diff --git a/etc/main.yaml b/etc/main.yaml index 5310da2..25ff45d 100644 --- a/etc/main.yaml +++ b/etc/main.yaml @@ -1,23 +1,24 @@ # Main configuration file, applied on startup threads: 12 # Number of daemon threads default setting -#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root -#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root -#daemon: false # Run in background +runuser: aralez # Username for running aralez after dropping root privileges, requires program to start as root +rungroup: aralez # Group for running aralez after dropping root privileges, requires program to start as root upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections -#pid_file: /tmp/aralez.pid # Path to PID file -#error_log: /tmp/aralez_err.log # Path to error log +pid_file: /tmp/aralez.pid # Path to PID file upgrade_sock: /tmp/aralez.sock # Path to socket file config_api_enabled: true # Boolean to enable/disable remote config push capability. -config_address: 0.0.0.0+3000 # HTTP API address for pushing upstreams.yaml from remote location -proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address -proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address -proxy_configs: /opt/Rust/Projects/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key. +config_address: 127.0.0.1:3000 # HTTP API address for pushing upstreams.yaml from remote location +proxy_address_http: 0.0.0.0:80 # Proxy HTTP bind address +proxy_address_tls: 0.0.0.0:443 # Optional, Proxy TLS bind address +proxy_configs: /opt/aralez/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key. proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs -upstreams_conf: /opt/Rust/Projects/asyncweb/etc/upstreams.yaml # the location of upstreams file -file_server_folder: /tmp/gazan # Optional, local folder to serve -file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access. +upstreams_conf: /opt/aralez/etc/upstreams.yaml # the location of upstreams file +file_server_folder: /opt/aralez/public # Optional, local folder to serve +file_server_address: 0.0.0.0:3002 # Optional, Local address for file server. Can set as upstream for public access. log_level: info # info, warn, error, debug, trace, off -#log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout. +log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout. hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE hc_interval: 2 #Interval for health checks in seconds -#master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret +tcp_keepalive_idle: 60 # Seconds of inactivity before the kernel starts sending keepalive probes to a downstream client +tcp_keepalive_interval: 10 # Seconds between individual keepalive probes if the client does not respond +tcp_keepalive_count: 5 # Number of unanswered probes before the kernel declares the connection dead and closes it + diff --git a/etc/upstreams.yaml b/etc/upstreams.yaml index b6f5197..fdc2b21 100644 --- a/etc/upstreams.yaml +++ b/etc/upstreams.yaml @@ -4,13 +4,10 @@ sticky_sessions: 172000 to_https: false rate_limit: 500000 x4xx_limit: 100000 -#server_headers: -# - "Y-Global-Something: Yes this is something" -#client_headers: -# - "Access-Control-Allow-Origin:*" -# - "Access-Control-Allow-Methods:POST, GET, OPTIONS" -# - "Access-Control-Max-Age:86400" -# - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload" +server_headers: + - "Y-Global-Something: Something For Servers" +client_headers: + - "X-Global-Something: Something For Clients" #authorization: # type: "basic" # data: "root:toor" @@ -38,10 +35,10 @@ kubernetes: servers: - "172.16.0.11:5443" # Gets KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS env variables. services: - - hostname: "api-service-v2" - upstream: "api-service-v2" + - hostname: "api-service" + upstream: "api-service" path: "/" - - hostname: "api-service-v2" + - hostname: "api-service" upstream: "console-service" path: "/one" client_headers: @@ -49,7 +46,7 @@ kubernetes: - "X-Proxy-From:Aralez" rate_limit: 100 to_https: false - - hostname: "api-service-v2" + - hostname: "api-service" upstream: "feed-fanout-service" path: "/two" - hostname: "websocket-service" @@ -57,65 +54,51 @@ kubernetes: path: "/" tokenpath: "/opt/Rust/Projects/asyncweb/etc/kubetoken.txt" # Defaults to /var/run/secrets/kubernetes.io/serviceaccount/token upstreams: - myip.netangels.net: + www.example.com: paths: "/": - # rate_limit: 50 - # x4xx_limit: 100 - # to_https: false - # authorization: - # type: "basic" - # data: "root:toor" + rate_limit: 50 + x4xx_limit: 100 + to_https: false + authorization: + type: "basic" + data: "root:toor" server_headers: - "Y-Proxy-Server-Some:Yaaaaaaaaaaaaaaa" - "Y-Proxy-Server-From:Aralez" - - "Y-Proxy-Server-Vers:Aralez v0.89" + - "Y-Proxy-Server-Vers:Aralez v-xxx" client_headers: - - "X-Proxy-From:Aralezzzzzzzzzzz" - - "X-Hopar-From:Hopaaaaaaaaaaaar" - - "X-Proxy-Some:X-Proxy-Somebody" + - "Access-Control-Allow-Origin:*" + - "Access-Control-Allow-Methods:POST, GET, OPTIONS" + - "Access-Control-Max-Age:86400" + - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload" servers: - "127.0.0.1:8000" - "127.0.0.2:8000" - "127.0.0.3:8000" - - "127.0.0.4:8000" - - "127.0.0.5:8000" - - "192.168.1.1:8000" "/ping": - to_https: false + to_https: true client_headers: - - "X-Some-Thing:Yaaaaaaaaaaaaaaa" - - "X-Proxy-From:Aralez" - servers: - - "127.0.0.1:8000" - - "127.0.0.2:8000" - "/pong": - to_https: false - client_headers: - - "X-Some-Thing:Yaaaaaaaaaaaaaaa" - - "X-Proxy-From:Aralez" + - "X-Some-Thing:Something Else" + - "Access-Control-Allow-Origin:*" + - "Access-Control-Allow-Methods:POST, GET, OPTIONS" + - "Access-Control-Max-Age:86400" + - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload" servers: - "127.0.0.1:8000" "/secret": authorization: type: "forward" - data: "http://192.168.1.1:8899/admin/login" - #data: "https://netangels.net/admin/login" + data: "http://127.0.0.1:8899/admin/login" servers: - - "192.168.1.10:8000" - netangels.net: + - "127.0.0.10:8000" + example.com: paths: "/": - redirect_to: "https://www.netangels.net:6194" + redirect_to: "https://www.example.com:443" servers: - - "192.168.1.1:80" - www.netangels.net: - paths: - "/": - to_https: true - servers: - - "192.168.1.1:80" - apt.netangels.net: + - "127.0.0.1:80" + h2.example.com: paths: "/": server_headers: @@ -124,9 +107,8 @@ upstreams: - "Access-Control-Allow-Methods:POST, GET, OPTIONS" rate_limit: 60 x4xx_limit: 30 - #authorization: - # type: "jwt" - # data: "SOMETHING" + authorization: + type: "jwt" servers: - "127.0.0.1:8000" - "127.0.0.2:8000" @@ -138,51 +120,12 @@ upstreams: rate_limit: 4 x4xx_limit: 2 servers: - - "192.168.1.1:8899" + - "127.0.0.1:8899" "/500": healthcheck: false servers: - - "192.168.1.1:8899" - # grafanalocal: - # paths: - # "/": - # healthcheck: false - # servers: - # - "95.211.203.222:443" - # "/.well-known/acme-challenge": - # healthcheck: false - # servers: - # - "127.0.0.1:8001" - localpost: - paths: - "/": - to_https: true - servers: - - "127.0.0.1:9000" - # 192.168.177.2: - # paths: - # "/": - # servers: - # - "127.0.0.1:8000" - ara.matyan.org: - paths: - "/": - servers: - - "127.0.0.1:8000" - "/.well-known/acme-challenge": - healthcheck: false - servers: - - "127.0.0.1:3000" - aro.matyan.org: - paths: - "/": - servers: - - "127.0.0.1:8000" - "/.well-known/acme-challenge": - healthcheck: false - servers: - - "127.0.0.1:3000" - DEFAUwLT: + - "127.0.0.1:8899" + DEFAULT: paths: "/": healthcheck: false