solus/wstunnel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wstunnel/files/wstunnel.conf
Alexander Zhirov 20aa22ddf9
All checks were successful
Build / Build project (push) Successful in 6m10s
Details
Исправление конфигурационного файла
2025-05-14 00:58:54 +03:00

165 lines
6.2 KiB
Text
Raw Blame History

[server]
; Address to bind the wstunnel server (ws:// for non-TLS, wss:// for TLS)
; Example: wss://0.0.0.0:8080 or ws://[::]:8080
bind_address = wss://0.0.0.0:8080
; (Linux only) Mark network packets with SO_MARK sockoption
; Requires root, sudo, or specific capabilities
; socket_so_mark = 123
; Frequency of websocket ping to clients (set to 0 to disable)
websocket_ping_frequency = 30s
; Disable color output in logs
; no_color = true
; Enable masking of websocket frames (only for non-TLS ws://, adds overhead)
; websocket_mask_frame = false
; DNS resolver(s) for domain name lookups
; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com)
; Use system://0.0.0.0 for libc resolver
; dns_resolver = dns://1.1.1.1
; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections)
; dns_resolver_prefer_ipv4 = false
; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF)
log_level = INFO
; Restrict connections to specific destination:port pairs
; Can specify multiple restrictions
; restrict_to = google.com:443, localhost:22
; Restrict websocket upgrade to specific path prefix (acts as a client authentication secret)
; restrict_http_upgrade_path_prefix = /custom/path
; Path to YAML restriction config file (automatically reloaded on change)
; restrict_config = /path/to/restrict.yaml
; Custom TLS certificate (PEM format, auto-reloaded on change)
; tls_certificate = /path/to/certificate.pem
; Custom TLS private key (PEM, EC, or RSA, auto-reloaded on change)
; tls_private_key = /path/to/private_key.pem
; Enable mTLS by specifying CA certificates for client authentication (PEM, auto-reloaded)
; tls_client_ca_certs = /path/to/ca_certs.pem
; HTTP proxy to connect to clients (format: user:pass@host:port)
; http_proxy = user:pass@proxy.example.com:8080
; Override HTTP proxy login
; http_proxy_login = custom_login
; Override HTTP proxy password
; http_proxy_password = custom_password
; Idle timeout for remote-to-local server before unbinding (default: 3 minutes)
remote_to_local_server_idle_timeout = 3m
; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS)
; Note: This flag is ignored in the command line, use environment variable instead
; nb_worker_threads = 4
[client]
; Address of the wstunnel server (supports ws://, wss://, http://, https://)
; Example: wss://wstunnel.example.com or https://wstunnel.example.com
server_address = wss://wstunnel.example.com
; Local-to-remote forwarding rules (tcp, udp, socks5, stdio, unix)
; Can specify multiple rules
; Examples:
; - tcp://1212:google.com:443 (listen locally on port 1212, forward to google.com:443)
; - udp://1212:1.1.1.1:53?timeout_sec=10 (listen on UDP port 1212, forward to 1.1.1.1:53, timeout after 10s)
; - socks5://[::1]:1212?login=admin&password=admin (SOCKS5 proxy with authentication)
; - stdio://google.com:443 (forward stdio to google.com:443)
; - unix:///tmp/wstunnel.sock:google.com:443 (listen on Unix socket, forward to google.com:443)
; local_to_remote = tcp://1212:google.com:443
; Remote-to-local forwarding rules (tcp, udp, socks5, unix)
; Can specify multiple rules
; Examples:
; - tcp://1212:google.com:443 (server listens on port 1212, forwards to local google.com:443)
; - socks5://[::1]:1212 (server listens for SOCKS5, forwards dynamically to local)
; remote_to_local = tcp://1212:google.com:443
; Disable color output in logs
; no_color = true
; (Linux only) Mark network packets with SO_MARK sockoption
; Requires root, sudo, or specific capabilities
; socket_so_mark = 123
; Maximum number of idle connections to keep open to the server
connection_min_idle = 0
; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS)
; Note: This flag is ignored in the command line, use environment variable instead
; nb_worker_threads = 4
; Maximum backoff time for retrying server connections
connection_retry_max_backoff = 5m
; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF)
log_level = INFO
; Domain name for SNI during TLS handshake
; Required if behind a CDN like Cloudflare to match HTTP HOST header
; tls_sni_override = example.com
; Disable sending SNI during TLS handshake
; tls_sni_disable = false
; Enable TLS certificate verification (disabled by default, allows self-signed certs)
; tls_verify_certificate = false
; HTTP proxy to connect to the server (format: user:pass@host:port)
; http_proxy = user:pass@proxy.example.com:8080
; Override HTTP proxy login
; http_proxy_login = custom_login
; Override HTTP proxy password
; http_proxy_password = custom_password
; HTTP upgrade path prefix for websocket upgrade request
http_upgrade_path_prefix = v1
; Basic auth credentials for HTTP upgrade request (format: user:pass)
; http_upgrade_credentials = user:pass
; Frequency of websocket pings to the server (set to 0 to disable)
websocket_ping_frequency = 30s
; Enable masking of websocket frames (only for non-TLS ws://, adds overhead)
; websocket_mask_frame = false
; Custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE)
; Can specify multiple headers
; http_headers = X-Custom-Header: Value
; File containing custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE per line)
; http_headers_file = /path/to/headers.txt
; TLS certificate (PEM) for mTLS client authentication
; Automatically reloaded on change
; tls_certificate = /path/to/certificate.pem
; TLS private key (PEM) for mTLS client authentication
; Automatically reloaded on change
; tls_private_key = /path/to/private_key.pem
; DNS resolver(s) for domain name lookups
; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com)
; Use system://0.0.0.0 for libc resolver
; dns_resolver = dns://1.1.1.1
; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections)
; dns_resolver_prefer_ipv4 = false
; When using reverse tunnel, the client will try to always keep a connection to the server to await for new tunnels
; This delay is the maximum of time the client will wait before trying to reconnect to the server in case of failure
; The client follows an exponential backoff strategy until it reaches this maximum delay
; By default, the client tries to reconnect every 1 second
; reverse_tunnel_connection_retry_max_backoff = 1s
Reference in a new issue View git blame Copy permalink