-
Notifications
You must be signed in to change notification settings - Fork 108
/
test-config.kdl
134 lines (124 loc) · 5.31 KB
/
test-config.kdl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
// System configuration items - applies to the entire application
system {
threads-per-service 8
// Should the server daemonize and run in the background?
//
// NOTE: If this is "true", then "pid-file" must be set
daemonize false
// Path to the pidfile used when daemonizing
//
// NOTE: This must be an absolute path.
// See issue https://github.com/memorysafety/river/issues/50
pid-file "/tmp/river.pidfile"
// Path to upgrade socket
//
// NOTE: This must be an absolute path.
// See issue https://github.com/memorysafety/river/issues/50
// NOTE: The upgrade command is only supported on Linux
upgrade-socket "/tmp/river-upgrade.sock"
}
// Services are the main abstraction of River
services {
// This is a service named "Example1"
Example1 {
// Listeners are the "downstream" interfaces that we listen to. We can name as many
// as we'd like, at least one is required
listeners {
"0.0.0.0:8080"
"0.0.0.0:4443" cert-path="./assets/test.crt" key-path="./assets/test.key" offer-h2=true
}
// Apply Rate limiting to this service
//
// Note that ALL rules are applied, and a request must receive a token from all
// applicable rules.
//
// For example:
//
// A request to URI `/index.html` from IP 1.2.3.4 will only need to get a token from
// the `source-ip` rule.
//
// A request to URI `/static/style.css` from IP 1.2.3.4 will need to get a token from
// BOTH the `source-ip` rule (from the `1.2.3.4` bucket), AND the `specific-uri` rule
// (from the `/static/style.css` bucket)
rate-limiting {
// This rate limiting rule is based on the source IP address
//
// * Up to the last 4000 IP addresses will be remembered
// * Each IP address can make a burst of 10 requests
// * The bucket for each IP will refill at a rate of 1 request per 10 milliseconds
rule kind="source-ip" \
max-buckets=4000 tokens-per-bucket=10 refill-qty=1 refill-rate-ms=10
// This rate limiting is based on the specific URI path
//
// * Up to the last 2000 URI paths will be remembered
// * Each URI path can make a burst of 20 requests
// * The bucket for each URI will refill at a rate of 5 requests per 1 millisecond
rule kind="specific-uri" pattern="static/.*" \
max-buckets=2000 tokens-per-bucket=20 refill-qty=5 refill-rate-ms=1
// This rate limiting is based on ANY URI paths that match the pattern
//
// * A single bucket will be used for all URIs that match the pattern
// * We allow a burst of up to 50 requests for any MP4 files
// * The bucket for all MP4 files will refill at a rate of 2 requests per 3 milliseconds
rule kind="any-matching-uri" pattern=r".*\.mp4" \
tokens-per-bucket=50 refill-qty=2 refill-rate-ms=3
}
// Connectors are the "upstream" interfaces that we connect with. We can name as many
// as we'd like, at least one is required. By default, connectors are distributed
// round-robin.
connectors {
// load-balance configures how we handle distributing between the named connectors.
// This example is a little silly, because we only have one connector.
//
// This section is optional.
load-balance {
selection "Ketama" key="UriPath"
discovery "Static"
health-check "None"
}
"91.107.223.4:443" tls-sni="onevariable.com" proto="h2-or-h1"
}
// Path control are optional modifiers for requests and responses
//
// This section is optional.
path-control {
request-filters {
filter kind="block-cidr-range" addrs="192.168.0.0/16, 10.0.0.0/8, 2001:0db8::0/32"
}
upstream-request {
filter kind="remove-header-key-regex" pattern=".*(secret|SECRET).*"
filter kind="upsert-header" key="x-proxy-friend" value="river"
}
upstream-response {
filter kind="remove-header-key-regex" pattern=".*ETag.*"
filter kind="upsert-header" key="x-with-love-from" value="river"
}
}
}
// This is a second service named "Example2". This is the minimal possible configuration,
// with a single listener and connector.
Example2 {
listeners {
"0.0.0.0:8000"
}
connectors {
"91.107.223.4:80"
}
}
// This is a third service, this one is a file server
Example3 {
// Same as proxy services, we support multiple listeners, and require
// at least one.
listeners {
"0.0.0.0:9000"
"0.0.0.0:9443" cert-path="./assets/test.crt" key-path="./assets/test.key" offer-h2=true
}
// File servers have additional configuration items
file-server {
// The base path is what will be used as the "root" of the file server
//
// All files within the root will be available
base-path "."
}
}
}