Plugin Helper: Server
The server
plugin helper manages various types of servers.
Here is an example:
The launched server is managed by the plugin helper. No need of server shutdown code in plugin's shutdown
method. The plugin shutdowns the launched servers automatically.
For more details, see Transport Section.
Methods
server_create_connection(title, port, proto: nil, bind: '0.0.0.0', shared: true, backlog: nil, tls_options: nil, **socket_options, &block)
server_create_connection(title, port, proto: nil, bind: '0.0.0.0', shared: true, backlog: nil, tls_options: nil, **socket_options, &block)
This method creates a server instance for various protocols.
The &block
is invoked with the new connection as a parameter.
title
: unique symbolport
: the port to listen toproto
: protocol type. {:tcp
,:tls
}bind
: the bind address to listen toshared
: iftrue
, share socket via server engine for multiple workersbacklog
: the maximum length of the queue for pending connectionstls_options
: options for TLSversion
: set TLS version:TLSv1_1
or:TLSv1_2
.Default:
:TLSv1_2
ciphers
: set the list of available cipher suites. (default:"ALL:!aNULL:!eNULL:!SSLv2"
)insecure
: iftrue
, set TLS verify modeNONE
cert_verifier
: if specified, pass evaluated object to OpenSSL'sverify_callback
. See also "cert_verifier
example" section.verify_fqdn
: iftrue
, validate the server certificate for the hostnamefqdn
: set FQDNenable_system_cert_store
: iftrue
, enable system default cert storeallow_self_signed_cert
: iftrue
, allow self-signed certificatecert_paths
: files contain PEM-encoded certificates
socket_options
: options for socketresolve_name
: iftrue
, resolve the hostnameconnect
: iftrue
, connect to hostnonblock
: iftrue
, use non-blocking I/Olinger_timeout
: the timeout (seconds) to setSO_LINGER
recv_timeout
: the timeout (seconds) to setSO_RECVTIMEO
send_timeout
: the timeout (seconds) to setSO_SNDTIMEO
send_keepalive_packet
: iftrue
, enable TCP keep-alive viaSO_KEEPALIVE
. See also socket article.
Example:
server_create(title, port, proto: nil, bind: '0.0.0.0', shared: true, socket: nil, backlog: nil, tls_options: nil, max_bytes: nil, flags: 0, **socket_options, &callback)
server_create(title, port, proto: nil, bind: '0.0.0.0', shared: true, socket: nil, backlog: nil, tls_options: nil, max_bytes: nil, flags: 0, **socket_options, &callback)
This method creates a server instance for various protocols.
The &block
is invoked with parameter(s) on data.
title
: unique symbolport
: the port to listen toproto
: protocol type. {:tcp
,:udp
,:tls
}bind
: the bind address to listen toshared
: iftrue
, share socket via server engine for multiple workerssocket
: socket instance for UDP (only for UDP)backlog
: the maximum length of the queue for pending connectionstls_options
: options for TLSversion
: set TLS version:TLSv1_1
or:TLSv1_2
. (default::TLSv1_2
)ciphers
: set the list of available cipher suites. (default:"ALL:!aNULL:!eNULL:!SSLv2"
)insecure
: iftrue
, set TLS verify modeNONE
cert_verifier
: if specified, pass evaluated object to OpenSSL'sverify_callback
. See also "cert_verifier
example" section.verify_fqdn
: iftrue
, validate the server certificate for the hostnamefqdn
: set FQDNenable_system_cert_store
: iftrue
, enable system default cert storeallow_self_signed_cert
: iftrue
, allow self signed certificatecert_paths
: files contain PEM-encoded certificates
max_bytes
: the maximum number of bytes to receive (required for UDP)flags
: zero or more of theMSG_
options (UDP-only)socket_options
: options for socketresolve_name
: iftrue
, resolve the hostnameconnect
: iftrue
, connect to hostnonblock
: iftrue
, use non-blocking I/Olinger_timeout
: the timeout (seconds) to setSO_LINGER
recv_timeout
: the timeout (seconds) to setSO_RECVTIMEO
send_timeout
: the timeout (seconds) to setSO_SNDTIMEO
send_keepalive_packet
: iftrue
, enable TCP keep-alive viaSO_KEEPALIVE
. See also socket article.
Code example:
Configuration example
General configuration
linger_timeout
linger_timeout
integer
0
tcp, tls
1.14.6
The timeout (seconds) to set SO_LINGER
.
The default value 0
is to send RST rather than FIN to avoid lots of connections sitting in TIME_WAIT on closing on non-Windows.
You can set positive value to send FIN on closing on non-Windows.
On Windows, Fluentd sends FIN without depending on this setting.
TLS configuration: Basic examples
Use existing certs (signed by public CA or self signed CA)
Use certs automatically generated by Fluentd
Case 1. Use existing certs (signed by public CA or self signed CA)
If cert_path
and private_key_path
are specified, certs generation is disabled. The existing certs are loaded.
Case 2. Use certs automatically generated by Fluentd
If ca_cert_path
and ca_private_key_path
are specified, certs generation is enabled. You can customize cert generation behavior via generation_...
parameters. See Generated and Signed by Private CA Certs or Self-signed Parameters about parameter details.
TLS configuration: cert_verifier
example
cert_verifier
examplecert_verifier
is supported since v1.10.0.
Configuration example:
my_verifier.rb
example
The code must return a callable object that has a call
method with two arguments. This object is used as OpenSSL's verify_callback
.
Proc
or lambda
Object for the Simple Scenario
Proc
or lambda
Object for the Simple ScenarioUse class
for the Complicated Scenario
class
for the Complicated ScenarioThis is CN check example:
Plugins using server
server
If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is an open-source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Last updated