify client's certificate
  • Issue #122: X-Forwarded-Port should use local port

v1.1.5 - 23 Jun 2016

Improvements

  • PR #117: Allow routes to a service in warning status

v1.1.4 - 15 Jun 2016

Improvements

v1.1.3 - 20 May 2016

Features

Improvements

  • Drop support for Go 1.5
  • Issue #55: Expand ${DC} to consul datacenter
  • Issue #96: Allow tags for fabio service registration
  • Issue #98: Improve forward header
  • Issue #103: Trim whitespace around tag
  • Issue #104: Keep sort order in UI stable

v1.1.2 - 27 Apr 2016

Improvements

  • Upgrade to Go 1.5.4 and Go 1.6.2
  • PR #74: Improve forward header handling
  • Issue #77: Fix registry.consul.register.addr example in properties
  • Issue #88: Use consul node address
  • Issue #90: Drop default port from request

v1.1.1 - 22 Feb 2016

Improvements

  • Issue #57: Deleted routes hide visible routes
  • Issue #59: Latest fabio docker image fails consul check
  • PR #58: Fix use of local ip in consul service registration

v1.1 - 18 Feb 2016

Features

Improvements

  • Drop support for Go 1.4 and build for both Go 1.5.3 and Go 1.6
  • Issue #37: Add support for consul ACL token to demo server
  • Issue #41: Cleanup metrics for deleted routes
  • Issue #47: Move dependencies to vendor path
  • Issue #48: Allow configuration of serviceip used during consul registration
  • PR #49: Fix up use of addr in service registration

v1.0.9 - 16 Jan 2016

Improvements

  • Issue #53: Make read and write timeout configurable

v1.0.8 - 14 Jan 2016

Features

  • Issue #36: Add support for consul ACL token

Improvements

  • Upgrade to Go 1.5.3
  • Issue #29: Include service with check ids other than 'service:*'
  • Issue #30: Register fabio with local ip address as fallback

v1.0.7 - 13 Dec 2015

Improvements

  • Issue #22: fabio route not removed after consul deregister
  • Issue #23: routes not removed when passing empty string
  • Issue #26: Detect when consul agent is down
  • Allow to override title and color UI

v1.0.6 - 01 Dec 2015

Improvements

  • Issue #9: Enabled raw websocket proxy by default
  • Issue #15: Traffic shaping now matches on service
  • Issue #16: Improved Web UI with better filtering
  • Issue #18: Manage manual overrides via ui

v1.0.5 - 11 Nov 2015

Features

  • Issue #9: Add experimental support for web sockets
  • Issue #10: Add support for Forwarded and X-Forwarded-For header

Improvements

  • Add proxy.localip to set proxy ip address for headers

v1.0.4 - 03 Nov 2015

Features

  • Issue #8: Add support for SSL client certificate authentication

v1.0.3 - 25 Oct 2015

Improvements

  • Add Docker support and official Docker image magiconair/fabio

  • PR #5: Fix typo

v1.0.2 - 23 Oct 2015

Improvements

  • PR #3: Honor consul.url and consul.addr from config file (@jeinwag)

v1.0.1 - 21 Oct 2015

Improvements

  • Honor maintenance mode for both services and nodes

v1.0.0 - 16 Oct 2015

  • Initial open-source release