config reference

2 files changed, 49 insertions, 13 deletions

diff --git a/readme.md b/readme.md
index 7f62cb6..961914a 100644
--- a/readme.md
+++ b/readme.md
@@ -9,7 +9,7 @@ a simple stupid reverse proxy
 - TLS support
 - _TODO: h2; match on uris; connection pools_
 
-## Usage
+## Quick Start
 
 Run the binary with the a path to the configuration as the first argument. The
 configuration file is written in YAML and could look like this:
@@ -25,20 +25,56 @@ https:
   tls_cert: "ssl/cert.pem"
   tls_key: "ssl/key.pem" # only accepts pkcs8 for now
 
-# this is a lookup table from hostnames to backend address
+# this is a lookup table from hostnames to a list of filters
 # in this case, requests for `testdomain.local` are forwarded to 127.0.0.1:3000
 hosts:
-  testdomain.local: { backend: "127.0.0.1:3000" }
-  secondomain.local: { backend: "1.2.3.4:5678" }
-  static.testdomain.local: { files: { root: "/srv/http", index: true } }
+    "testdomain.local": !proxy { backend: "127.0.0.1:8000" }
+    "192.168.178.39": !proxy { backend: "127.0.0.1:8000" }
+    "localhost": !files
+        root: "/home/muffin/videos"
+        index: true
 ```
 
-The configuration can either be specify a backend to forward to or the `files`
-key. In that case, static files are served from `root` and directory listings
-will be generated if `index` is true (default). If a directory contains
-`index.html` the listing is replace with that file. If `index.banner.html`, it's
-content is inserted before the listing.
+## Reference
 
-# License
+- **section `http`**
+  - `bind`: string or list of strings with addresses to listen on.
+- **section `https`**
+  - `bind`: string or list of strings with addresses to listen on.
+  - `tls_cert`: path to the SSL certificate. (Sometimes called `fullchain.pem`)
+  - `tls_key`: path to the SSL key. (Often called `key.pem` or `privkey.pem`)
+- **section `limits`**
+  - Note: Make sure you do not exceed the maximum file descriptor limit on your
+    platform.
+  - `max_incoming_connections` number of maximum incoming (downstream)
+    connections. excess connections are rejected. Default: 512
+  - `max_outgoing_connections` number of maximum outgoing (upstream)
+    connections. excess connections are rejected. Default: 256
+- **section `hosts`**
+  - A map from hostname (a string) to a _filter_ or a list of _filters_
+
+### Filters
+
+- **filter `proxy`**
+  - Forwards the request as-is to some other server. `x-forwarded-proto` and
+    `x-forwarded-for` headers are injected into the request. Connection upgrades
+    are handled by direct forwarding of network traffic.
+  - `backend`: socket address (string) to the backend server
+- **filter `files`**
+  - Provides a simple built-in fileserver. The server handles `accept-ranges`.
+    The `content-type` header is inferred from the file extension and falls back
+    to `application/octet-stream`. If a directory is requested `index.html` will
+    be served or else when indexing is enabled, `index.banner.html` will be
+    prepended to the response.
+  - `root`: root directory to be served (string)
+  - `index`: enables directory indexing (boolean)
+- **filter `http_basic_auth`**
+  - Filters requests via HTTP Basic Authentification. Unauthorized clients will
+    be challenged on every request.
+  - `realm`: string that does essentially nothing
+  - `valid`: list of valid logins (string) in the format `<username>:<password>`
+    (password in plain text). TODO: hashing
+
+## License
 
 AGPL-3.0-only; see [COPYING](./COPYING)
diff --git a/src/config.rs b/src/config.rs
index 9e7f720..b60ac8c 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -174,8 +174,8 @@ impl Config {
 impl Default for Limits {
     fn default() -> Self {
         Self {
-            max_incoming_connections: 1024,
-            max_outgoing_connections: 2048,
+            max_incoming_connections: 512,
+            max_outgoing_connections: 256,
         }
     }
 }