Server

The type for each server config is map, with two always required keys:

• name, which specify the name of the server.

• type, which specify the real type of the server, decides how to parse other keys.

There are many types of server, each with a section below.

Servers

• dummy_close
• tcp_stream
• tcp_tproxy
• tls_stream
• http_proxy
• socks_proxy
• http_rproxy
• sni_proxy
• plain_tcp_port
• plain_tls_port
• native_tls_port
• plain_quic_port
• intelli_proxy

Common Keys

This section describes the common keys, they may be used by many servers.

name

required, type: metric node name

Set the name of the server.

type

required, type: str

Set the type of the server.

escaper

required, type: metric node name

Set the escaper to use with this server.

If the specified escaper doesn’t exist in configure, a default DummyDeny escaper will be used.

auditor

optional, type: metric node name

Set the auditor to use with this server.

If the specified auditor doesn’t exist in configure, a default auditor will be used.

user_group

optional, type: metric node name

Set the user group for auth.

If the specified user group doesn’t exist in configure, a default user group with no users will be used.

default: no auth enabled

shared_logger

optional, type: ascii

Set the server to use a logger running on a shared thread.

default: not set

listen_in_worker

optional, type: bool

Set if we should listen in each worker runtime if you have worker enabled.

The listen instance count will be the same with the worker number count.

default: false

tls_server

optional, type: rustls server config

Enable TLS on the listening socket and set TLS parameters.

default: disabled

tls_ticketer

optional, type: tls ticketer

Set a (remote) rolling TLS ticketer.

default: not set

Added in version 1.9.9.

ingress_network_filter

optional, type: ingress network acl rule

Set the network filter for clients.

The used client address will always be the interpreted client address, which means it will be the raw socket peer addr for servers that listen directly, and it will be the address set in the PROXY Protocol message for serverw chained after the server that support PROXY Protocol.

default: not set

dst_host_filter_set

optional, type: dst host acl rule set

Set the filter for dst host of each request.

Note

This won’t limit the Host header in http protocol.

default: not set

dst_port_filter

optional, type: exact port acl rule

Set the filter for dst port of each request.

default: not set

tcp_sock_speed_limit

optional, type: tcp socket speed limit

Set speed limit for each tcp socket.

default: no limit

tcp_conn_speed_limit

deprecated

Changed in version 1.11.8: deprecated, use tcp_sock_speed_limit instead

tcp_conn_limit

deprecated

Changed in version 1.11.8: deprecated, use tcp_sock_speed_limit instead

conn_limit

deprecated

Changed in version 1.11.8: deprecated, use tcp_sock_speed_limit instead

udp_sock_speed_limit

optional, type: udp socket speed limit

Set speed limit for each udp socket.

default: no limit

udp_relay_speed_limit

deprecated

Changed in version 1.11.8: deprecated, use udp_sock_speed_limit instead

udp_relay_limit

deprecated

Changed in version 1.11.8: deprecated, use udp_sock_speed_limit instead

relay_limit

deprecated

Changed in version 1.11.8: deprecated, use udp_sock_speed_limit instead

tcp_copy_buffer_size

optional, type: humanize usize

Set the buffer size for internal tcp copy.

default: 16K, minimal: 4K

tcp_copy_yield_size

optional, type: humanize usize

Set the yield out size for the internal copy task.

default: 1M, minimal: 256K

udp_relay_packet_size

optional, type: humanize usize

Set the udp packet size for udp relay.

default: 4K, maximum: 16K

udp_relay_yield_size

optional, type: humanize usize

Set the yield out size for the internal relay task.

default: 1M, maximum: 256K

udp_relay_batch_size

optional, type: usize

Set the batch recvmsg / sendmsg size.

default: 8

Added in version 1.7.29.

tcp_misc_opts

optional, type: tcp misc sock opts

Set misc tcp socket options on accepted tcp sockets.

default: not set, nodelay is default enabled

udp_misc_opts

optional, type: udp misc sock opts

Set misc udp socket options on created udp sockets.

default: not set

task_idle_check_duration

deprecated

Changed in version 1.11.3: change default value from 5min to 60s

Changed in version 1.13.0: deprecated, use task_idle_check_interval instead

task_idle_check_interval

optional, type: humanize duration

Set the idle check duration for task. The value will be up bound to seconds.

default: 60s, max: 30min, min: 2s

Added in version 1.13.0.

task_idle_max_count

optional, type: usize

The task will be closed if the idle check return IDLE the times as this value.

Note

The value set at user side will overwrite this.

default: 5

Changed in version 1.11.3: change default value from 1 to 5

flush_task_log_on_created

optional, type: bool

Log when task get created.

default: false

Added in version 1.11.0.

flush_task_log_on_connected

optional, type: bool

Log when upstream connected.

default: false

Added in version 1.11.0.

task_log_flush_interval

optional, type: humanize duration

Enable periodic task log and set the flush interval.

Note

There will be no periodic task log if protocol inspection is enabled, as intercept and inspect logs will be available in this case.

default: not set

Added in version 1.11.0.

extra_metrics_tags

optional, type: static metrics tags

Set extra metrics tags that should be added to server stats and user stats already with server tags added.

default: not set