blob: 2194d81fa3c7b0d50bd755d14bbede30b23b4b5b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
# gnix
a simple stupid reverse proxy
## Features
- Simple to configure (see below)
- Handles connection upgrades correctly by default (websocket, etc.)
- TLS support
- _TODO: h2; match on uris; connection pools_
## Quick Start
Run the binary with the a path to the configuration as the first argument. The
configuration file is written in YAML and could look like this:
```toml
# Both the 'http' and 'https' sections are optional
http:
# the value for 'bind' can either be a string or a list of strings
bind: [ "127.0.0.1:8080", "[::1]:8080" ]
https:
bind: "127.0.0.1:8443"
tls_cert: "ssl/cert.pem"
tls_key: "ssl/key.pem" # only accepts pkcs8 for now
# this is a lookup table from hostnames to a list of filters
# in this case, requests for `testdomain.local` are forwarded to 127.0.0.1:3000
hosts:
"testdomain.local": !proxy { backend: "127.0.0.1:8000" }
"192.168.178.39": !proxy { backend: "127.0.0.1:8000" }
"localhost": !files
root: "/home/muffin/videos"
index: true
```
## Reference
- **section `http`**
- `bind`: string or list of strings with addresses to listen on.
- **section `https`**
- `bind`: string or list of strings with addresses to listen on.
- `tls_cert`: path to the SSL certificate. (Sometimes called `fullchain.pem`)
- `tls_key`: path to the SSL key. (Often called `key.pem` or `privkey.pem`)
- **section `limits`**
- Note: Make sure you do not exceed the maximum file descriptor limit on your
platform.
- `max_incoming_connections` number of maximum incoming (downstream)
connections. excess connections are rejected. Default: 512
- `max_outgoing_connections` number of maximum outgoing (upstream)
connections. excess connections are rejected. Default: 256
- **section `hosts`**
- A map from hostname (a string) to a _filter_ or a list of _filters_
- `watch_config`: boolean if to watch the configuration file for changes and
apply them accordingly. Default: true (Note: This will watch the entire parent
directory of the config since most editors first move the file. Currently any
change will trigger a reload. TODO)
### Filters
- **filter `proxy`**
- Forwards the request as-is to some other server. `x-forwarded-proto` and
`x-forwarded-for` headers are injected into the request. Connection upgrades
are handled by direct forwarding of network traffic.
- `backend`: socket address (string) to the backend server
- **filter `files`**
- Provides a simple built-in fileserver. The server handles `accept-ranges`.
The `content-type` header is inferred from the file extension and falls back
to `application/octet-stream`. If a directory is requested `index.html` will
be served or else when indexing is enabled, `index.banner.html` will be
prepended to the response.
- `root`: root directory to be served (string)
- `index`: enables directory indexing (boolean)
- **filter `http_basic_auth`**
- Filters requests via HTTP Basic Authentification. Unauthorized clients will
be challenged on every request.
- `realm`: string that does essentially nothing
- `valid`: list of valid logins (string) in the format `<username>:<password>`
(password in plain text). TODO: hashing
## License
AGPL-3.0-only; see [COPYING](./COPYING)
|
