git » gofer » master » tree

[master] / config / gofer.yaml

# gofer configuration file

# Address for the control/debug server.
# DO NOT EXPOSE THIS TO THE INTERNET, it is dangerous and will leak a lot of
# information.
control_addr: "127.0.0.1:8081"

# Request logging.
reqlog:
  # Name of the log; just an id used to refer to it on the server entries
  # below.
  "requests.log":
    # Path to the log file.
    file: "/var/log/gofer/requests.log"

    # How many entries to hold in memory. Defaults to 0 (synchronous logging).
    bufsize: 16

    # Log format.
    # Known formats: <common>, <combined>, <combinedvh>, <lighttpd>, <gofer>
    # (that is the default).
    #format: "<gofer>"


# HTTP servers.
# Map of address: configuration.
http:
  # Address to listen on.
  # systemd socket passing is supported, use "&name" to indicate that you've
  # set up a systemd socket unit with "FileDescriptorName=name".
  # Examples: ":80", "127.0.0.1:8080", "&http".
  ":80":
    # Routes indicate how to handle each request based on its path.
    # The path have the semantics of http.ServeMux.
    routes:
      # Path: action.
      "/":
        # Serve the directory at the given path.
        dir: "/srv/www/"

        # Other possible actions follow. Only one per path.

        # Serve a single file.
        #file: "/srv/files/file"

        # Proxy requests.
        #proxy: "http://localhost:8080/api/"

        # Redirect to a different URL.
        #redirect: "https://wikipedia.org"

        # Execute a CGI.
        #cgi: ["/usr/share/gitweb/gitweb.cgi"]

        # Return a specific status.
        #status: 404

        # Options for the "dir" type.
        diropts:
          # Enable listing when index.html is not present?
          listing:
            "/": false
            "/pub/": true

          # Exclude files matching these regular expressions. They won't appear
          # in listings, and won't be served to users (404 will be returned
          # instead).
          #exclude: [".*\\.secret", ".*/config"]

    # Enforce authentication on these paths. The target is the file containing
    # the user and passwords.
    #auth:
    #  "/private": "/srv/auth/web-users.yaml"

    # Set a header on replies.
    #setheader:
    #  "/":
    #    "My-Header": "my header value"

    # Enable request logging. The target is a log name, which should match an
    # entry in the top-level reqlog configuration (see above).
    reqlog:
      "/": "requests.log"


# HTTPS servers.
https:
  ":443":
    # Automatically get TLS certificates.
    # Using this implies acceptance of LetsEncrypt's terms of service (or the
    # selected CA).
    autocerts:
      # Hosts to get certificates for.
      hosts: ["mysite.com", "www.mysite.com"]

      # Where to cache the certificates.
      # Default: $HOME/.cache/golang-autocert.
      #cachedir: "/var/cache/gofer/autocerts"

      # Contact email address. The CA can use this to notify about problems.
      # Optional.
      #email: "me@myhost.com"

      # ACME directory URL to use.
      # Default: LetsEncrypt's.
      #acmeurl: "https://acme-v02.api.letsencrypt.org/directory"

    # Location of the certificates, for TLS.
    # Use this instead of `autocerts` if you get the certificates externally.
    # If you set this, `autocerts` is ignored.
    #certs: "/etc/letsencrypt/live/"

    # The rest of the fields are the same as for http above.
    routes:
      "/":
        dir: "/srv/www/"
      "/local/":
        proxy: "http://localhost:8099/"
      "www.mysite.com/":
        redirect: "https://mysite.com/"


# Raw socket proxying.
raw:
  ":995":
    # If this is present, we will listen on a TLS socket; otherwise it will be
    # a plain socket.
    certs: "/etc/letsencrypt/live/"

    # Address to proxy to.
    to: "127.0.0.1:1995"

    # If this is true, then we will use TLS to connect to the backend.
    to_tls: true