v1.6.2 - 13 September 2022
- Issue #903 PR #904 - Improve TLS Cipher Suite parser in the config loader to handle modern TLS 1.3 cipher suites. This should no longer require manual updating of code as new cipher suites are added to the standard library crypto/tls package.
v1.6.1 - 14 July 2022
- PR #811 - Add command line flag to toggle required consistency on consul reads. (@jeremycw)
- PR #860 - Fix x-forwarded-for header processing for ws connections. (@bn0ir)
- PR #854 - Update registry documentation for custom type. (@webmutation)
- Issue #873 - Bump version of go-diff dependency to fix reported crash. (@ddreier @nathanejohnson)
- PR #816 - Fix memory leak around GRPC connections. (@nathanejohnson)
- PR #884 - Fix CSS issue in clipboards in hugo docs (@KTruesdellENA)
- PR #875 - Build multi-arch Docker images for amd64 and arm64 architectures (@vamc19)
- PR #885 - Moved admin UI assets to use go embed. (@nathanejohnson)
- Issue #866 - Fixed issue where admin UI overrides were not working properly. (@nathanejohnson @KTruesdellENA)
- Issue #858 - Add option to specify TLS 1.3 for min and max version (@dcarbone @nathanejohnson)
- PR #896 - Set SNI to match host for https routes (@KTruesdellENA)
- Issue #872 - Crash on using rnd stratgy on 32 bit platforms fixed (@sbrl @nathanejohnson)
Minimum go version is bumped to 1.16 since we use embed functionality.
v1.6.0 - 11 April 2022
-
PR #476 - Metrics refactor (@magiconair @nathanejohnson)
This is a large change. All previously supported metrics backends are still supported, however this is a complete rewrite of the functionality moving over to the gokit framework for implementations. In addition to all previously supported metrics backends (circonus, graphite, statsd), prometheus support has been added, as well as dogstatsd, have been added, with full tagging support. Unfortunately some backwards compatibility with graphana histograms does not work, due to the way gokit handles these. Statsd support has changed as well, but it was horribly broken in that counters never reset like they were supposed to. Overall, the improvements should outweigh the negatives of backwards compatibility for most people.
-
PR #868 - Updating go and alpine versions for Docker (@Netlims)
-
PR #869 - Updating golang.orgx/sys dependency version (@nathanejohnson)
-
PR #866 - Support for arm64 mac build (@nathanejohnson)
-
PR #863 - Add IdleConnTimeout configuration option for http transport (@aal89)
-
PR #857 - admin/ui updates (@dcarbone), updating UI dependencies and generation from Makefile
As mentioned above, Graphite histograms have changed.
- PR #867 - Improve performance of building routing table (@ddreier)
- PR #864 - Fix example commands in registry.consul.kvpath (@blake)
v1.5.15 - 1 Dec 2020
- PR #790 - Fix typo in CHANGELOG.md (@stevenscg)
- PR #798 - Stop dynamic TCP listener when upstream is no longer available (@fwkz)
v1.5.14 - 9 Sep 2020
-
PR #644 - Better error handling (@danlsgiga)
-
PR #739 - Fix infinite buffering of SSE responses when gzip is enabled (@ctlajoie)
-
PR #733 - Add missing entry to example route (@BenjaminHerbert)
-
PR #674 - Deprecate deregisterCriticalServiceAfter option (@pschultz)
-
PR #648 - Issue #647 NormalizeHost (@murphymj25)
-
Issue #737 - Preserve table state by storing buffer table in fixed strings (@leprechau)
-
PR #774 - Documentation fixes (@Oxflotus)
-
PR #775 - fix typo in comments (@josgraha)
-
PR #787 - fix matchingHostNoGlob sometimes returns incorrect host (@nathanejohnson @leprechau)
-
PR #626: Add TCP Dynamic support (@murphymj25)
-
PR #635: Add idleTimeout to config and to serve.go HTTP server (@galen0624)
-
PR #572: Issue #558 - Add Polling Interval from Fabio to Consul to Fabio Config (@galen0624)
-
PR #615: Issue #554 - Added compiled glob matching using LRU Cache (@galen0624 @magiconair @leprechau)
-
PR #715: Add HTTP method and path to trace span operation name (@hobochili)
-
PR #489: Pass encoded characters in path unchanged (@valentin-krasontovitsch)
-
PR #784: Add https+tcp+sni listener support (@nathanejohnson)
v1.5.13 - 18 Nov 2019
-
PR #710: Safely handle missing cert from Vault KV store
-
Issue #719: Fix detailed config log
v1.5.12 - 11 Oct 2019
- Issue #657: Fix default registration address
fabio used to register its UI in Consul with address :9998
, even if
-ui.addr
was set to a different value. That made it necessary to specify
both -ui.addr
and -registry.consul.register.addr
in most cases. Now
-registry.consul.register.addr
defaults to the value of -ui.addr
.
