Github/aralez
1
0
Fork 0
mirror of https://github.com/sadoyan/aralez.git synced 2026-06-13 10:44:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

example configs

Browse Source
This commit is contained in:
Ara Sadoyan
2026-06-12 13:12:39 +02:00
parent 162c5060c9
commit 1c3d9a263f
2 changed files with 52 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
etc/main.yaml
View File

@@ -1,23 +1,24 @@
# Main configuration file, applied on startup
threads: 12 # Number of daemon threads default setting
#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root
#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root
#daemon: false # Run in background
runuser: aralez # Username for running aralez after dropping root privileges, requires program to start as root
rungroup: aralez # Group for running aralez after dropping root privileges, requires program to start as root
upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
#pid_file: /tmp/aralez.pid # Path to PID file
#error_log: /tmp/aralez_err.log # Path to error log
pid_file: /tmp/aralez.pid # Path to PID file
upgrade_sock: /tmp/aralez.sock # Path to socket file
config_api_enabled: true # Boolean to enable/disable remote config push capability.
config_address: 0.0.0.0+3000 # HTTP API address for pushing upstreams.yaml from remote location
proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address
proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address
proxy_configs: /opt/Rust/Projects/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
config_address: 127.0.0.1:3000 # HTTP API address for pushing upstreams.yaml from remote location
proxy_address_http: 0.0.0.0:80 # Proxy HTTP bind address
proxy_address_tls: 0.0.0.0:443 # Optional, Proxy TLS bind address
proxy_configs: /opt/aralez/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs
upstreams_conf: /opt/Rust/Projects/asyncweb/etc/upstreams.yaml # the location of upstreams file
file_server_folder: /tmp/gazan # Optional, local folder to serve
file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access.
upstreams_conf: /opt/aralez/etc/upstreams.yaml # the location of upstreams file
file_server_folder: /opt/aralez/public # Optional, local folder to serve
file_server_address: 0.0.0.0:3002 # Optional, Local address for file server. Can set as upstream for public access.
log_level: info # info, warn, error, debug, trace, off
#log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout.
log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout.
hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE
hc_interval: 2 #Interval for health checks in seconds
#master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret
tcp_keepalive_idle: 60 # Seconds of inactivity before the kernel starts sending keepalive probes to a downstream client
tcp_keepalive_interval: 10 # Seconds between individual keepalive probes if the client does not respond
tcp_keepalive_count: 5 # Number of unanswered probes before the kernel declares the connection dead and closes it

