Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-06-13 10:44:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

example configs

Browse Source
This commit is contained in:
Ara Sadoyan
2026-06-12 13:12:39 +02:00
parent 162c5060c9
commit 1c3d9a263f
2 changed files with 52 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
etc/main.yaml
View File

@@ -1,23 +1,24 @@
# Main configuration file, applied on startup # Main configuration file, applied on startup
threads: 12 # Number of daemon threads default setting threads: 12 # Number of daemon threads default setting
#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root runuser: aralez # Username for running aralez after dropping root privileges, requires program to start as root
#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root rungroup: aralez # Group for running aralez after dropping root privileges, requires program to start as root
#daemon: false # Run in background
upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
#pid_file: /tmp/aralez.pid # Path to PID file pid_file: /tmp/aralez.pid # Path to PID file
#error_log: /tmp/aralez_err.log # Path to error log
upgrade_sock: /tmp/aralez.sock # Path to socket file upgrade_sock: /tmp/aralez.sock # Path to socket file
config_api_enabled: true # Boolean to enable/disable remote config push capability. config_api_enabled: true # Boolean to enable/disable remote config push capability.
config_address: 0.0.0.0+3000 # HTTP API address for pushing upstreams.yaml from remote location config_address: 127.0.0.1:3000 # HTTP API address for pushing upstreams.yaml from remote location
proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address proxy_address_http: 0.0.0.0:80 # Proxy HTTP bind address
proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address proxy_address_tls: 0.0.0.0:443 # Optional, Proxy TLS bind address
proxy_configs: /opt/Rust/Projects/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key. proxy_configs: /opt/aralez/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs
upstreams_conf: /opt/Rust/Projects/asyncweb/etc/upstreams.yaml # the location of upstreams file upstreams_conf: /opt/aralez/etc/upstreams.yaml # the location of upstreams file
file_server_folder: /tmp/gazan # Optional, local folder to serve file_server_folder: /opt/aralez/public # Optional, local folder to serve
file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access. file_server_address: 0.0.0.0:3002 # Optional, Local address for file server. Can set as upstream for public access.
log_level: info # info, warn, error, debug, trace, off log_level: info # info, warn, error, debug, trace, off
#log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout. log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout.
hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE
hc_interval: 2 #Interval for health checks in seconds hc_interval: 2 #Interval for health checks in seconds
#master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret tcp_keepalive_idle: 60 # Seconds of inactivity before the kernel starts sending keepalive probes to a downstream client
tcp_keepalive_interval: 10 # Seconds between individual keepalive probes if the client does not respond
tcp_keepalive_count: 5 # Number of unanswered probes before the kernel declares the connection dead and closes it