If you set -ui.addr
to something other than :9998
and intentionally
omitted the -registry.consul.register.addr
flag (because the UI is behind a
proxy, for instance), you will now have to set -registry.consul.register.addr=:9998
to get the previous behavior.
Thanks to @ttais2017 for the report.
-
PR #677: Add Vault example to the traffic shaping section. (@jrasell)
-
PR #675: Fix matching priority for host:port tuples (@pschultz)
-
PR #664: Clean-up fabio service entries in Consul on dirty exit
In the case fabio dies abruptly, the steps to deregister any fabio-related services in Consul will not take place. In certain cases this could result in duplicate service and check entries after fabio restarts, especially if fabio runs in a Docker container.
This PR addresses this issue by registering an additional TTL check that acts as a deadman switch and removes abandoned service registrations eventually.
Thanks to @pires for the report and the fix.
- PR #669: Add option for downgrading tracing IDs to 64 bit
When tracing is enabled, fabio injected 128 bit root span IDs if necessary.
This can now be downgraded to 64 bit IDs by setting the new
tracing.TraceID128Bit
option to false.
Existing 128 bit trace IDs in incoming requests are not affected by this option and forwarded unchanged.
Thanks to @gfloyd for the patch.
-
PR #624: added support for profile/tracing (@galen0624)
-
PR #641: ui: Remove duplicate destination column (@pschultz)
-
PR #658: config: let registry.consul.register.addr default to ui.addr enhancement (@pschultz)
-
PR #620: Read Vault token from file
The new vaultfetchtoken
option for the vault and vault-pki certificate
sources can be used to load Vault tokens from environment variables other
than VAULT_TOKEN
and from files on disk. fabio will automatically notice
when file contents change and start using new tokens.
This improves integration with Nomad and the Vault Agent.
Thanks to @murphymj25 for the patch.
-
PR #643: Bundle UI assets (@pschultz)
-
PR #653: Use go-sockaddr to parse address strings (@leprechau)
-
PR #655: Fix SSE by implementing Flusher in responseWriter wrapper (@gfloyd)
-
PR #645: ensure absolute path after strip to maintain rfc complaince (@leprechau)
-
PR #629: Issue 595 watchbackend (@murphymj25)
-
PR #639: use vendor directory when building - fixes #638 (@leprechau)
-
PR #637: fix exit status code enhancement (@ianic)
-
PR #602: added support for Consul TLS transport (@sev3ryn)
-
PR #610: Improved basic auth htpasswd file refresh #604 (@mfuterko)
-
PR #614: Issue 611 Added Custom API Driven Back end (@galen0624)
-
PR #617: Fix newBasicAuth function to pass the test (@mfuterko)
-
PR #607: Address #545 - wrong use function strings.HasPrefix (@mfuterko)
-
PR #604: Implement basic auth htpasswd file refresh (@mfuterko)
-
PR #606: docs: fix layout without JS enabled (@pschultz)
-
PR #598: Proxy protocol on outbound tcp, tcp+sni and tcp with tls connection (@mfuterko)
v1.5.11 - 25 Feb 2019
-
Issue #524: Fix TCP proxy
Adding access control in 1.5.8 broke the TCP proxy for clients which wait for a server handshake before they send data themself, e.g. MySQL client. Calling
RemoteAddr
to check the access list is a blocking call on the underlying listener. The Go team fixed this for HTTP in golang/go#12943 but fabio was still affected.This patch disables the PROXY protocol by default and you have to enable it if you need it. You can control this with the
pxyproto
andpxytimeout
options which allow to enable/disable the protocol and add a timeout for auto-detection if it is enabled.Thanks to @pschultz and @leprechau for the debugging and patch.
-
PR #577: Fix ip access rules within tcp proxy
Access rules were not being evaluated in the
tcp
proxy.Thanks to @KEZHwMlXV1vFzs6QvY8v5WjX5 for identifying the issue, providing a solution, and testing.
