summarylogtreecommitdiffstats
path: root/config.toml
blob: 2d5e7893834adad374fff347b04f1cdea74b2d6a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229

# sozu proxy test config file

# top level options

# path to a file sozu can use to load an initial configuration state for its
# routing. You can generate this file from sozu's current routing by running
# the command `sozuctl state save -f state.json`
saved_state = "/var/lib/sozu/state.json"

# logging verbosity. Possible values are "error", "warn", "info", "debug" and
# "trace". For performance reasons, the logs at "debug" or "trace" level are
# not compiled by default. To activate them, pass the "logs-debug" and
# "logs-trace" compilation options to cargo
log_level = "info"

# where the logs will be sent. It defaults to sending the logs on standard output,
# but they could be written to a UDP address:
# log_target     = "udp://127.0.0.1:9876"
# to a TCP address:
# log_target     = "tcp://127.0.0.1:9876"
# to a unix socket
# log_target = "unix:///var/sozu/logs
# to a file
# log_target = "file:///var/logs/sozu.log"
# to_stdout
log_target = "stdout"

# optional different target for access logs (IP addresses, domains, URI, HTTP status, etc)
# It supports the same options as log_target
# log_access_target = "file:///var/logs/sozu-access.log"

# path to the unix socket file used to send commands to sozu
command_socket = "/var/lib/sozu/sock"

# size in bytes of the buffer used by the command socket protocol. If the message
# sent to sozu is too large, or the data that sozu must return is too large, the
# buffer will grow up to max_command_buffer_size. If the buffer is still not large
# enough sozu will close the connection
# defaults to 1000000
command_buffer_size = 16384
# defaults to command_buffer_size * 2
max_command_buffer_size = 163840

# the number of worker processes that will handle traffic
worker_count = 2

# indicates if workers should be automatically restarted if they crash / hang
# should be true for production and false for development
# defaults to true
worker_automatic_restart = true

# indicates if worker process will be pinned on a core. If you activate this, be sure
# that you do not have more workers than CPU cores (and leave at least one core for
# the kernel and the main process)
handle_process_affinity = false

# maximum number of connections to a worker. If it reached that number and
# there are new connections available, the worker will accept and close them
# immediately to indicate it is too busy to handle traffic
max_connections = 500

# maximum number of buffers used by the protocol implementations for active
# connections (ie currently serving a request). For now, you should estimate
# that max_buffers = number of concurrent requests * 2
max_buffers = 500

# size of the buffers used by the protocol implementations. Each worker will
# preallocate max_buffers * 2 * buffer_size bytes, so you should plan for this
# memory usage. If you plan to use sozu's runtime upgrade feature, you should
# leave enough memory for one more worker (also for the kernel, etc), so total
# RAM should be larger than (worker count + 1) * max_buffers * 2 * buffer_size bytes
buffer_size = 16384

# how much time (in milliseconds) sozuctl will wait for a command to complete.
# Defaults to 1000 milliseconds
#ctl_command_timeout = 1000

# PID file is a file containing the PID of the main process of sozu.
# It can be helpful to help systemd or any other service system to keep track
# of the main process across upgrades. PID file is not created unless this option
# is set or if SOZU_PID_FILE_PATH environment variable was defined at build time.
pid_file_path = "/run/sozu.pid"

# defines how the TLS protocol will be handled by sozu. Possible values
# are "openssl" or "rustls". The "openssl" option will only work if sozu
# was built with the "use-openssl" feature.
tls_provider = "rustls"

# maximum time of inactivity for a frontend socket, in seconds
# defaults to 60 seconds
# front_timeout = 60

# duration between zombie checks, in seconds
# defaults to 30 minutes
# in case of bugs in sozu's event loop and protocol implementations, some client
# sessions could be stuck, not receiving any more event, and consuming resources.
# sozu verifies regularly if there are such zombie sessions, logs their state
# and removes them
# zombie_check_interval = 1800

# various statistics can be sent to a server that supports the statsd protocol
# You can see those statistics with sozuctl, like this: `sozuctl metrics` or
# `sozuctl metrics --json` for machine consumption
#
#[metrics]
# address = "127.0.0.1:8125"
# use InfluxDB's statsd protocol flavor to add tags
# tagged_metrics = false
# metrics key prefix
# prefix = "sozu"

