oneserver/settings.json.example at main · koboshchan/oneserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
[
    {
        // Required: domain name to proxy
        "domain": "app.example.com",
        // Required: target server (format: "host:port" or "host", defaults to port 80)
        "forwarding": "localhost:3000",
        // Optional: "http" (HTTP only), "https" (HTTP+HTTPS), "https-only" (HTTP redirects to HTTPS)
        "type": "https-only",
        // Optional: SSL certificate bundle file name (if not provided, uses Let's Encrypt paths)
        "ca-bundle": "app.example.com.crt",
        // Optional: SSL private key file name (if not provided, uses Let's Encrypt paths)
        "private-key": "app.example.com.key",
        // Optional: Whitelist of allowed paths - only these paths will be forwarded, others return 404
        // Example: ["/api", "/cdn"] allows /api/*, /cdn/*, but blocks /admin, /test, etc.
        "allowed-paths": ["/api", "/cdn", "/public"],
        // Optional: Rate limiting - object format for path-specific limits (requests per minute)
        "rate-limit": {
            "/api/auth/*": 10,
            "/api/*": 100,
            "/uploads/*": 5,
            "/": 50
        },
        // Optional: Enable WebSocket support - true (default) or false
        "websocket": true,
        // Optional: Enable gzip compression - true (default) or false
        "compression": true,
        // Optional: Add security headers (X-Frame-Options, X-XSS-Protection, etc.) - true (default) or false
        "security-headers": true,
        // Optional: CSP header behavior - true (allow unsafe-eval), false (default CSP), null/omitted (no CSP header)
        "csp-unsafe-eval": false,
        // Optional: Proxy timeout - format: "60s", "120s", "5m" (default: "120s")
        "timeout": "120s",
        // Optional: Maximum request body size - format: "10m", "1g", "500k" (default: "10m")
        "max-body-size": "25m"
    },
    {
        "domain": "api.example.com",
        "forwarding": "192.168.1.100:8080",
        // Different type: allows both HTTP and HTTPS forwarding
        "type": "https",
        // Rate limiting - simple number format applies to all paths
        "rate-limit": 200,
        // WebSocket disabled
        "websocket": false,
        // Compression disabled
        "compression": false,
        // Security headers disabled
        "security-headers": false,
        "max-body-size": "100m"
    },
    {
        "domain": "legacy.example.com",
        "forwarding": "old-server.internal",
        // HTTP only - no SSL/HTTPS
        "type": "http",
        // No allowed-paths restriction - all paths forwarded
        "allowed-paths": [],
        // No rate limiting
        "rate-limit": {},
        "max-body-size": "1g"
    },
    {
        "domain": "jellyfin.example.org",
        "forwarding": "127.0.0.1:8096",
        "type": "https-only",
        "service": "jellyfin"
    }
]