# gofer configuration file
# Address for the control/debug server.
# DO NOT EXPOSE THIS TO THE INTERNET, it is dangerous and will leak a lot of
# information.
control_addr: "127.0.0.1:8081"
# Request logging.
reqlog:
# Name of the log; just an id used to refer to it on the server entries
# below.
"requests.log":
# Path to the log file.
file: "/var/log/gofer/requests.log"
# How many entries to hold in memory. Defaults to 0 (synchronous logging).
bufsize: 16
# Log format.
# Known formats: <common>, <combined>, <combinedvh>, <lighttpd>, <gofer>
# (that is the default).
#format: "<gofer>"
# IP rate limiting.
ratelimit:
# Name of the IP rate limit arena; just an id used to refer to it on the
# server entries below.
"rl-arena1":
# Rate to enforce.
# Format is "requests/period". For example, "50/1s" will allow 50
# requests every second.
rate: "50/1s"
# How many IPs to hold in memory, to keep the memory usage bounded.
# Setting this to 1000 will increase memory usage by ~128 KiB.
# Default: 1000.
#size: 1000
# By default, IPv6 addresses get limited at /64, /56 and /48
# simultaneously; and the rate for /64 is the one given above, for /56 is
# 4x the /64 rate, and /48 is 8x the /64 rate.
# This is an imperfect heuristic to account for the fact that IPv6 is
# allocated to end users in different block sizes, and it is not possible
# to tell them apart.
# You can configure custom rates for each one as follows:
#rate64: "50/1s"
#rate56: "200/500ms"
#rate48: "400/250ms"
# HTTP servers.
# Map of address: configuration.
http:
# Address to listen on.
# systemd socket passing is supported, use "&name" to indicate that you've
# set up a systemd socket unit with "FileDescriptorName=name".
# Examples: ":80", "127.0.0.1:8080", "&http".
":80":
# Routes indicate how to handle each request based on its path.
# The path have the semantics of http.ServeMux.
routes:
# Path: action.
"/":
# Serve the directory at the given path.
dir: "/srv/www/"
# Other possible actions follow. Only one per path.
# Serve a single file.
#file: "/srv/files/file"
# Proxy requests.
#proxy: "http://localhost:8080/api/"
# Redirect to a different URL.
#redirect: "https://wikipedia.org"
# Redirect with a regexp-based rewrite.
# Regexps are matched in order, and the first match is used.
# They are matched against the full path, and the replacement is a URL
# template that can refer to submatches as $1, $2, etc.
# By default, a 307 (temporary redirect) is used. You can change it by
# setting the "status" field.
# Anything that does not match will return a 404.
#redirect_re:
# - from: "^/foo/(.*)"
# to: "https://bar.com/$1"
# - from: "^/baz/(.*)"
# to: "https://qux.com/$1"
# status: 301
# Execute a CGI.
#cgi: ["/usr/share/gitweb/gitweb.cgi"]
# Return a specific status.
#status: 404
# Options for the "dir" type.
diropts:
# Enable listing when index.html is not present?
listing:
"/": false
"/pub/": true
# Exclude files matching these regular expressions. They won't appear
# in listings, and won't be served to users (404 will be returned
# instead).
#exclude: [".*\\.secret", ".*/config"]
# Enforce authentication on these paths. The target is the file containing
# the user and passwords.
#auth:
# "/private": "/srv/auth/web-users.yaml"
# Set a header on replies.
#setheader:
# "/":
# "My-Header": "my header value"
# Enable IP rate limiting. The target is a rate limit arena name, which
# should match an entry in the top-level ratelimit configuration (see
# above).
ratelimit:
"/": "rl-arena1"
# Enable request logging. The target is a log name, which should match an
# entry in the top-level reqlog configuration (see above).
reqlog:
"/": "requests.log"
# HTTPS servers.
https:
":443":
# Automatically get TLS certificates.
# Using this implies acceptance of LetsEncrypt's terms of service (or the
# selected CA).
autocerts:
# Hosts to get certificates for.
hosts: ["mysite.com", "www.mysite.com"]
# Where to cache the certificates.
# Default: $HOME/.cache/golang-autocert.
#cachedir: "/var/cache/gofer/autocerts"
# Contact email address. The CA can use this to notify about problems.
# Optional.
#email: "me@myhost.com"
# ACME directory URL to use.
# Default: LetsEncrypt's.
#acmeurl: "https://acme-v02.api.letsencrypt.org/directory"
# Location of the certificates, for TLS.
# Use this instead of `autocerts` if you get the certificates externally.
# If you set this, `autocerts` is ignored.
#certs: "/etc/letsencrypt/live/"
# The rest of the fields are the same as for http above.
routes:
"/":
dir: "/srv/www/"
"/local/":
proxy: "http://localhost:8099/"
"www.mysite.com/":
redirect: "https://mysite.com/"
# Raw socket proxying.
raw:
":995":
# If this is present, we will listen on a TLS socket; otherwise it will be
# a plain socket.
certs: "/etc/letsencrypt/live/"
# Address to proxy to.
to: "127.0.0.1:1995"
# If this is true, then we will use TLS to connect to the backend.
to_tls: true