.env.dist

#                                                                         __
# .-----.-----.______.-----.----.-----.--.--.--.--.______.----.---.-.----|  |--.-----.
# |  _  |  _  |______|  _  |   _|  _  |_   _|  |  |______|  __|  _  |  __|     |  -__|
# |___  |_____|      |   __|__| |_____|__.__|___  |      |____|___._|____|__|__|_____|
# |_____|            |__|                   |_____|
#
# Copyright (c) 2023 Fabio Cicerchia. https://fabiocicerchia.it. MIT License
# Repo: https://github.com/fabiocicerchia/go-proxy-cache

### GLOBAL CONFIGURATION
################################################################################

# --- GENERIC
SERVER_HTTPS_PORT=443
SERVER_HTTP_PORT=80

# --- GZIP
# Automatically enable GZip compression on all requests.
GZIP_ENABLED=0

# --- TLS
# Automatic Certificate Management Environment
# Provides automatic generation of SSL/TLS certificates from Let's Encrypt
# and any other ACME-based CA.
# Default: false (need to provide `certfile` and `keyfile`)
TLS_AUTO_CERT=0

# Email optionally specifies a contact email address.
# This is used by CAs, such as Let's Encrypt, to notify about problems with
# issued certificates.
TLS_EMAIL=

# Pair or files: the certificate and the key.
# Used by LoadX509KeyPair to read and parse a public/private key pair from a
# pair of files. The files must contain PEM encoded data. The certificate
# file may contain intermediate certificates following the leaf certificate
# to form a certificate chain.
TLS_CERT_FILE=
TLS_KEY_FILE=

# --- TIMEOUT
# It is the maximum duration for reading the entire request, including the
# body.
# Because it does not let Handlers make per-request decisions on each
# request body's acceptable deadline or upload rate, most users will prefer
# to use `read_header`. It is valid to use them both.
TIMEOUT_READ=5s

# It is the amount of time allowed to read request headers. The connection's
# read deadline is reset after reading the headers and the Handler can
# decide what is considered too slow for the body. If it is zero, the value
# of `read` is used. If both are zero, there is no timeout.
TIMEOUT_READ_HEADER=2s

# It is the maximum duration before timing out writes of the response. It is
# reset whenever a new request's header is read. Like `read`, it does not
# let Handlers make decisions on a per-request basis.
TIMEOUT_WRITE=5s

# It is the maximum amount of time to wait for the next request when
# keep-alives are enabled. If is zero, the value of `read` is used. If both
# ara zero, there is no timeout.
TIMEOUT_IDLE=20s

# It runs the handler with the given time limit.
TIMEOUT_HANDLER=5s

# --- FORWARDING
# Hostname to be used for requests forwarding.
FORWARD_HOST=

# Port to be used for requests forwarding.
FORWARD_PORT=

# Endpoint scheme to be used when forwarding traffic.
# Default: incoming connection.
# Values: http, https, ws, wss.
FORWARD_SCHEME=

# Load Balancing Algorithm to be used when present multiple endpoints.
# Allowed formats: ip-hash, least-connections, random, round-robin (default).
BALANCING_ALGORITHM=round-robin

# List of IPs/Hostnames to be used as load balanced backend servers.
# They'll be selected using the chosen algorithm (or round-robin).
# A list of space-separated IPs or Hostnames.
LB_ENDPOINT_LIST=

# Forces redirect from HTTP to HTTPS.
# Default: false
HTTP2HTTPS=0

# Status code to be used when redirecting HTTP to HTTPS.
# Default: 301
REDIRECT_STATUS_CODE=301

# --- HEALTH CHECK
# Status codes for healthy node.
# A list of space-separated status codes.
# Default: 200
HEALTHCHECK_STATUS_CODES=200

# Timeout request time.
HEALTHCHECK_TIMEOUT=

# Interval frequency for health checks.
HEALTHCHECK_INTERVAL=

# Fallback scheme if endpoint doesn't provide it.
HEALTHCHECK_SCHEME=https

# Allow healthchecks on self-signed TLS certificates (or expired/invalid).
HEALTHCHECK_ALLOW_INSECURE=0

# --- CACHE
# --- REDIS SERVER
REDIS_DB=0
REDIS_HOSTS=:6379
REDIS_PASSWORD=


# --- TTL
# Fallback storage TTL when saving the cache when no header is specified.
# It follows the order:
#  - If the cache is shared and the s-maxage response directives present, use
#    its value, or
#  - If the max-age response directive is present, use its value, or
#  - If the Expires response header field is present, use its value minus the
#    value of the Date response header field, or
#  - Otherwise, no explicit expiration time is present in the response.
#    A heuristic freshness lifetime might be applicable.
# Default: 0
DEFAULT_TTL=0

# --- ALLOWED VALUES
# Allows caching for different response codes.
# Default: 200,301,302
CACHE_ALLOWED_STATUSES=200,301,302

# If the client request method is listed in this directive then the response
# will be cached. "GET" and "HEAD" methods are always added to the list,
# though it is recommended to specify them explicitly.
# Default: HEAD,GET
CACHE_ALLOWED_METHODS=HEAD,GET

# --- JWT
# A list of space-separated paths.
# JWT_EXCLUDED_PATHS=/

# A list of space-separated scopes to be allowed.
# JWT_ALLOWED_SCOPES=scope1 scope2

# The JSON Web Key Set (JWKS) URL where it is stored the the public keys used to verify the JSON Web Token (JWT).
# - For global configuration:
# JWT_JWKS_URL=
# - For domain configuration:
# JWT_JWKS_URL_<domain_name_specified_in_config.yml>=
# *e.g: JWT_JWKS_URL_example_com=http://testJwksUrl.com
# Global Configuration - The value of the JwksUrl field is taken by following this preference order:
#  - JWT_JWKS_URL enviroment variable
#  - global jwks_url variable in config.yaml
# Domain Configuration - The value of the JwksUrl field is taken by following this preference order:
#  - JWT_JWKS_URL_<domain_name_specified_in_config.yml> enviroment variable
#  - domain jwks_url variable specified in config.yaml
#  - global jwks_url variable specified in config.yaml
#  - JWT_JWKS_URL enviroment variable

# Time in minutes that takes for JWKS to refresh automatically
# JWT_REFRESH_INTERVAL=15