diff --git a/etc/main.yaml b/etc/main.yaml index 32b6c54..e7bd3e1 100644 --- a/etc/main.yaml +++ b/etc/main.yaml @@ -1,7 +1,7 @@ # Main configuration file, applied on startup threads: 12 # Number of daemon threads default setting -runuser: aralez # Username for running aralez after dropping root privileges, requires program to start as root -rungroup: aralez # Group for running aralez after dropping root privileges, requires program to start as root +#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root +#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root daemon: false # Run in background upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections pid_file: /tmp/aralez.pid # Path to PID file @@ -11,12 +11,13 @@ config_api_enabled: true # Boolean to enable/disable remote config push capabili config_address: 0.0.0.0:3000 # HTTP API address for pushing upstreams.yaml from remote location proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address -proxy_configs: /opt/aralez/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key. -proxy_tls_grade: a+ # Grade of TLS suite for proxy (a+, a, b, c, unsafe), matching grades of Qualys SSL Labs -upstreams_conf: /opt/aralez/etc/upstreams.yaml # the location of upstreams file -file_server_folder: /opt/storage # Optional, local folder to serve -file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access. +proxy_configs: /opt/Rust/Projects/asyncweb/etc # Mandatory if proxy_address_tls set, should contain a certificate and key files strictly in a format {NAME}.crt, {NAME}.key. +proxy_tls_grade: high # Grade of TLS suite for proxy (high, medium, unsafe), matching grades of Qualys SSL Labs +upstreams_conf: /opt/Rust/Projects/asyncweb/etc/upstreams.yaml # the location of upstreams file +#file_server_folder: /opt/storage # Optional, local folder to serve +#file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access. log_level: info # info, warn, error, debug, trace, off +log_file: /tmp/aralez.log # Optional, the location of log file. If this entry does not exist logs will be emitted to stdout. hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE hc_interval: 2 #Interval for health checks in seconds -master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret +#master_key: 910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774 # Mater key for working with API server and JWT Secret diff --git a/etc/upstreams.yaml b/etc/upstreams.yaml index 59d605e..42698a6 100644 --- a/etc/upstreams.yaml +++ b/etc/upstreams.yaml @@ -1,8 +1,9 @@ # The file under watch and hot reload, changes are applied immediately, no need to restart or reload. provider: "file" # "file" "consul" "kubernetes" -sticky_sessions: false +sticky_sessions: 8600 to_https: false -rate_limit: 100 +rate_limit: 300 +x4xx_limit: 200 server_headers: - "X-Forwarded-Proto:https" - "X-Forwarded-Port:443" @@ -62,6 +63,7 @@ upstreams: paths: "/": rate_limit: 200 + x4xx_limit: 100 to_https: false client_headers: - "X-Proxy-From:Aralez" @@ -72,7 +74,7 @@ upstreams: - "127.0.0.4:8000" - "127.0.0.5:8000" "/ping": - authorization: # Will be ignored if global authentication is enabled. + authorization: # Will be ignored if global authentication is enabled. type: "basic" creds: "admin:admin" to_https: false