update

etc/main.yaml

@@ -1,7 +1,7 @@
 # Main configuration file, applied on startup
 threads: 12 # Number of daemon threads default setting
-runuser: aralez # Username for running aralez after dropping root privileges, requires program to start as root
-rungroup: aralez # Group for running aralez after dropping root privileges, requires program to start as root
+#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root
+#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root
 daemon: false # Run in background
 upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
 pid_file: /tmp/aralez.pid # Path to PID file
@@ -11,12 +11,13 @@ config_api_enabled: true # Boolean to enable/disable remote config push capabili
 config_address: 0.0.0.0:3000 # HTTP API address for pushing upstreams.yaml from remote location
 proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address
 proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address
-proxy_configs: /opt/aralez/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
-proxy_tls_grade: a+ # Grade of TLS suite for proxy (a+, a, b, c, unsafe), matching grades of Qualys SSL Labs
-upstreams_conf: /opt/aralez/etc/upstreams.yaml # the location of upstreams file
-file_server_folder: /opt/storage # Optional, local folder to serve
-file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access.
+proxy_configs: /opt/Rust/Projects/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
+proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs
+upstreams_conf: /opt/Rust/Projects/asyncweb/etc/upstreams.yaml # the location of upstreams file
+#file_server_folder: /opt/storage # Optional, local folder to serve
+#file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access.
 log_level: info # info, warn, error, debug, trace, off
+log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout.
 hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE
 hc_interval: 2 #Interval for health checks in seconds
-master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret
+#master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret

etc/upstreams.yaml

@@ -1,8 +1,9 @@
 # The file under watch and hot reload, changes are applied immediately, no need to restart or reload.
 provider: "file" # "file" "consul" "kubernetes"
-sticky_sessions: false
+sticky_sessions: 8600
 to_https: false
-rate_limit: 100
+rate_limit: 300
+x4xx_limit: 200
 server_headers:
   - "X-Forwarded-Proto:https"
   - "X-Forwarded-Port:443"
@@ -62,6 +63,7 @@ upstreams:
     paths:
       "/":
         rate_limit: 200
+        x4xx_limit: 100
         to_https: false
         client_headers:
           - "X-Proxy-From:Aralez"
@@ -72,7 +74,7 @@ upstreams:
           - "127.0.0.4:8000"
           - "127.0.0.5:8000"
       "/ping":
-        authorization: # Will be ignored if global authentication is enabled. 
+        authorization: # Will be ignored if global authentication is enabled.
           type: "basic"
           creds: "admin:admin"
         to_https: false