131
etc/upstreams.yaml
View File

@@ -4,13 +4,10 @@ sticky_sessions: 172000
to_https: false to_https: false
rate_limit: 500000 rate_limit: 500000
x4xx_limit: 100000 x4xx_limit: 100000
#server_headers: server_headers:
# - "Y-Global-Something: Yes this is something" - "Y-Global-Something: Something For Servers"
#client_headers: client_headers:
# - "Access-Control-Allow-Origin:*" - "X-Global-Something: Something For Clients"
# - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
# - "Access-Control-Max-Age:86400"
# - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
#authorization: #authorization:
# type: "basic" # type: "basic"
# data: "root:toor" # data: "root:toor"
@@ -38,10 +35,10 @@ kubernetes:
servers: servers:
- "172.16.0.11:5443" # Gets KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS env variables. - "172.16.0.11:5443" # Gets KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS env variables.
services: services:
- hostname: "api-service-v2" - hostname: "api-service"
upstream: "api-service-v2" upstream: "api-service"
path: "/" path: "/"
- hostname: "api-service-v2" - hostname: "api-service"
upstream: "console-service" upstream: "console-service"
path: "/one" path: "/one"
client_headers: client_headers:
@@ -49,7 +46,7 @@ kubernetes:
- "X-Proxy-From:Aralez" - "X-Proxy-From:Aralez"
rate_limit: 100 rate_limit: 100
to_https: false to_https: false
- hostname: "api-service-v2" - hostname: "api-service"
upstream: "feed-fanout-service" upstream: "feed-fanout-service"
path: "/two" path: "/two"
- hostname: "websocket-service" - hostname: "websocket-service"
@@ -57,65 +54,51 @@ kubernetes:
path: "/" path: "/"
tokenpath: "/opt/Rust/Projects/asyncweb/etc/kubetoken.txt" # Defaults to /var/run/secrets/kubernetes.io/serviceaccount/token tokenpath: "/opt/Rust/Projects/asyncweb/etc/kubetoken.txt" # Defaults to /var/run/secrets/kubernetes.io/serviceaccount/token
upstreams: upstreams:
myip.netangels.net: www.example.com:
paths: paths:
"/": "/":
# rate_limit: 50 rate_limit: 50
# x4xx_limit: 100 x4xx_limit: 100
# to_https: false to_https: false
# authorization: authorization:
# type: "basic" type: "basic"
# data: "root:toor" data: "root:toor"
server_headers: server_headers:
- "Y-Proxy-Server-Some:Yaaaaaaaaaaaaaaa" - "Y-Proxy-Server-Some:Yaaaaaaaaaaaaaaa"
- "Y-Proxy-Server-From:Aralez" - "Y-Proxy-Server-From:Aralez"
- "Y-Proxy-Server-Vers:Aralez v0.89" - "Y-Proxy-Server-Vers:Aralez v-xxx"
client_headers: client_headers:
- "X-Proxy-From:Aralezzzzzzzzzzz" - "Access-Control-Allow-Origin:*"
- "X-Hopar-From:Hopaaaaaaaaaaaar" - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
- "X-Proxy-Some:X-Proxy-Somebody" - "Access-Control-Max-Age:86400"
- "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
servers: servers:
- "127.0.0.1:8000" - "127.0.0.1:8000"
- "127.0.0.2:8000" - "127.0.0.2:8000"
- "127.0.0.3:8000" - "127.0.0.3:8000"
- "127.0.0.4:8000"
- "127.0.0.5:8000"
- "192.168.1.1:8000"
"/ping": "/ping":
to_https: false to_https: true
client_headers: client_headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa" - "X-Some-Thing:Something Else"
- "X-Proxy-From:Aralez" - "Access-Control-Allow-Origin:*"
servers: - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
- "127.0.0.1:8000" - "Access-Control-Max-Age:86400"
- "127.0.0.2:8000" - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
"/pong":
to_https: false
client_headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Aralez"
servers: servers:
- "127.0.0.1:8000" - "127.0.0.1:8000"
"/secret": "/secret":
authorization: authorization:
type: "forward" type: "forward"
data: "http://192.168.1.1:8899/admin/login" data: "http://127.0.0.1:8899/admin/login"
#data: "https://netangels.net/admin/login"
servers: servers:
- "192.168.1.10:8000" - "127.0.0.10:8000"
netangels.net: example.com:
paths: paths:
"/": "/":
redirect_to: "https://www.netangels.net:6194" redirect_to: "https://www.example.com:443"
servers: servers:
- "192.168.1.1:80" - "127.0.0.1:80"
www.netangels.net: h2.example.com:
paths:
"/":
to_https: true
servers:
- "192.168.1.1:80"
apt.netangels.net:
paths: paths:
"/": "/":
server_headers: server_headers:
@@ -124,9 +107,8 @@ upstreams:
- "Access-Control-Allow-Methods:POST, GET, OPTIONS" - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
rate_limit: 60 rate_limit: 60
x4xx_limit: 30 x4xx_limit: 30
#authorization: authorization:
# type: "jwt" type: "jwt"
# data: "SOMETHING"
servers: servers:
- "127.0.0.1:8000" - "127.0.0.1:8000"
- "127.0.0.2:8000" - "127.0.0.2:8000"
@@ -138,51 +120,12 @@ upstreams:
rate_limit: 4 rate_limit: 4
x4xx_limit: 2 x4xx_limit: 2
servers: servers:
- "192.168.1.1:8899" - "127.0.0.1:8899"
"/500": "/500":
healthcheck: false healthcheck: false
servers: servers:
- "192.168.1.1:8899" - "127.0.0.1:8899"
# grafanalocal: DEFAULT:
# paths:
# "/":
# healthcheck: false
# servers:
# - "95.211.203.222:443"
# "/.well-known/acme-challenge":
# healthcheck: false
# servers:
# - "127.0.0.1:8001"
localpost:
paths:
"/":
to_https: true
servers:
- "127.0.0.1:9000"
# 192.168.177.2:
# paths:
# "/":
# servers:
# - "127.0.0.1:8000"
ara.matyan.org:
paths:
"/":
servers:
- "127.0.0.1:8000"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:3000"
aro.matyan.org:
paths:
"/":
servers:
- "127.0.0.1:8000"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:3000"
DEFAUwLT:
paths: paths:
"/": "/":
healthcheck: false healthcheck: false