-
PR #588: Fix XSS vulnerability in UI
Thanks to @pschultz.
-
PR #564: refactor consul service monitor
This patch addresses Issue #558 where route updates are delayed when there are a large number of services registered in Consul. This patch adds a new option
registry.consul.serviceMonitors
to configure the concurrency for routing table updates.Thanks to @galen0624 for the issue report and the initial patch.
-
PR #574: add support for circonus.submissionurl
Thanks to @stack72 for the patch.
-
PR #583: Update PROXY protocol docs
This patch updates the documentation around the PROXY protocol.
Thanks to @leprechau.
-
PR #587: Make dest column clickable
This patch makes the dest column in the fabio UI clickable.
Thanks to @kneufeld.
-
PR #429: Support for opentracing
This patch adds support for opentracing.
Thanks to Jeremy White, Kristina Fischer, Micheal Murphz, Nathan West, Austin Hartzheim and Jacob Hansen for this patch!
-
PR #553: Support for case-insensitive matching
This patch adds a new
iprefix
option to theproxy.matcher
to support case-insensitive path prefix matching.Thanks to @herbrandson for the patch.
-
PR #573: add http-basic auth reading from a file
This patch adds support for HTTP Basic Authentication via an
htpasswd
file.Thanks to @andyroyle for the patch.
-
PR #575: Add GRPC proxy support
This patch adds proper GRPC proxy support, including TLS upstream and TLS termination.
Thanks to @andyroyle for the patch.
v1.5.10 - 25 Oct 2018
-
Issue #530: Memory leak in go-metrics library
When metrics collection was enabled within fabio instances with very dynamic route changes memory usage quickly ramped above expected levels. Research done by @galen0624 identified the issue and lead to the discovery of a fix in an updated version of the go-metrics library used by fabio.
-
Issue #506: Wrong route for multiple matching host glob patterns
When multiple host glob patterns match an incoming request fabio can pick the wrong backend for the request. This is because the sorting code that should sort the matching patterns from most specific to least specific does not take into account that doamin names have their most specific part at the front. This has been fixed by reversing the domain names before sorting.
-
The default Docker image is now based on alpine:3.8 and runs the full test suite during build. It also sets
/usr/bin/fabio
asENTRYPOINT
with-cfg /etc/fabio/fabio.properties
as default command line arguments. The previous image was built onscratch
. -
PR #497: Make tests pass with latest Consul and Vault versions
Thanks to @pschultz for the patch.
-
PR #531: Set flush buffer interval for non-SSE requests
This PR adds a
proxy.globalflushinterval
option to configure an interval when the HTTP Response Buffer is flushed.Thanks to @samm-git for the patch.
-
Issue #542: Ignore host case when adding and matching routes
Fabio was forcing hostnames in routes added via Consul tags to lowercase. This caused problems
with table lookups that were not case-insensitive. The patch applied in #543 forces all routes added
via consul tags or the internal addRoute
to have lower case hostnames in addition to forcing
hostnames to lowercase before performing table lookups. This means that the host portion of routes and
host based table lookups in fabio are no longer case sensitive.
Thanks to @shantanugadgil for the patch.
-
Issue #548: Slow glob matching with large number of services
This patch adds the new
glob.matching.disabled
option which controls whether glob matching is enabled for route lookups. If the number of routes is large then the glob matching can have a performance impact and disabling it may help.
Thanks to @galen0624 for the patch and @leprechau for the review.
- Issue #544: Add $host pseudo variable
This PR added support for $host
pseudo variable that behaves similarly to the $path
variable.
You should now be able to create a global redirect for requests received on any host to the same or different
request host on the same or different path when combined with the $path
variable. This allows for a truly global
protocol redirect of HTTP -> HTTPS traffic irrespective of host and path.
Thanks to @holtwilkins for the patch.
v1.5.9 - 16 May 2018
-
Issue #494: Tests fail with Vault > 0.9.6 and Consul > 1.0.6
Needs more investigation.
- None
-
Issue #460: Fix access logging when gzip is enabled
Fabio was not writing access logs when the gzip compression was enabled.
Thanks to @tino for finding this and providing and initial patch.
-
PR #468: Fix the regex of the example proxy.gzip.contenttype
The example regexp for
proxy.gzip.contenttype
infabio.properties
was not properly escaped.Thanks to @tino for the patch.