# Listeners
# configuration options specific to a TCP listen socket

# Example for a HTTP (plaintext) listener
[[listeners]]
protocol = "http"
# listening address
address = "0.0.0.0:80"

# specify a different IP than the one the socket sees, for logs and forwarded headers
# public_address = "1.2.3.4:80"

# path to custom 404 and 503 answers
# a 404 response is sent when sozu does not know about the requested domain or path
# a 503 response is sent if there are no backend servers available
#answer_404 = "/etc/sozu/html/404.html"
#answer_503 = "/etc/sozu/html/503.html"

# defines the sticky session cookie's name, if `sticky_session` is activated for
# an application. Defaults to "SOZUBALANCEID"
# sticky_name = "SOZUBALANCEID"
#
# Configures the client socket to receive a PROXY protocol header
# expect_proxy = false

# Example for a HTTPS (OpenSSL based or rustls based) listener
[[listeners]]
protocol = "https"
# listening address
address = "0.0.0.0:443"

# specify a different IP than the one the socket sees, for logs and forwarded headers
# public_address = "1.2.3.4:443"

#answer_404 = "/etc/sozu/html/404.html"
#answer_503 = "/etc/sozu/html/503.html"
# sticky_name = "SOZUBALANCEID"

# Configures the client socket to receive a PROXY protocol header
# expect_proxy = false

# supported TLS versions. Possible values are "SSLv2", "SSLv3", "TLSv1",
# "TLSv1.1", "TLSv1.2", "TLSv1.3". Defaults to "TLSv1.2"
tls_versions = ["TLSv1.2", "TLSv1.3"]

# cipher combinations used by OpenSSL
#cipher_list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"

# cipher combinations used by rustls
# ciphersuites names, specified in https://docs.rs/rustls/0.13.0/rustls/static.ALL_CIPHERSUITES.html
# defaults to all supported ciphersuites
#rustls_cipher_list = ["TLS13_CHACHA20_POLY1305_SHA256"]


# options specific to a TCP proxy listener
#[[listeners]]
# protocol = "tcp"
# address = "127.0.0.1:8081"
# specify a different IP than the one the socket sees, for logs and forwarded headers
# public_address = "1.2.3.4:81"
# Configures the client socket to receive a PROXY protocol header
# expect_proxy = false

# static configuration for applications
#
# those applications will be routed by sozu directly from start
[applications]

# every application has an "application id", here it is "MyApp"
# this is an example of a routing configuration for the HTTP and HTTPS proxies
[applications.MyApp]

# the protocol option indicates if we will use HTTP or TCP proxying
# possible options are "http" or "tcp"
protocol = "http"

# per application load balancing algorithm. The possible values are
# "roundrobin" and "random". Defaults to "roundrobin"
# load_balancing_policy="roundrobin"

# frontends configuration
# this specifies which listeners; domains, certificates that will be configured for an application
# each element of the array must be specified on one line (toml format limitation)
# possible frontend options:
# - address: TCP listener
# - hostname: host name of the application
# - path_begin = "/api" # optional. an application can receive requests going to a hostname and path prefix
# - sticky_session = false # activates sticky sessions for this application
# - https_redirect = false #  activates automatic redirection to HTTPS for this application
frontends = [
  { address = "0.0.0.0:80", hostname = "lolcatho.st" },
  { address = "0.0.0.0:443", hostname = "lolcatho.st", certificate = "../lib/assets/certificate.pem", key = "../lib/assets/key.pem", certificate_chain = "../lib/assets/certificate_chain.pem" }
]

# backends configuration
# this indicates the backend servers used by the application
# possible options:
# - address: IP and port of the backend server
# - weight: weight used by the load balancing algorithm
# - sticky-id: sticky session identifier
backends = [
  { address = "127.0.0.1:1026" }
]

# this is an example of a routing configuration for the TCP proxy
[applications.TcpTest]
protocol = "tcp"

frontends = [
  { address = "0.0.0.0:81" }
]

# activates the proxy protocol to send IP information to the backend
# send_proxy = false

backends = [
  { address = "127.0.0.1:1026" }
]