diff options
| author | metamuffin <metamuffin@disroot.org> | 2024-08-19 02:52:14 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2024-08-19 02:52:14 +0200 |
| commit | 6c3524c381467483a025eda5e7e5f0ded53094fa (patch) | |
| tree | 0d081ed4bc18f0a950783a5fe8e1fe4e08c888d1 /readme.md | |
| parent | b005bbca6d8c1adb9c12e10d79028717b9d963c5 (diff) | |
| download | gnix-6c3524c381467483a025eda5e7e5f0ded53094fa.tar gnix-6c3524c381467483a025eda5e7e5f0ded53094fa.tar.bz2 gnix-6c3524c381467483a025eda5e7e5f0ded53094fa.tar.zst | |
paths module
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 23 |
1 files changed, 17 insertions, 6 deletions
@@ -33,8 +33,9 @@ http: https: bind: "[::1]:8443" - tls_cert: "ssl/cert.pem" - tls_key: "ssl/key.pem" # only accepts pkcs8 + cert_path: "/etc/letsencrypt/live" # Automatically scans and selects certificates + # tls_cert: "certs/fullchain.pem" + # tls_key: "certs/privkey.pem" # !hosts multiplexes requests for different hostnames. handler: !hosts @@ -60,12 +61,17 @@ The configuration uses YAML formatting. When the configuration file is changed, it will automatically be loaded and applied if valid. - **section `http`** - - `bind`: string or list of strings with addresses to listen on. + - Optional section. Omit to disable unencrypted http. + - `bind`: Addresses to accept http requests on (string or list of strings). - **section `https`** - - `bind`: string or list of strings with addresses to listen on. - - `tls_cert`: path to the SSL certificate. (Sometimes called `fullchain.pem`) - - `tls_key`: path to the SSL key. (Often called `key.pem` or `privkey.pem`) + - Optional section. Omit to disable https. + - `bind`: Addresses to accept https requests on (string or list of strings). + - `cert_path`: Path to a directory structure that certificates are loaded + from. The hierachy should contain directories containing corresponding + `fullchain.pem` and `privkey.pem` files. The correct certificate is selected + automatically by subject (`CN`). Pointing this directly at + `/etc/letsencrypt/live` is possible. (string or list of strings) - **section `limits`** - Note: Make sure you do not exceed the maximum file descriptor limit on your @@ -92,6 +98,11 @@ themselves; in that case the request is passed on. - Hands over the requests to different modules depending on the `host` header. - Takes a map from hostname (string) to handler (module) +- **module `paths`** + - Routes requests by matching the path against regexes. + - Takes a map from a global regex that is applied to the path (string) to + handler (module) + - **module `proxy`** - Forwards the request as-is to some other server. the `x-real-ip` header is injected into the request. Connection upgrades are handled by direct |