-
Issue #421: Fabio routing to wrong backend
Fabio does not close websocket connections if the connection upgrade fails. This can lead to connections being routed to the wrong backend if there is another HTTP router like nginx in front of fabio. The failed websocket connection creates a direct TCP tunnel to the original backend server and that connection is not closed properly.
The patches detect an unsuccessful handshake and close the connection properly.
Thanks to @craigday for the original reporting and debugging.
-
Issue #427: Fabio does not remove service when one of the registered health-checks fail
If a service has more than one health check then the behavior in whether the service is available differs between Consul and Fabio. Consul requires that all health checks for a service need to pass in order to return a positive DNS result. Fabio requires only one of the health checks to pass.
A new config option
registry.consul.checksRequired
has been added which defaults to the current fabio behavior ofone
passing health check for the service to be added to the routing table. To make fabio behave like Consul you can set the option toall
.Fabio will make
all
the default as of version 1.6.Thanks to @systemfreund for the patch.
-
Issue #448: Redirect http to https on the same destination
Fabio will now handle redirecting from http to https on the same destination without a redirect loop.
Thanks to @leprechau for the patch and to @atillamas for the original PR and the discussion.
-
PR #453: Handle proxy chains of any length
Fabio will now validate that all elements of the
X-Forwarded-For
header are allowed by the given ACL of the route. See discussion in PR #449 for details.Thanks to @leprechau for the patch and to @atillamas for the original PR and the discussion.
-
Issue #452: Add improved glob matcher
Fabio now uses the
github.com/gobaws/glob
package for glob matching which allows more complex patterns.Thanks to @sharbov for the patch.
- None
v1.5.8 - 18 Feb 2018
- None
-
Fix windows build.
fabio 1.5.7 broke the Windows build but this wasn't detected since the new build process did not build the Windows binaries. This has been fixed.
-
Issue #438: Do not add separator to
noroute.html
pagefabio 1.5.7 added support for multiple routing tables in Consul and added a comment which described the origin to the output. The same comment was added to the
noroute.html
page since the same code is used to fetch it. This returned an invalid HTML page which has been fixed.
-
PR #423: TCP+SNI support arbitrary large Client Hello
With this patch fabio correctly parses
ClientHello
messages on TLS connections up to their maximum size.Thanks to @DanSipola for the patch.
-
PR #426: Add option to allow Fabio to register frontend services in Consul on behalf of user services
With this patch fabio can register itself multiple times under different names in Consul. By adding the
register=name
option to a route fabio will register itself under that name as well.Thanks to @rileyje for the patch.
-
PR #442: Add basic ip centric access control on routes
With this patch fabio adds an
allow
anddeny
option to the routes which allows for basic ip white and black listing of IPv4 and IPv6 addresses. See http://fabiolb.net/feature/access-control/ for more details.Thanks to @leprechau for the patch and @microadam for the testing.
v1.5.7 - 6 Feb 2018
- None
-
Issue #434: VaultPKI tests fail with go1.10rc1
All unit tests pass now on go1.10rc1.
-
Issue #369: Warn if fabio is run as root
fabio 1.5.7 emits a recurring warning when run as root. This can be disabled when using the new
-insecure
flag which also provides a link to alternatives. -
Issue #433:
proxy.noroutestatus
must be three digit codego1.10 will enforce that HTTP status codes must be three digit values
[100,1000)
and and otherwise the handler will panic. This change enforces that theproxy.noroutestatus
has a valid status code value.
-
Issue #396: treat
registry.consul.kvpath
as prefixThis patch allows fabio to have multiple manual routing tables stored in consul, e.g. under
fabio/config/foo
andfabio/config/bar
. The routing table fragments are concatenated in lexicographical order of the keys and the log output contains comments to indicate to which key the segment belongs. -
PR #425: Add support for HSTS headers
fabio has now support for adding HSTS headers to the response.
Thanks to @leprechau for the patch.
v1.5.6 - 5 Jan 2018
- None
-
Issue #216/Issue #383/PR #414: Do not require globally unique service IDs
Since version 1.0 fabio required all service ids in Consul to be globally unique although service ids only have to be unique per Consul agent. This patch fixes this.
Thanks to @dropje86 and @alvaroaleman for the patch!
-
Issue #408: Log Consul state changes as DEBUG
Health changed to xxx
and similar log messages will be logged asDEBUG
. -
PR #415: Honor the
-version
flagfabio -version
does now what you would expect it to do.
v1.5.5 - 21 Dec 2017
- None
-
PR #398: Add custom no route HTML page
This patch adds support for a custom HTML template stored in Consul or on the file system which will be returned when there is no route.
