########################################
#                                      #
#       rust-rxpy configuration        #
#                                      #
########################################
###################################
#         Global settings         #
###################################
# Both or either one of http/https ports must be specified
listen_port = 8080
listen_port_tls = 8443

# Optional for h2 and http1.1
tcp_listen_backlog = 1024

# Optional for h2 and http1.1
max_concurrent_streams = 100

# Optional. Counted in total for http1.1, 2, 3
max_clients = 512

# Optional: Listen [::]
listen_ipv6 = false

# Optional: App that serves all plaintext http request by referring to HOSTS or request header
# execpt for configured application.
# Note that this is only for http.
# Note that nothing is served for requests via https since secure channel cannot be
# established for unconfigured server_name, and they are always rejected by checking SNI.
default_app = 'another_localhost'

###################################
#         Backend settings        #
###################################
[apps]

######################################################################
## Registering a backend app served by a domain name "localhost"
[apps.localhost]
server_name = 'localhost' # Domain name

# Optional: TLS setting. if https_port is specified and tls is true above, this must be given.
tls = { https_redirection = true, tls_cert_path = '/certs/server.crt', tls_cert_key_path = '/certs/server.key' } # for docker volume mounted certs
#tls = { https_redirection = true, tls_cert_path = './server.crt', tls_cert_key_path = './server.key' }          # for local
#tls = { https_redirection = true, tls_cert_path = './server.crt', tls_cert_key_path = './server.key', client_ca_cert_path = './client_cert.ca.crt' }          # for local with client_cert

## TODO
# allowhosts = ['127.0.0.1', '::1', '192.168.10.0/24'] # TODO
# denyhosts = ['*'] # TODO

# default destination if "path" is not specified
[[apps.localhost.reverse_proxy]]
# List of destinations to send data to. At this point, round-robin is used for load-balancing if multiple URLs are specified.
upstream = [
  { location = 'www.yahoo.com', tls = true },
  { location = 'www.yahoo.co.jp', tls = true },
]
load_balance = "round_robin" # or "random" or "sticky" (sticky session) or "none" (fix to the first one, default)
upstream_options = [
  "override_host",
  "force_http2_upstream", # mutually exclusive with "force_http11_upstream"
]

# Non-default destination in "localhost" app, which is routed by "path"
[[apps.localhost.reverse_proxy]]
path = '/maps'
# For request path starting with "/maps",
# this configuration results that any path like "/maps/org/any.ext" is mapped to "/replacing/path1/org/any.ext"
# by replacing "/maps" with "/replacing/path1" for routing to the locations given in upstream array
# Note that unless "replace_path" is specified, the "path" is always preserved.
# "replace_path" must be start from "/" (root path)
replace_path = "/replacing/path1"
upstream = [
  { location = 'www.bing.com', tls = true },
  { location = 'www.bing.co.jp', tls = true },
]
load_balance = "random" # or "round_robin" or "sticky" (sticky session) or "none" (fix to the first one, default)
upstream_options = [
  "override_host",
  "upgrade_insecure_requests",
  "force_http11_upstream",
]
######################################################################

######################################################################
# Another application backend servied by different domain name
[apps.another_localhost]
server_name = 'localhost.localdomain'
reverse_proxy = [{ upstream = [{ location = 'www.google.com', tls = true }] }]
######################################################################

###################################
#      Experimantal settings      #
###################################
[experimental]
# Higly recommend not to be true. If true, you ignore RFC. if not specified, it is always false.
# This might be required to be true when a certificate is used by multiple backend hosts, especially in case where a TLS connection is re-used.
# We should note that this strongly depends on the client implementation.
ignore_sni_consistency = false

# If this specified, h3 is enabled
[experimental.h3]
alt_svc_max_age = 3600             # sec
request_max_body_size = 65536      # bytes
max_concurrent_connections = 10000
max_concurrent_bidistream = 100
max_concurrent_unistream = 100
max_idle_timeout = 10              # secs. 0 represents an infinite timeout.
# WARNING: If a peer or its network path malfunctions or acts maliciously, an infinite idle timeout can result in permanently hung futures!

# If this specified, file cache feature is enabled
[experimental.cache]
cache_dir = './cache'                # optional. default is "./cache" relative to the current working directory
max_cache_entry = 1000               # optional. default is 1k
max_cache_each_size = 65535          # optional. default is 64k
max_cache_each_size_on_memory = 4096 # optional. default is 4k if 0, it is always file cache.