forked from getlantern/http-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.ini.default
101 lines (101 loc) · 8.41 KB
/
config.ini.default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
addr = # Address to listen with HTTP(S)
allowMissingConfig = false # Don't terminate the app if the ini file cannot be read.
allowUnknownFlags = true # Don't terminate the app if ini file contains unknown flags.
bbrprobeurl = # optional URL to probe for upstream BBR bandwidth estimates
bench = false # Set this flag to set up proxy as a benchmarking proxy. This automatically puts the proxy into tls mode and disables auth token authentication.
blacklist-allowed-failures = 100 # The number of failed connection attempts we tolerate before blacklisting an IP address
blacklist-expiration = 6h0m0s # How long to wait before removing an ip from the blacklist
blacklist-max-connect-interval = 10s # Successive connection attempts within this interval will be treated as a single attempt for blacklisting
blacklist-max-idle-time = 2m0s # How long to wait for an HTTP request before considering a connection failed for blacklisting
cert = # Certificate file name
cfgsvrauthtoken = # Token attached to config-server requests, not attaching if empty
configUpdateInterval = 0s # Update interval for re-reading config file set via -config flag. Zero disables config file re-reading.
connect-ok-waits-for-upstream = false # Set to true to wait for upstream connection before responding OK to CONNECT requests
enablemultipath = false # Enable multipath. Only clients support multipath can communicate with it.
enablereports = false # Enable stats reporting
enhttp-addr = # Address at which to accept encapsulated HTTP requests
enhttp-reapidletime = 1m10s # configure how long enhttp connections are allowed to remain idle before being forcibly closed
enhttp-server-url = # specify a full URL for domain-fronting to this server with enhttp, required for sticky routing with CloudFront
external-intf = eth0 # The name of the external interface on the host
externalip = # The external IP of this proxy, used for reporting
geoip2ispdbfile = # The local copy of the GeoIP2 ISP database
google-captcha-regex = ^ipv4.google\..+ # Regex for detecting access to Google captcha page
google-search-regex = ^(www.)?google\..+ # Regex for detecting access to Google Search
help = false # Get usage help
https = false # Use TLS for client to proxy communication
idleclose = 70 # Time in seconds that an idle connection will be allowed before closing it
kcpconf = # Path to file configuring kcp
key = # Private key file name
lampshade-addr = # Address at which to listen for lampshade connections with tcp. Requires https to be true.
lampshade-keycache-size = 0 # set this to a positive value to cache client keys and reject duplicates to thwart replay attacks
lampshade-max-clientinit-age = 0s # set this to a positive value to limit the age of client init messages to thwart replay attacks
maxconns = 0 # Max number of simultaneous allowed connections, unused
maxmindlicensekey = xxxxx # MaxMind license key to load the GeoLite2 Country database
missing-session-ticket-reaction = None # Specifies the reaction when seeing ClientHellos without TLS session tickets. Apply only if require-session-tickets is set
missing-session-ticket-reaction-delay = 0s # Specifies the delay before reaction to ClientHellos without TLS session tickets. Apply only if require-session-tickets is set.
missing-session-ticket-reflect-site = # Specifies the site to mirror when seeing no TLS session ticket in ClientHellos. Useful only if missing-session-ticket-reaction is ReflectToSite.
multiplexaddr = # Multiplexed address at which to listen with HTTP(S)
multiplexprotocol = smux # multiplexing protocol to use
obfs4-addr = # Provide an address here in order to listen with obfs4
obfs4-dir = . # Directory where obfs4 can store its files
#obfs4-distBias = false # Enable obfs4 using ScrambleSuit style table generation
obfs4-handshake-concurrency = 1024 # How many concurrent OBFS4 handshakes to process
obfs4-handshake-timeout = 10s # How long to wait before timing out an OBFS4 handshake
obfs4-max-pending-handshakes-per-client = 512 # How many pending OBFS4 handshakes to allow per client
obfs4-multiplexaddr = # Provide an address here in order to listen with multiplexed obfs4
oquic-addr = # Address at which to listen for OQUIC connections.