Thanks to @tino for the patch!
v1.5.4 - 10 Dec 2017
- None
-
Issue #87/PR #395: Add redirect support
This patch adds support to redirect a request for a matching route to another URL. If the
redirect=<code>
option is set on a route fabio will send a redirect response to the dst address with the given code.The syntax for the
urlprefix-
tag is slightly different since the destination address is usually generated from the service registration stored in Consul.The
$path
pseudo-variable can be used to include the original request URI in the destination target.Thanks to @ctlajoie for providing this patch!
# redirect /foo to https://www.foo.com/
route add svc /foo https://www.foo.com/ opts "redirect=301"
# redirect /foo to https://www.foo.com/
urlprefix-/foo redirect=301,https://www.foo.com/
# redirect /foo to https://www.foo.com/foo
urlprefix-/foo redirect=301,https://www.foo.com$path
-
Issue #385: opts with host= with multiple routes does not work as expected
When multiple routes for the same path had different
host
options then only the one set on the first route worked. This has been fixed so that theHost
header is now set according to the selected target. -
Issue #389: match exact host before glob matches
When there is an exact match and a glob match for a hostname then the exact match is preferred.
-
PR #380: Set X-Forwared-Host header if not present
Fabio now sets the
X-Forwarded-Host
header if it isn't present. -
Issue #400: Do not exit on SIGHUP
Fabio will now ignore the
SIGHUP
signal. Additionally, the caught signal is logged with the action (exit or ignore).
v1.5.3 - 3 Nov 2017
- None
-
PR #315/Issue #135: Vault PKI cert source
This adds support for using Vault as a PKI cert source.
Thanks to @pschultz for providing this patch!
-
Issue #306: Add metrics for TCP and TCP+SNI proxy
fabio now reports metrics for TCP and TCP+SNI connections.
-
Issue #330: Strip option has no effect on websockets
The
strip=/prefix
option now works correctly on web sockets -
Issue #350: statsd - unable to parse line - gf metric
fabio now correctly reports mean values for timers as gauge values to statsd.
-
Issue #320: FATAL error when metrics cannot be delivered
fabio adds a
metrics.timeout
and ametrics.retry
config parameter to control when the the metrics backend should become available and changes the default behavior to retry for some time before giving up. -
PR #366: add leveled logging
Add a
-log-level
parameter which allows to control the log level. -
Issue #367: nodes and services in maintenance can cause excessive logging
Notifications about nodes and services in maintenance mode are now logged as DEBUG and therefore filtered out by default.
-
Issue #375:
host
option allows to setHost
headerThe
host
option now allows to set theHost
header to the provided value in addition to the specialdst
value.
v1.5.2 - 24 Jul 2017
- None
-
Issue #305: 1.5.0 config compatibility problem
In fabio 1.5.0 the key/value parsing was refactored and that introduced a bug where a second
=
failed to parse correctly and prevented fabio from starting.
-
PR #321: Cleanup TCP proxy connections
This patch updates the internal connection map when a connection is closed.
Thanks to @crypto89 for this patch.
v1.5.1 - 6 Jul 2017
-
Added Code of Conduct
-
Add support for
detail
format forlog.routes.format
The
detail
format prints the routing table with more detail than the other formats and it isn't intended to be machine readable.
./fabio -log.routes.format detail
2017/06/19 11:51:14 [INFO] Updated config to
+-- host=:3306
| +-- path=
| |-- addr=127.0.0.1:5001 weight 0.20 slots 2000/10000
| +-- addr=127.0.0.1:5000 weight 0.80 slots 8000/10000
+-- host=:3307
+-- path=
+-- addr=127.0.0.1:5002 weight 1.00 slots 1/1
-
Issue #42: Add support for 'weight=f' option in urlprefix tag
This allows to specify a manual weight on the
urlprefix-
tag. This can be used to manually distribute the load between multiple TCP endpoints or to have an active/standby setup by settingweight=1
on the active andweight=0
on the standby server. -
Issue #274/PR #314: Avoid premature Vault token renewal
Non-renewable tokens are no longer renewed. In addition, the token TTL is honored for token that can be renewed.
Thanks to @pschultz for this patch.
-
PR #313: Tests work now with Vault 0.7.x
Thanks to @pschultz for this patch.
v1.5.0 - 7 Jun 2017
- Support for the deprecated
proxy.addr
format:port;certfile;keyfile;cafile
has been dropped. Please use insteadproxy.addr
in combination with a certificate store.
