-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathconfig.toml.example
More file actions
109 lines (78 loc) · 3.32 KB
/
config.toml.example
File metadata and controls
109 lines (78 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# config.toml.example — copy to config.toml and customise as needed.
[server]
# HTTP listen address.
addr = ":8080"
# HTTPS listen address (requires tls_cert and tls_key to be set).
tls_addr = ":8443"
# Canonical host used for HTTP → HTTPS redirects.
# Set this in production whenever tls_addr listens on all interfaces (e.g. ":443").
# Example: "static.example.com"
redirect_host = ""
# Path to TLS certificate file (PEM). Leave empty to disable HTTPS.
tls_cert = ""
# Path to TLS private key file (PEM). Leave empty to disable HTTPS.
tls_key = ""
# Maximum time to read an HTTP request from the client (headers + body).
# With fasthttp, this single timeout covers the full read phase including
# headers, providing Slowloris protection. Default 10s.
read_timeout = "10s"
# Maximum time to write an HTTP response to the client.
write_timeout = "10s"
# Maximum time an idle keep-alive connection is held open.
idle_timeout = "75s"
# How long to wait for in-flight requests to complete during graceful shutdown.
shutdown_timeout = "15s"
[files]
# Directory to serve files from.
root = "./public"
# Default file to serve for directory requests (e.g. /).
index = "index.html"
# Custom 404 page path, relative to root. Leave empty for the built-in 404.
not_found = "404.html"
[cache]
# Enable or disable the in-memory LRU file cache.
enabled = true
# Maximum total bytes to store in cache (default 256 MB).
max_bytes = 268435456
# Files larger than this (default 10 MB) bypass the cache and are served directly.
max_file_size = 10485760
# Optional TTL for cache entries. 0 means no expiry (flush with SIGHUP).
ttl = "0s"
[compression]
# Enable gzip compression for compressible content types.
enabled = true
# Minimum response size (bytes) to compress. Smaller responses are served as-is.
min_size = 1024
# gzip compression level (1=fastest, 9=best). Default 5 is a good balance.
level = 5
# Serve pre-compressed .gz and .br sidecar files when they exist alongside originals.
precompressed = true
[headers]
# Glob pattern for fingerprinted/immutable assets (gets "Cache-Control: immutable").
# Example: "**-[0-9a-f]*.{js,css}"
immutable_pattern = ""
# Cache-Control max-age for non-HTML static assets (seconds). Default 1 hour.
static_max_age = 3600
# Cache-Control max-age for HTML files (seconds). 0 = always revalidate (no-cache).
html_max_age = 0
[security]
# Block requests for files whose path components start with "." (dotfiles).
block_dotfiles = true
# Enable directory listing (serves an HTML index for directories without an index file).
# Disabled by default. Do not enable on production web applications.
directory_listing = false
# Allowed CORS origins. Empty list disables CORS headers.
# Use ["*"] for open access (emits literal * — not origin reflection).
# cors_origins = ["https://example.com", "https://app.example.com"]
cors_origins = []
# Content-Security-Policy header value.
csp = "default-src 'self'"
# Referrer-Policy header value.
referrer_policy = "strict-origin-when-cross-origin"
# Permissions-Policy header value.
permissions_policy = "geolocation=(), microphone=(), camera=()"
# HSTS max-age in seconds (only sent over HTTPS). Set to 0 to disable.
# Default: 31536000 (1 year). Only takes effect when TLS is configured.
hsts_max_age = 31536000
# Add includeSubDomains directive to the HSTS header.
hsts_include_subdomains = false