Documentation
¶
Index ¶
- type Config
- func (c *Config) IdleTimeout() time.Duration
- func (c *Config) MaintenanceGraceDefault() time.Duration
- func (c *Config) RegistrationEnabled() bool
- func (c *Config) StunEnabled() bool
- func (c *Config) TotalBandwidthBytesPerSecond() int64
- func (c *Config) UDPFlowIdleTimeoutDefault() time.Duration
- func (c *Config) UDPFlowIdleTimeoutMax() time.Duration
- func (c *Config) UDPFlowIdleTimeoutMin() time.Duration
- func (c *Config) UDPMaxDatagramBytesOrDefault() int
- func (c *Config) UDPMaxFlowsOrDefault() int
- type PeerAuthentication
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
BackendListenAddress string `yaml:"backendListenAddress"`
PeerListenAddress string `yaml:"peerListenAddress"`
RelayPorts []int `yaml:"relayPorts"`
UDPRelayPorts []int `yaml:"udpRelayPorts"`
IdleTimeoutSeconds int `yaml:"idleTimeoutSeconds"`
BackendsJWTSecret string `yaml:"backendsJWTSecret"`
RemoteVerifierURL string `yaml:"remoteVerifierURL"`
MaintenanceGraceDefaultSeconds int `yaml:"maintenanceGraceDefaultSeconds"`
Peers []string `yaml:"peers"`
PeerAuthentication PeerAuthentication `yaml:"peerAuthentication"`
// Manual TLS configuration
HubTlsCertFile string `yaml:"hubTlsCertFile"`
HubTlsKeyFile string `yaml:"hubTlsKeyFile"`
// Automatic TLS configuration via ACME
HubPublicHostname string `yaml:"hubPublicHostname"`
AcmeCacheDir string `yaml:"acmeCacheDir"`
// TotalBandwidthMbps is the total bandwidth limit for the proxy in Mbps.
// Set to 0 for unlimited. When set, bandwidth is distributed fairly
// among all active backends using Deficit Round Robin.
TotalBandwidthMbps int `yaml:"totalBandwidthMbps"`
// Port claim allowlists (security controls). When empty, port claims are disabled.
AllowedTCPPortClaims []int `yaml:"allowedTCPPortClaims"`
AllowedUDPPortClaims []int `yaml:"allowedUDPPortClaims"`
// Orchestrator registration (optional — omit to run without DNS orchestration)
RegistrationURL string `yaml:"registrationURL"`
Region string `yaml:"region"` // sent in registration body
// UDP flow table and payload bounds (applies to udpRelayPorts).
UDPMaxFlows int `yaml:"udpMaxFlows"`
UDPMaxDatagramBytes int `yaml:"udpMaxDatagramBytes"`
UDPFlowIdleTimeoutDefaultSeconds int `yaml:"udpFlowIdleTimeoutDefaultSeconds"`
UDPFlowIdleTimeoutMinSeconds int `yaml:"udpFlowIdleTimeoutMinSeconds"`
UDPFlowIdleTimeoutMaxSeconds int `yaml:"udpFlowIdleTimeoutMaxSeconds"`
// STUN server port (optional — omit or set to 0 to disable).
// When set, a STUN Binding server listens on this UDP port.
StunPort int `yaml:"stunPort"`
}
Config holds the entire application configuration, loaded from a YAML file.
func LoadConfig ¶
LoadConfig reads the configuration from the given file path, unmarshals it, and performs validation.
func (*Config) IdleTimeout ¶
IdleTimeout returns the idle timeout as a time.Duration.
func (*Config) MaintenanceGraceDefault ¶
MaintenanceGraceDefault returns the default maintenance deferral window.
func (*Config) RegistrationEnabled ¶
RegistrationEnabled returns true if orchestrator registration is configured.
func (*Config) StunEnabled ¶
StunEnabled returns true if the embedded STUN server is configured.
func (*Config) TotalBandwidthBytesPerSecond ¶
TotalBandwidthBytesPerSecond returns the bandwidth limit in bytes/second. Returns 0 if unlimited.
func (*Config) UDPFlowIdleTimeoutDefault ¶
func (*Config) UDPFlowIdleTimeoutMax ¶
func (*Config) UDPFlowIdleTimeoutMin ¶
func (*Config) UDPMaxDatagramBytesOrDefault ¶
func (*Config) UDPMaxFlowsOrDefault ¶
type PeerAuthentication ¶
type PeerAuthentication struct {
TrustedDomainSuffixes []string `yaml:"trustedDomainSuffixes"`
}
PeerAuthentication holds the settings for peer mTLS authentication.
Source Files
Click to show internal directories.
Click to hide internal directories.