-
Upgrade to go1.8.3
-
Issue #133: websockets failing with 500 on rancher
Rancher is a Java application which uses
java.net.URL
to compose the original request URL from theX-Forwarded-Proto
and other headers. Thejava.net.URL
class does not support thews
orwss
protocol without a matchingjava.net.URLStreamHandler
implementation. Java code should use thejava.net.URI
class for these types of URLs instead. However, theX-Forwarded-Proto
header isn't specified as theForwarded
header (RFC 7239) and the common usage is to only use eitherhttp
orhttps
for websocket connections. In order not to break existing applications fabio now sets theX-Forwarded-Proto
header tohttp
forws
and tohttps
forwss
connections. -
PR #292: Add unique request id
fabio can now add a unique request id in form of a UUIDv4 to each request as a header. The name of the header is configurable and the value of the header can be logged to the access log.
Thanks to @bkmit for this patch.
-
Issue #249: Make TLS version and cipher suites configurable
fabio now allows to configure the TLS parameters for the handshake as part of the
proxy.addr
configuration. Seefabio.properties
for details. -
Issue #280: Add protocol data to
Forwarded
headerfabio adds
httpproto
,tlsver
andtlsciphers
to theForwarded
header. -
Issue #290: Add profiling support
fabio now supports optional memory, cpu, mutex and block (contention) profiling. Profiling is enabled through the
profile.mode
flag which determines the mode. Theprofile.path
flag determines the output path. -
Issue #294: Use upstream host name for request
Add support for a
host=dst
option on the route to trigger fabio to use the target hostname for the outgoing request instead of the host name provided by the original request. -
Issue #296: Sync X-Forwarded-Proto and Forwarded header when possible
The X-Forwarded-Proto header and the proto value of the Forwarded header can get out of sync when an upstream load balancer sets the one but not the other header. Fabio would then not touch the existing header and derive the value for the unset header based on the connection.
This patch changes this behavior so that the value for the missing header is derived from the other one. When both headers are set they are both left untouched since it cannot be decided which one is the source of truth.
-
Issue #300: Support Gzip encoding for websockets
Setting the
Accept-Encoding
header togzip
and enabling gzip compression triggered a bug in fabio which prevented the use of gzip compression on websocket connections. -
Issue #302: Add support for read-only UI
The
ui.access
parameter can be used to configure the ui endpoint to be in either read-write or read-only mode. -
Issue #304: Add support for X-Forwarded-Prefix header
The
X-Forwarded-Prefix
header is added when thestrip=/foo
option is used on a route and contains the path that was stripped (e.g./foo
).
v1.4.4 - 8 May 2017
-
Issue #271: Support websocket for HTTPS upstream
This patch fixes that websocket connections are not forwarded to an HTTPS upstream server.
-
Issue #279: fabio does not start with multiple listeners
Commit 5a23cb1 found in #265 added code for not swallowing the errors but did not capture the loop variable for the go routines when starting listeners. This prevented fabio from starting up properly when being configured with more than one listener.
-
Issue #289: Fabio does not advertise http/1.1 on TLS connections
This patch makes fabio announce both
h2
andhttp/1.1
as application level protocols on TLS connections.
-
The listener code no longer swallows the errors and exits if it cannot create a listening socket.
-
Issue #278: Add service name to access log fields
Add
$upstream_service
which contains the service name of the selected target to the available access log fields.
v1.4.3 - 24 Apr 2017
-
Issue #269: Access log cannot be disabled
The access logging feature that was added in v1.4.1 did not allow to disable the access logging output and all fabio instances were writing an access log by default. Also, the logging setup code would leave fabio registered in consul in case of a failure.
-
PR #268: Add support for TLSSkipVerify for https consul fabio check
When the fabio admin port is configured to use HTTPS then the consul health check has to use HTTPS as well. The new
registry.consul.register.checkTLSSkipVerify
option allows to disable TLS certificate validation for this check. This requires consul 0.7.2 or higher.Thanks to @Ginja for providing this patch.
-
Demo server supports HTTPS
The
demo/server/server
now supportshttps
andwss
to test the HTTPS upstream support. To run an HTTPS server run the following# generate some test certs cd $GOPATH/src/github.com/fabiolb/fabio build/issue-225-gen-cert.bash # build and run the demo server cd demo/server go build ./server -certFile ../cert/server/server-cert.pem -keyFile ../cert/server/server-key.pem -proto https -prefix "/foo tlsskipverify=true"
-
Add route options to UI
The UI now shows the combined options from all targets for a route.
