######################################## # # # rust-rxpy configuration # # # ######################################## ################################### # Global settings # ################################### # Both or either one of http/https ports must be specified listen_port = 80 listen_port_tls = 443 # Optional: If your https is listening on a custom port like 8443 # When you specify this, the server sends a redirection response 301 with specified port to the client for plaintext http request. # Otherwise, the server sends 301 with the same port as `listen_port_tls`. # disabled means http -> https and enabled means http -> https: # https_redirection_port = 443 # Optional for h2 and http1.1 tcp_listen_backlog = 1024 # Optional for h2 and http1.1 max_concurrent_streams = 100 # Optional. Counted in total for http1.1, 2, 3 max_clients = 512 # Optional: Listen [::] listen_ipv6 = false # Optional: App that serves all plaintext http request by referring to HOSTS or request header # execpt for configured application. # Note that this is only for http. # Note that nothing is served for requests via https since secure channel cannot be # established for unconfigured server_name, and they are always rejected by checking SNI. # default_app = 'another_localhost' ################################### # Backend settings # ################################### [apps] ###################################################################### ## Registering a backend app served by a domain name "localhost" [apps.localhost] server_name = 'localhost' # Domain name reverse_proxy = [{ upstream = [{ location = 'localhost:8080' }] }] # Optional: TLS setting. if https_port is specified and tls is true above, either of this must be given. #tls = { https_redirection = true, tls_cert_path = '/certs/server.crt', tls_cert_key_path = '/certs/server.key' } #tls = { https_redirection = true, acme = true } ############################################ # For more settings check: # # https://github.com/junkurihara/rust-rpxy # ############################################ ################################### # Experimantal settings # ################################### [experimental] # Higly recommend not to be true. If true, you ignore RFC. if not specified, it is always false. # This might be required to be true when a certificate is used by multiple backend hosts, especially in case where a TLS connection is re-used. # We should note that this strongly depends on the client implementation. ignore_sni_consistency = false # Force connection handling timeout regardless of the connection status, i.e., idle or not. # 0 represents an infinite timeout. [default: 0] # Note that idel and header read timeouts are always specified independently of this. connection_handling_timeout = 0 # sec # If this specified, h3 is enabled [experimental.h3] alt_svc_max_age = 3600 # sec request_max_body_size = 65536 # bytes max_concurrent_connections = 10000 max_concurrent_bidistream = 100 max_concurrent_unistream = 100 max_idle_timeout = 10 # secs. 0 represents an infinite timeout. # WARNING: If a peer or its network path malfunctions or acts maliciously, an infinite idle timeout can result in permanently hung futures! # If this specified, file cache feature is enabled [experimental.cache] cache_dir = '/tmp/rpxy/.cache' # optional. default is "./cache" relative to the current working directory max_cache_entry = 1000 # optional. default is 1k max_cache_each_size = 65535 # optional. default is 64k max_cache_each_size_on_memory = 4096 # optional. default is 4k if 0, it is always file cache. # ACME settings. Unless specified, ACME is disabled. [experimental.acme] dir_url = "https://acme-v02.api.letsencrypt.org/directory" email = "test@example.com" registry_path = "/etc/rpxy/acme_registry"