131
etc/upstreams.yaml
View File

@@ -4,13 +4,10 @@ sticky_sessions: 172000
to_https: false
rate_limit: 500000
x4xx_limit: 100000
#server_headers:
# - "Y-Global-Something: Yes this is something"
#client_headers:
# - "Access-Control-Allow-Origin:*"
# - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
# - "Access-Control-Max-Age:86400"
# - "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
server_headers:
- "Y-Global-Something: Something For Servers"
client_headers:
- "X-Global-Something: Something For Clients"
#authorization:
# type: "basic"
# data: "root:toor"
@@ -38,10 +35,10 @@ kubernetes:
servers:
- "172.16.0.11:5443" # Gets KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS env variables.
services:
- hostname: "api-service-v2"
upstream: "api-service-v2"
- hostname: "api-service"
upstream: "api-service"
path: "/"
- hostname: "api-service-v2"
- hostname: "api-service"
upstream: "console-service"
path: "/one"
client_headers:
@@ -49,7 +46,7 @@ kubernetes:
- "X-Proxy-From:Aralez"
rate_limit: 100
to_https: false
- hostname: "api-service-v2"
- hostname: "api-service"
upstream: "feed-fanout-service"
path: "/two"
- hostname: "websocket-service"
@@ -57,65 +54,51 @@ kubernetes:
path: "/"
tokenpath: "/opt/Rust/Projects/asyncweb/etc/kubetoken.txt" # Defaults to /var/run/secrets/kubernetes.io/serviceaccount/token
upstreams:
myip.netangels.net:
www.example.com:
paths:
"/":
# rate_limit: 50
# x4xx_limit: 100
# to_https: false
# authorization:
# type: "basic"
# data: "root:toor"
rate_limit: 50
x4xx_limit: 100
to_https: false
authorization:
type: "basic"
data: "root:toor"
server_headers:
- "Y-Proxy-Server-Some:Yaaaaaaaaaaaaaaa"
- "Y-Proxy-Server-From:Aralez"
- "Y-Proxy-Server-Vers:Aralez v0.89"
- "Y-Proxy-Server-Vers:Aralez v-xxx"
client_headers:
- "X-Proxy-From:Aralezzzzzzzzzzz"
- "X-Hopar-From:Hopaaaaaaaaaaaar"
- "X-Proxy-Some:X-Proxy-Somebody"
- "Access-Control-Allow-Origin:*"
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"
- "Access-Control-Max-Age:86400"
- "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
servers:
- "127.0.0.1:8000"
- "127.0.0.2:8000"
- "127.0.0.3:8000"
- "127.0.0.4:8000"
- "127.0.0.5:8000"
- "192.168.1.1:8000"
"/ping":
to_https: false
to_https: true
client_headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Aralez"
servers:
- "127.0.0.1:8000"
- "127.0.0.2:8000"
"/pong":
to_https: false
client_headers:
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
- "X-Proxy-From:Aralez"
- "X-Some-Thing:Something Else"
- "Access-Control-Allow-Origin:*"
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"
- "Access-Control-Max-Age:86400"
- "Strict-Transport-Security:max-age=31536000; includeSubDomains; preload"
servers:
- "127.0.0.1:8000"
"/secret":
authorization:
type: "forward"
data: "http://192.168.1.1:8899/admin/login"
#data: "https://netangels.net/admin/login"
data: "http://127.0.0.1:8899/admin/login"
servers:
- "192.168.1.10:8000"
netangels.net:
- "127.0.0.10:8000"
example.com:
paths:
"/":
redirect_to: "https://www.netangels.net:6194"
redirect_to: "https://www.example.com:443"
servers:
- "192.168.1.1:80"
www.netangels.net:
paths:
"/":
to_https: true
servers:
- "192.168.1.1:80"
apt.netangels.net:
- "127.0.0.1:80"
h2.example.com:
paths:
"/":
server_headers:
@@ -124,9 +107,8 @@ upstreams:
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"
rate_limit: 60
x4xx_limit: 30
#authorization:
# type: "jwt"
# data: "SOMETHING"
authorization:
type: "jwt"
servers:
- "127.0.0.1:8000"
- "127.0.0.2:8000"
@@ -138,51 +120,12 @@ upstreams:
rate_limit: 4
x4xx_limit: 2
servers:
- "192.168.1.1:8899"
- "127.0.0.1:8899"
"/500":
healthcheck: false
servers:
- "192.168.1.1:8899"
# grafanalocal:
# paths:
# "/":
# healthcheck: false
# servers:
# - "95.211.203.222:443"
# "/.well-known/acme-challenge":
# healthcheck: false
# servers:
# - "127.0.0.1:8001"
localpost:
paths:
"/":
to_https: true
servers:
- "127.0.0.1:9000"
# 192.168.177.2:
# paths:
# "/":
# servers:
# - "127.0.0.1:8000"
ara.matyan.org:
paths:
"/":
servers:
- "127.0.0.1:8000"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:3000"
aro.matyan.org:
paths:
"/":
servers:
- "127.0.0.1:8000"
"/.well-known/acme-challenge":
healthcheck: false
servers:
- "127.0.0.1:3000"
DEFAUwLT:
- "127.0.0.1:8899"
DEFAULT:
paths:
"/":
healthcheck: false