-
Add fabio logo to UI
The Fabio logo is displayed on all UI pages.
v1.4.2 - 10 Apr 2017
The vault tests do not yet pass with vault 0.7.0 and support for vault 0.7.0 has yet to be confirmed. fabio is known to work with vault 0.6.4.
-
PR #257, Issue #181: Add HTTPS Upstream Support
Upstream servers can now be served via HTTPS. To enable this for a route add the
proto=https
option to theurlprefix-
tag. The upstream certificate needs to be in the system certificate chain for the certificate validation to succeed. To disable certificate validation for upstream requests add thetlsskipverify=true
option. Support for certificate stores for upstream servers may come at a later point.Thanks to @shadowfax-chc for providing this patch.
See: https://github.com/fabiolb/fabio/wiki/Features#https-upstream-support
-
PR #258: Allow UI/API to be served over HTTPS
The UI/API endpoint can now be served via HTTPS. To enable this configure the
ui.addr
property with acs=<cert store>
option like theproxy.addr
listeners.Thanks to @shadowfax-chc for providing this patch.
- Upgrade to go1.8.1
- Run tests with consul 0.8.0
- Improve CHANGELOG
v1.4.1 - 4 Apr 2017
-
Issue #80: Add support for access logging
fabio now supports configurable access logging. By default access logging is disabled and can be enabled with
log.access.target=stdout
. The default format is the Common Log Format but can be changed to either the Combined Log Format or a custom log format by settinglog.access.format
Thanks to @beyondblog for providing the initial patch.
See: https://github.com/fabiolb/fabio/wiki/Features#access-logging
v1.4 - 25 Mar 2017
-
Issue #1, Issue #179: Add generic TCP Proxy support
fabio now supports raw TCP proxying support by setting the
proto=tcp
option on theurlprefix-
tag. The target needs to be the external port of the service, e.g.urlprefix-:3306
for a MySQL proxy. fabio needs to have a TCP listener configured for that port through theproxy.addr
option, e.g.proxy.addr=:3306;proto=tcp
.The TCP proxy also supports TLS which is configured through the
cs=<cert store>
option like the HTTPS listeners. -
Issue #163: Support glob host matching
This patch adds support for glob host matching the hostname in routes like
urlprefix-*.foo.com/bar
.
-
Upgrade to Go 1.8 and drop support for Go 1.7
-
Issue #178: Add tests and timeouts to TCP+SNI proxy
Add full integration tests and support for read/write timeouts through the
rt=
andwt=
options on the listener config for the TCP+SNI proxy. The initial implementation was only tested manually. -
Issue #248: Start listener after routing table is initialized
fabio now waits for the first routing table before serving requests. This should remove 503s during restarts on heavily loaded sites.
v1.3.8 - 14 Feb 2017
- Issue #219: Support absolute URLs
- Upgrade to Go 1.7.5
- Issue #238: Make route update logging format configurable. Log delta by default
- Issue #240: Retry registry during startup
v1.3.7 - 19 Jan 2017
- Issue #44, Issue #124, Issue #164: Support path stripping
- Issue #201: Support deleting routes by tag
- Issue #207: Bad statsd mean metric format
- Issue #217: fabio 1.3.6 UI displays host and path as 'undefined' in the routes page
- Issue #218: requests and notfound metric missing
v1.3.6 - 17 Jan 2017
- Upgrade to Go 1.7.4
- Issue #111: Refactor urlprefix tags (step 1: options and new parser)
- Issue #186: runtime error: integer divide by zero
- Issue #199: Refactor config loader tests
- Issue #215: Re-enable HTTP/2 support
v1.3.5 - 30 Nov 2016
- Issue #182: Initialize Vault client better
- Issue #183: Websocket header casing
- Issue #189: missing 'cs' in map
- Issue #194: Remove proxy.header.tls header from inbound request
- Issue #197: Add support for '--version'
v1.3.4 - 28 Oct 2016
- Issue #119: Transparent response body compression
- Upgrade to Go 1.7.3
v1.3.3 - 12 Oct 2016
- Drop support for Go 1.6 since tests now use
t.Run()
- PR #167: Use Go's net.JoinHostPort which will auto-detect ipv6
