When {page-component-title} runs it kicks off an HTTP server that provides a few generally useful endpoints and is also where configured components such as the http_server input and output can register their own endpoints if they don’t require their own host/port.
The configuration for this server lives under the http namespace, with the following default values:
- Common
-
# Common config fields, showing default values http: enabled: true address: 0.0.0.0:4195 root_path: /benthos debug_endpoints: false
- Advanced
-
# All config fields, showing default values http: enabled: true address: 0.0.0.0:4195 root_path: /benthos debug_endpoints: false cert_file: "" key_file: "" cors: enabled: false allowed_origins: [] basic_auth: enabled: false realm: restricted username: "" password_hash: "" algorithm: sha256 salt: ""
The field enabled can be set to false in order to disable the server.
The field root_path specifies a general prefix for all endpoints, this can help isolate the service endpoints when using a reverse proxy with other shared services. All endpoints will still be registered at the root as well as behind the prefix, e.g. with a root_path set to /foo the endpoint /version will be accessible from both /version and /foo/version.
By default {page-component-title} will serve traffic over HTTP. In order to enforce TLS and serve traffic exclusively over HTTPS you must provide a cert_file and key_file path in your config, which point to a file containing a certificate and a matching private key for the server respectively.
If the certificate is signed by a certificate authority, the cert_file should be the concatenation of the server’s certificate, any intermediates, and the CA’s certificate.
By default {page-component-title} does not do any sort of authentication for the service-wide HTTP server. However, it’s possible to configure basic authentication with the basic_auth field. Passwords configured must be hashed according to the specified algorithm and base64 encoded, for some hashing algorithms you can do this using {page-component-title} itself:
echo mynewpassword | rpk connect blobl 'root = content().hash("sha256").encode("base64")'The following endpoints will be generally available when the HTTP server is enabled:
-
/versionprovides version info. -
/pingcan be used as a liveness probe as it always returns a 200. -
/readycan be used as a readiness probe as it serves a 200 only when both the input and output are connected, otherwise a 503 is returned. -
/metrics,/statsboth provide metrics when the metrics type is eitherjson_apiorprometheus. -
/endpointsprovides a JSON object containing a list of available endpoints, including those registered by configured components.
In order to serve Cross-Origin Resource Sharing headers, which instruct browsers to allow CORS requests, set the subfield cors.enabled to true.
The field debug_endpoints when set to true prompts {page-component-title} to register a few extra endpoints that can be useful for debugging performance or behavioral problems:
-
/debug/config/jsonreturns the loaded config as JSON. -
/debug/config/yamlreturns the loaded config as YAML. -
/debug/pprof/blockresponds with a pprof-formatted block profile. -
/debug/pprof/heapresponds with a pprof-formatted heap profile. -
/debug/pprof/mutexresponds with a pprof-formatted mutex profile. -
/debug/pprof/profileresponds with a pprof-formatted cpu profile. -
/debug/pprof/goroutineresponds with a pprof-formatted goroutine profile. -
/debug/pprof/symbollooks up the program counters listed in the request, responding with a table mapping program counters to function names. -
/debug/pprof/traceresponds with the execution trace in binary form. Tracing lasts for duration specified in seconds GET parameter, or for 1 second if not specified. -
/debug/stackreturns a snapshot of the current service stack trace.
The schema of the http section is as follows:
Specifies a general prefix for all endpoints, this can help isolate the service endpoints when using a reverse proxy with other shared services. All endpoints will still be registered at the root as well as behind the prefix, e.g. with a root_path set to /foo the endpoint /version will be accessible from both /version and /foo/version.
Type: string
Default: "/benthos"
Whether to register a few extra endpoints that can be useful for debugging performance or behavioral problems.
Type: bool
Default: false
An explicit list of origins that are allowed for CORS requests.
Type: array
Default: []
Allows you to enforce and customise basic authentication for requests to the HTTP server.
Type: object
Hashed password required to authenticate. (base64 encoded)
Type: string
Default: ""
Encryption algorithm used to generate password_hash.
Type: string
Default: "sha256"
# Examples
algorithm: md5
algorithm: sha256
algorithm: bcrypt
algorithm: scrypt