config

package
v0.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	BackendListenAddress           string             `yaml:"backendListenAddress"`
	PeerListenAddress              string             `yaml:"peerListenAddress"`
	RelayPorts                     []int              `yaml:"relayPorts"`
	UDPRelayPorts                  []int              `yaml:"udpRelayPorts"`
	IdleTimeoutSeconds             int                `yaml:"idleTimeoutSeconds"`
	BackendsJWTSecret              string             `yaml:"backendsJWTSecret"`
	RemoteVerifierURL              string             `yaml:"remoteVerifierURL"`
	MaintenanceGraceDefaultSeconds int                `yaml:"maintenanceGraceDefaultSeconds"`
	Peers                          []string           `yaml:"peers"`
	PeerAuthentication             PeerAuthentication `yaml:"peerAuthentication"`

	// Manual TLS configuration
	HubTlsCertFile string `yaml:"hubTlsCertFile"`
	HubTlsKeyFile  string `yaml:"hubTlsKeyFile"`

	// Automatic TLS configuration via ACME
	HubPublicHostname string `yaml:"hubPublicHostname"`
	AcmeCacheDir      string `yaml:"acmeCacheDir"`

	// TotalBandwidthMbps is the total bandwidth limit for the proxy in Mbps.
	// Set to 0 for unlimited. When set, bandwidth is distributed fairly
	// among all active backends using Deficit Round Robin.
	TotalBandwidthMbps int `yaml:"totalBandwidthMbps"`

	// Port claim allowlists (security controls). When empty, port claims are disabled.
	AllowedTCPPortClaims []int `yaml:"allowedTCPPortClaims"`
	AllowedUDPPortClaims []int `yaml:"allowedUDPPortClaims"`

	// Orchestrator registration (optional — omit to run without DNS orchestration)
	RegistrationURL string `yaml:"registrationURL"`
	Region          string `yaml:"region"` // sent in registration body

	// UDP flow table and payload bounds (applies to udpRelayPorts).
	UDPMaxFlows                      int `yaml:"udpMaxFlows"`
	UDPMaxDatagramBytes              int `yaml:"udpMaxDatagramBytes"`
	UDPFlowIdleTimeoutDefaultSeconds int `yaml:"udpFlowIdleTimeoutDefaultSeconds"`
	UDPFlowIdleTimeoutMinSeconds     int `yaml:"udpFlowIdleTimeoutMinSeconds"`
	UDPFlowIdleTimeoutMaxSeconds     int `yaml:"udpFlowIdleTimeoutMaxSeconds"`

	// STUN server port (optional — omit or set to 0 to disable).
	// When set, a STUN Binding server listens on this UDP port.
	StunPort int `yaml:"stunPort"`

	// Outbound proxy settings. When AllowOutbound is true, backends with
	// matching JWT claims can request the proxy to open outbound TCP
	// connections on their behalf (giving them a static egress IP).
	AllowOutbound              bool  `yaml:"allowOutbound"`
	AllowedOutboundPorts       []int `yaml:"allowedOutboundPorts"`       // server-level port gate; empty = all when allowed
	MaxOutboundConnsPerBackend int   `yaml:"maxOutboundConnsPerBackend"` // 0 → default 100; -1 = no limit
	OutboundDialTimeoutSeconds int   `yaml:"outboundDialTimeoutSeconds"` // default 10
	OutboundIdleTimeoutSeconds int   `yaml:"outboundIdleTimeoutSeconds"` // 0 = no deadline
}

Config holds the entire application configuration, loaded from a YAML file.

func LoadConfig 

func LoadConfig(path string) (*Config, error)

LoadConfig reads the configuration from the given file path, unmarshals it, and performs validation.

func (*Config) IdleTimeout 

func (c *Config) IdleTimeout() time.Duration

IdleTimeout returns the idle timeout as a time.Duration.

func (*Config) MaintenanceGraceDefault 

func (c *Config) MaintenanceGraceDefault() time.Duration

MaintenanceGraceDefault returns the default maintenance deferral window.

func (*Config) MaxOutboundConns added in v0.3.1 

func (c *Config) MaxOutboundConns() int

MaxOutboundConns returns the per-backend outbound connection limit. Returns -1 for no limit.

func (*Config) OutboundDialTimeout added in v0.3.1 

func (c *Config) OutboundDialTimeout() time.Duration

OutboundDialTimeout returns the timeout for outbound TCP dials.

func (*Config) OutboundIdleTimeout added in v0.3.1 

func (c *Config) OutboundIdleTimeout() time.Duration

OutboundIdleTimeout returns the idle timeout for established outbound connections. Returns 0 for no deadline (rely on remote close or WS disconnect).

func (*Config) RegistrationEnabled 

func (c *Config) RegistrationEnabled() bool

RegistrationEnabled returns true if orchestrator registration is configured.

func (*Config) StunEnabled 

func (c *Config) StunEnabled() bool

StunEnabled returns true if the embedded STUN server is configured.

func (*Config) TotalBandwidthBytesPerSecond 

func (c *Config) TotalBandwidthBytesPerSecond() int64

TotalBandwidthBytesPerSecond returns the bandwidth limit in bytes/second. Returns 0 if unlimited.

func (*Config) UDPFlowIdleTimeoutDefault 

func (c *Config) UDPFlowIdleTimeoutDefault() time.Duration

func (*Config) UDPFlowIdleTimeoutMax 

func (c *Config) UDPFlowIdleTimeoutMax() time.Duration

func (*Config) UDPFlowIdleTimeoutMin 

func (c *Config) UDPFlowIdleTimeoutMin() time.Duration

func (*Config) UDPMaxDatagramBytesOrDefault 

func (c *Config) UDPMaxDatagramBytesOrDefault() int

func (*Config) UDPMaxFlowsOrDefault 

func (c *Config) UDPMaxFlowsOrDefault() int

type PeerAuthentication 

type PeerAuthentication struct {
	TrustedDomainSuffixes []string `yaml:"trustedDomainSuffixes"`
}

PeerAuthentication holds the settings for peer mTLS authentication.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.