Configuration

#Configuration ##Methods Configuration options can be defined via environment variables, YAML files, and flags. Config files for tlspxy must begin with #tlspxy. Default options can always be omitted.

The configuration for tlspxy is based on github.com/olebedev/config and uses a path-based mechanism for defining settings. Paths are always expressed the same way for each config method, the general template resembling something like this:

# Environment
SOME_SETTING_KEY=val

# Flag
-some-setting-key=val

# File
some:
  setting:
    key: val

Priority

Configuration is loaded in the following order. Later steps overwrite previous ones:

Load hard-coded defaults
Load any .yaml (or .yml) files in the current directory
Parse the environment
Parse command line flags

##Available Settings

Option Path	Environment	Flag	Default Value	Description
`log.contents`	`LOG_CONTENTS`	`-log-contents`	`false`	When used in conjunction with `log.level=debug` on a TCP proxy, prints the raw contents of the TCP stream. If remote TLS is enabled, the output will be encrypted.
`log.destination`	`LOG_DESTINATION`	`-log-destination`	`stdout`	Where to send log output. Options are `stdout` or `syslog://your-syslog-server` (ex: `syslog://localhost:514`)
`log.level`	`LOG_LEVEL`	`-log-level`	`info`	The log-level to use. Options are `debug`, `info`, `warning`, or `error`.
`remote.addr`	`REMOTE_ADDR`	`-remote-addr`		Remote server address
`remote.tls.ca`	`REMOTE_TLS_CA`	`-remote-tls-ca`		The CA to present to the remote server
`remote.tls.cert`	`REMOTE_TLS_CERT`	`-remote-tls-cert`		The client cert to present to the remote server
`remote.tls.key`	`REMOTE_TLS_KEY`	`-remote-tls-key`		The key to present to the remote server
`remote.tls.sysroots`	`REMOTE_TLS_SYSROOTS`	`-remote-tls-sysroots`	`true`	Load the system's root CA list (does not work on Windows)
`remote.tls.verify`	`REMOTE_TLS_VERIFY`	`-remote-tls-verify`	`true`	Verify the remote server's TLS cert
`server.addr`	`SERVER_ADDR`	`-server-addr`	`:9898`	The local server listening address
`server.tls.ca`	`SERVER_TLS_CA`	`-server-tls-ca`		The local server's TLS CA
`server.tls.cert`	`SERVER_TLS_CERT`	`-server-tls-cert`		The local server's TLS cert
`server.tls.key`	`SERVER_TLS_KEY`	`-server-tls-key`		The local server's TLS key
`server.tls.letsencrypt.cachedir`	`SERVER_TLS_LETSENCRYPT_CACHEDIR`	`-server-tls-letsencrypt-cachedir`	`/tmp/letsencrypt`	Set the LetsEncrypt cache directory
`server.tls.letsencrypt.domain`	`SERVER_TLS_LETSENCRYPT_DOMAIN`	`-server-tls-letsencrypt-domain`	`example.org`	Set the LetsEncrypt domain
`server.tls.letsencrypt.enable`	`SERVER_TLS_LETSENCRYPT_ENABLE`	`-server-tls-letsencrypt-enable`	`false`	Use LetsEncrypt to generate a trusted certificate
`server.tls.require`	`SERVER_TLS_REQUIRE`	`-server-tls-require`	`false`	Require that the client present an x509 cert
`server.tls.verify`	`SERVER_TLS_VERIFY`	`-server-tls-verify`	`false`	Verify client certs presented to the server
`server.type`	`SERVER_TYPE`	`-server-type`	`tcp`	The type of proxy to offer (`http` or `tcp`)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configuration

Priority

Clone this wiki locally