- Issue #177: TCP+SNI proxy does not work with PROXY protocol
- Issue #172: Consul cert store URL with token not parsed correctly
v1.3.2 - 11 Sep 2016
- Issue #159: Panic on invalid response
v1.3.1 - 9 Sep 2016
- Issue #157: ParseListen may set the wrong protocol
v1.3 - 9 Sep 2016
- Issue #1: Add TCP proxy with SNI support (EXPERIMENTAL)
- Issue #138: Add option to disable cert fallback
- Issue #147: Support multiple metrics libraries
- Issue #151/PR #150: Add support for Circonus metrics
- Issue #125: Extended metrics
- Issue #134: Vault token should not require 'root' or 'sudo' privileges
- PR #154: Make route metric names configurable
v1.2.1 - 25 Aug 2016
- Issue #73/PR #139: Add statsd support
- Issue #129: Server-sent events support
- Issue #136: Always deregister from consul
- PR #143: Improve error message on missing trailing slash
- Issue #146: fabio fails to start with "[FATAL] 1.2. missing 'cs' in cs"
v1.2 - 16 Jul 2016
v1.1.6 - 12 Jul 2016
- Issue #108: TLS handshake error: failed to verify client's certificate
- Issue #122: X-Forwarded-Port should use local port
v1.1.5 - 23 Jun 2016
- PR #117: Allow routes to a service in warning status
v1.1.4 - 15 Jun 2016
- Issue #99: Disable fabio health check in consul
- Issue #100: Keep fabio registered in consul
- Issue #107: Custom status code when no route found
v1.1.3 - 20 May 2016
- Issue #95: Expand experimental HTTP API
- Issue #97: Support PROXY protocol
- PR #93: Add glob path matching
- Drop support for Go 1.5
- Issue #55: Expand ${DC} to consul datacenter
- Issue #96: Allow tags for fabio service registration
- Issue #98: Improve forward header
- Issue #103: Trim whitespace around tag
- Issue #104: Keep sort order in UI stable
v1.1.2 - 27 Apr 2016
- Upgrade to Go 1.5.4 and Go 1.6.2
- PR #74: Improve forward header handling
- Issue #77: Fix registry.consul.register.addr example in properties
- Issue #88: Use consul node address
- Issue #90: Drop default port from request
v1.1.1 - 22 Feb 2016
- Issue #57: Deleted routes hide visible routes
- Issue #59: Latest fabio docker image fails consul check
- PR #58: Fix use of local ip in consul service registration
v1.1 - 18 Feb 2016
- Issue #12: Support additional backends
- Issue #32: HTTP2 support with latest Go
- Issue #43: Allow configuration via env vars
- Drop support for Go 1.4 and build for both Go 1.5.3 and Go 1.6
- Issue #37: Add support for consul ACL token to demo server
- Issue #41: Cleanup metrics for deleted routes
- Issue #47: Move dependencies to vendor path
- Issue #48: Allow configuration of serviceip used during consul registration
- PR #49: Fix up use of addr in service registration
v1.0.9 - 16 Jan 2016
- Issue #53: Make read and write timeout configurable
v1.0.8 - 14 Jan 2016
- Issue #36: Add support for consul ACL token
- Upgrade to Go 1.5.3
- Issue #29: Include service with check ids other than 'service:*'
- Issue #30: Register fabio with local ip address as fallback
v1.0.7 - 13 Dec 2015
- Issue #22: fabio route not removed after consul deregister
- Issue #23: routes not removed when passing empty string
- Issue #26: Detect when consul agent is down
- Allow to override title and color UI
v1.0.6 - 01 Dec 2015
- Issue #9: Enabled raw websocket proxy by default
- Issue #15: Traffic shaping now matches on service
- Issue #16: Improved Web UI with better filtering
- Issue #18: Manage manual overrides via ui
v1.0.5 - 11 Nov 2015
- Issue #9: Add experimental support for web sockets
- Issue #10: Add support for
Forwarded
andX-Forwarded-For
header
- Add
proxy.localip
to set proxy ip address for headers
v1.0.4 - 03 Nov 2015
- Issue #8: Add support for SSL client certificate authentication
v1.0.3 - 25 Oct 2015
-
Add Docker support and official Docker image
magiconair/fabio
-
PR #5: Fix typo
v1.0.2 - 23 Oct 2015
v1.0.1 - 21 Oct 2015
- Honor maintenance mode for both services and nodes
v1.0.0 - 16 Oct 2015
- Initial open-source release