######################################## # # # rust-rxpy configuration # # # ######################################## ################################### # Global settings # ################################### # Both or either one of http/https ports must be specified listen_port = 8080 listen_port_tls = 8443 # Optional for h2 and http1.1 tcp_listen_backlog = 1024 # Optional for h2 and http1.1 max_concurrent_streams = 100 # Optional. Counted in total for http1.1, 2, 3 max_clients = 512 # Optional: Listen [::] listen_ipv6 = false # Optional: App that serves all plaintext http request by referring to HOSTS or request header # execpt for configured application. # Note that this is only for http. # Note that nothing is served for requests via https since secure channel cannot be # established for unconfigured server_name, and they are always rejected by checking SNI. default_app = 'another_localhost' ################################### # Backend settings # ################################### [apps] ###################################################################### ## Registering a backend app served by a domain name "localhost" [apps.localhost] server_name = 'localhost' # Domain name # Optional: TLS setting. if https_port is specified and tls is true above, this must be given. tls = { https_redirection = true, tls_cert_path = '/certs/server.crt', tls_cert_key_path = '/certs/server.key' } # for docker volume mounted certs #tls = { https_redirection = true, tls_cert_path = './server.crt', tls_cert_key_path = './server.key' } # for local #tls = { https_redirection = true, tls_cert_path = './server.crt', tls_cert_key_path = './server.key', client_ca_cert_path = './client_cert.ca.crt' } # for local with client_cert ## TODO # allowhosts = ['127.0.0.1', '::1', '192.168.10.0/24'] # TODO # denyhosts = ['*'] # TODO # default destination if "path" is not specified [[apps.localhost.reverse_proxy]] # List of destinations to send data to. At this point, round-robin is used for load-balancing if multiple URLs are specified. upstream = [ { location = 'www.yahoo.com', tls = true }, { location = 'www.yahoo.co.jp', tls = true }, ] load_balance = "round_robin" # or "random" or "sticky" (sticky session) or "none" (fix to the first one, default) upstream_options = [ "override_host", "force_http2_upstream", # mutually exclusive with "force_http11_upstream" ] # Non-default destination in "localhost" app, which is routed by "path" [[apps.localhost.reverse_proxy]] path = '/maps' # For request path starting with "/maps", # this configuration results that any path like "/maps/org/any.ext" is mapped to "/replacing/path1/org/any.ext" # by replacing "/maps" with "/replacing/path1" for routing to the locations given in upstream array # Note that unless "replace_path" is specified, the "path" is always preserved. # "replace_path" must be start from "/" (root path) replace_path = "/replacing/path1" upstream = [ { location = 'www.bing.com', tls = true }, { location = 'www.bing.co.jp', tls = true }, ] load_balance = "random" # or "round_robin" or "sticky" (sticky session) or "none" (fix to the first one, default) upstream_options = [ "override_host", "upgrade_insecure_requests", "convert_https_to_11", ] ###################################################################### ###################################################################### # Another application backend servied by different domain name [apps.another_localhost] server_name = 'localhost.localdomain' reverse_proxy = [{ upstream = [{ location = 'www.google.com', tls = true }] }] ###################################################################### ################################### # Experimantal settings # ################################### [experimental] # Higly recommend not to be true. If true, you ignore RFC. if not specified, it is always false. # This might be required to be true when a certificate is used by multiple backend hosts, especially in case where a TLS connection is re-used. # We should note that this strongly depends on the client implementation. ignore_sni_consistency = false # If this specified, h3 is enabled [experimental.h3] alt_svc_max_age = 3600 # sec request_max_body_size = 65536 # bytes max_concurrent_connections = 10000 max_concurrent_bidistream = 100 max_concurrent_unistream = 100 max_idle_timeout = 10 # secs. 0 represents an infinite timeout. # WARNING: If a peer or its network path malfunctions or acts maliciously, an infinite idle timeout can result in permanently hung futures!