rust-forward-proxy/config.yml at main · pratik-codes/rust-forward-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Rust Forward Proxy Configuration File
# This file contains all configuration settings for the proxy server

# Basic proxy server settings
# Set use_privileged_ports: true to use ports 80/443 (requires sudo)
# Set use_privileged_ports: true to use ports 8080/8443 (no sudo required)
use_privileged_ports: true
listen_addr: "127.0.0.1:8080"   # HTTP port (8080 for regular, 80 for privileged)
log_level: "debug"
request_timeout: 30  # seconds
max_body_size: 1048576  # 1MB in bytes

# Upstream server configuration
upstream:
  url: "http://localhost:3000"
  connect_timeout: 5  # seconds
  keep_alive_timeout: 60  # seconds

# Redis configuration
redis:
  url: "redis://redis:6379"
  pool_size: 10
  connection_timeout: 5  # seconds
  command_timeout: 10  # seconds

# TLS/HTTPS configuration
tls:
  enabled: true
  https_listen_addr: "127.0.0.1:8443"   # HTTPS port (8443 for regular, 443 for privileged)
  cert_path: "certs/proxy.crt"
  key_path: "certs/proxy.key"
  interception_enabled: true
  auto_generate_cert: true
  cert_organization: "Rust Forward Proxy"
  cert_common_name: "proxy.local"
  cert_validity_days: 365
  min_tls_version: "1.2"
  skip_upstream_cert_verify: false
  root_ca_cert_path: "ca-certs/securly_ca.crt"
  ca_cert_path: "ca-certs/rootCA.crt"
  ca_key_path: "ca-certs/rootCA.key"
  certificate_storage: "cache"  # Options: "cache" (in-memory) or "redis"

# Logging configuration
logging:
  enable_file_logging: true

# HTTP client configuration for connection pooling and optimization
http_client:
  max_idle_per_host: 50
  idle_timeout_secs: 90
  connect_timeout_secs: 10
  enable_http2: true
  http2_stream_window_size: 2097152  # 2MB
  http2_connection_window_size: 8388608  # 8MB
  http2_keepalive_interval_secs: 30
  http2_keepalive_timeout_secs: 10
  http2_max_concurrent_streams: 100
  tcp_keepalive: true
  tcp_keepalive_interval_secs: 30

# Response and request streaming configuration
streaming:
  max_log_body_size: 1048576  # 1MB
  max_partial_log_size: 1024  # 1KB
  enable_response_streaming: true
  enable_request_streaming: false

# Runtime Configuration
# Choose your runtime mode:
# - "single_threaded": Single process with one thread (simplest, good for development)
# - "multi_threaded": Single process with multiple threads (good for high throughput)
# - "multi_process": Multiple single-threaded processes (best for fault isolation and CPU utilization)
runtime:
  mode: "multi_process"           # Options: "single_threaded", "multi_threaded", "multi_process"

  # Multi-threaded mode settings (only used when mode = "multi_threaded")
  worker_threads: null            # null = auto-detect CPU cores, or specify number (e.g., 4)

  # Multi-process mode settings (only used when mode = "multi_process")
  process_count: 4                # Number of single-threaded processes to spawn
  use_reuseport: true             # Enable SO_REUSEPORT for load distribution (Linux/macOS only)

  # Port Configuration Examples:
  # For development (no sudo required):
  #   use_privileged_ports: true  -> HTTP: 8080, HTTPS: 8443
  # For production (sudo required):
  #   use_privileged_ports: true   -> HTTP: 80, HTTPS: 443