# gofer configuration file
# Address for the control/debug server.
# DO NOT EXPOSE THIS TO THE INTERNET, it is dangerous and will leak a lot of
# information.
control_addr: "127.0.0.1:8081"
# Request logging.
reqlog:
# Name of the log; just an id used to refer to it on the server entries
# below.
"requests.log":
# Path to the log file.
file: "/var/log/gofer/requests.log"
# How many entries to hold in memory. Defaults to 0 (synchronous logging).
bufsize: 16
# Log format.
# Known formats: <common>, <combined>, <combinedvh>, <lighttpd>, <gofer>
# (that is the default).
#format: "<gofer>"
# HTTP servers.
# Map of address: configuration.
http:
# Address to listen on.
# systemd socket passing is supported, use "&name" to indicate that you've
# set up a systemd socket unit with "FileDescriptorName=name".
# Examples: ":80", "127.0.0.1:8080", "&http".
":80":
# Routes indicate how to handle each request based on its path.
# The path have the semantics of http.ServeMux.
routes:
# Path: action.
"/":
# Serve the directory at the given path.
dir: "/srv/www/"
# Other possible actions follow. Only one per path.
# Serve a single file.
#file: "/srv/files/file"
# Proxy requests.
#proxy: "http://localhost:8080/api/"
# Redirect to a different URL.
#redirect: "https://wikipedia.org"
# Execute a CGI.
#cgi: ["/usr/share/gitweb/gitweb.cgi"]
# Return a specific status.
#status: 404
# Options for the "dir" type.
diropts:
# Enable listing when index.html is not present?
listing:
"/": false
"/pub/": true
# Exclude files matching these regular expressions. They won't appear
# in listings, and won't be served to users (404 will be returned
# instead).
#exclude: [".*\\.secret", ".*/config"]
# Enforce authentication on these paths. The target is the file containing
# the user and passwords.
#auth:
# "/private": "/srv/auth/web-users.yaml"
# Set a header on replies.
#setheader:
# "/":
# "My-Header": "my header value"
# Enable request logging. The target is a log name, which should match an
# entry in the top-level reqlog configuration (see above).
reqlog:
"/": "requests.log"
# HTTPS servers.
https:
":443":
# Automatically get TLS certificates.
# Using this implies acceptance of LetsEncrypt's terms of service (or the
# selected CA).
autocerts:
# Hosts to get certificates for.
hosts: ["mysite.com", "www.mysite.com"]
# Where to cache the certificates.
# Default: $HOME/.cache/golang-autocert.
#cachedir: "/var/cache/gofer/autocerts"
# Contact email address. The CA can use this to notify about problems.
# Optional.
#email: "me@myhost.com"
# ACME directory URL to use.
# Default: LetsEncrypt's.
#acmeurl: "https://acme-v02.api.letsencrypt.org/directory"
# Location of the certificates, for TLS.
# Use this instead of `autocerts` if you get the certificates externally.
# If you set this, `autocerts` is ignored.
#certs: "/etc/letsencrypt/live/"
# The rest of the fields are the same as for http above.
routes:
"/":
dir: "/srv/www/"
"/local/":
proxy: "http://localhost:8099/"
"www.mysite.com/":
redirect: "https://mysite.com/"
# Raw socket proxying.
raw:
":995":
# If this is present, we will listen on a TLS socket; otherwise it will be
# a plain socket.
certs: "/etc/letsencrypt/live/"
# Address to proxy to.
to: "127.0.0.1:1995"
# If this is true, then we will use TLS to connect to the backend.
to_tls: true