mc/mc-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
564e0a9c676a769f6abcdd7d6b567b8392606a95
mc-proxy/mc-proxy.toml.example
Kyle Isom 9cba3241e8 Add SQLite persistence and write-through gRPC mutations 
Database (internal/db) stores listeners, routes, and firewall rules with
WAL mode, foreign keys, and idempotent migrations. First run seeds from
TOML config; subsequent runs load from DB as source of truth.

gRPC admin API now writes to the database before updating in-memory state
(write-through cache pattern). Adds snapshot command for VACUUM INTO
backups. Refactors firewall.New to accept raw rule slices instead of
config struct for flexibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 03:07:30 -07:00

59 lines
1.5 KiB
Plaintext
Raw Blame History

# mc-proxy configuration
# Database. Required. Listeners, routes, and firewall rules are persisted here.
# On first run, the database is seeded from the config below.
# On subsequent runs, the database is the source of truth.
[database]
path = "/srv/mc-proxy/mc-proxy.db"
# Listeners. Each listener binds a TCP port and has its own route table.
# These are used to seed the database on first run only.
[[listeners]]
addr = ":443"
[[listeners.routes]]
hostname = "metacrypt.metacircular.net"
backend = "127.0.0.1:18443"
[[listeners.routes]]
hostname = "mcias.metacircular.net"
backend = "127.0.0.1:28443"
[[listeners]]
addr = ":8443"
[[listeners.routes]]
hostname = "metacrypt.metacircular.net"
backend = "127.0.0.1:18443"
[[listeners]]
addr = ":9443"
[[listeners.routes]]
hostname = "mcias.metacircular.net"
backend = "127.0.0.1:28443"
# gRPC admin API. Optional — omit addr to disable.
[grpc]
addr = "127.0.0.1:9090"
tls_cert = "/srv/mc-proxy/certs/cert.pem"
tls_key = "/srv/mc-proxy/certs/key.pem"
client_ca = "/srv/mc-proxy/certs/ca.pem" # mTLS; omit to disable client auth
# Firewall. Global blocklist, evaluated before routing. Default allow.
[firewall]
geoip_db = "/srv/mc-proxy/GeoLite2-Country.mmdb"
blocked_ips = []
blocked_cidrs = []
blocked_countries = ["KP", "CN", "IN", "IL"]
# Proxy behavior.
[proxy]
connect_timeout = "5s"
idle_timeout = "300s"
shutdown_timeout = "30s"
# Logging.
[log]
level = "info"
Reference in New Issue View Git Blame Copy Permalink