oquic-aggressive-padding = 32 # OQUIC number of initial aggressively padded packets
oquic-cipher = SALSA20 # OQUIC cipher
oquic-key = # OQUIC base64 encoded 256 bit obfuscation key
oquic-max-padding-hint = 32 # OQUIC max padding after aggressive phase
oquic-min-padded = 128 # OQUIC minimum size packet to pad
pforward-addr = # Address at which to listen for packet forwarding connections
pforward-intf = # The name of the interface to use for upstream packet forwarding connections. Deprecated by external-intf
pprofaddr = # pprof address to listen on, not activate pprof if empty
pro = false # Set to true to make this a pro proxy (no bandwidth limiting unless forced throttling)
proxied-sites-sample-percentage = 0.01 # The percentage of requests to sample (0.01 = 1%)
proxied-sites-tracking-id = UA-21815217-16 # The Google Analytics property id for tracking proxied sites
proxyname = macbook-pro.lan # The name of this proxy (defaults to hostname)
proxyprotocol = # The protocol of this proxy, for information only
psmux-aggressive-padding = 0 # psmux aggressive padding count
psmux-aggressive-padding-ratio = 0 # psmux aggressive padding ratio
psmux-disable-aggressive-padding = false # disable aggressive padding only
psmux-disable-padding = false # disable all padding
psmux-max-frame-size = 0 # psmux maximum frame size
psmux-max-padded-size = 0 # psmux max padded size
psmux-max-padding-ratio = 0 # psmux max padding ratio
psmux-max-receive-buffer = 0 # psmux max receive buffer
psmux-max-stream-buffer = 0 # psmux max stream buffer
psmux-version = 0 # psmux protocol version
quic-bbr = false # Should quic-go use BBR instead of CUBIC
quic-ietf-addr = # Address at which to listen for IETF QUIC connections.
reportingredis = # The address of the reporting Redis instance in "redis[s]://host:port" format
require-session-tickets = true # Specifies whether or not to require TLS session tickets in ClientHellos
sessionticketkey = # File name for storing rotating session ticket keys
shadowsocks-addr = # Address at which to listen for shadowsocks connections.
shadowsocks-cipher = chacha20-ietf-poly1305 # shadowsocks cipher
shadowsocks-multiplexaddr = # Address at which to listen for multiplexed shadowsocks connections.
shadowsocks-replay-history = 10000 # Replay buffer size (# of handshakes)
shadowsocks-secret = # shadowsocks secret
smux-max-frame-size = 0 # smux maximum frame size
smux-max-receive-buffer = 0 # smux max receive buffer
smux-max-stream-buffer = 0 # smux max stream buffer
smux-version = 0 # smux protocol version
stackdriver-creds = /home/lantern/lantern-stackdriver.json # Optional full json file path containing stackdriver credentials
stackdriver-project-id = lantern-http-proxy # Optional project ID for stackdriver error reporting as in http-proxy-lantern
stackdriver-sample-percentage = 0.003 # The percentage of devices to report to Stackdriver (0.01 = 1%)
throttlerefresh = 5m0s # Specifies how frequently to refresh throttling configuration from redis. Defaults to 5 minutes.
tlslistener-allow-tls13 = false # Allow tlslistener to offer tls13. Because of session ticket issues, this is likely experimental until they can be worked out
tlsmasq-addr = # Address at which to listen for tlsmasq connections.
tlsmasq-origin-addr = # Address of tlsmasq origin with port.
tlsmasq-secret = # Hex encoded 52 byte tlsmasq shared secret.
tlsmasq-tls-cipher-suites = 0x1301,0x1302,0x1303,0xcca8,0xcca9,0xc02b,0xc030,0xc02c # hex-encoded TLS cipher suites
tlsmasq-tls-min-version = 0x0303 # hex-encoded TLS version
token = # Lantern token
tos = 0 # Specify a diffserv TOS to prioritize traffic. Defaults to 0 (off)
tunnelports = # Comma seperated list of ports allowed for HTTP CONNECT tunnel. Allow all ports if empty.
version = false # shows the version of the binary
versioncheck = # Check if Lantern client matches the semantic version range, like "< 3.1.1" or "<= 3.x". No check by default. Only applies to Lantern clients, not Beam.
versioncheck-redirect-percentage = 1 # The percentage of requests to be redirected in version check. Defaults to 1 (100%)
versioncheck-redirect-url = # The URL to redirect if client is below certain version. Always used along with versioncheck
wss-addr = # Address at which to listen for WSS connections.