The proxy-config.yaml file is used to configure Qpoint Proxy, defining global settings, endpoint-specific rules, and optional middleware stacks.
Configuration File Structure
The proxy-config.yaml file consists of three main sections:
Global Proxy Settings
Endpoints
Stacks (Optional)
proxy:# Global Proxy Settingsjwt_hmac_key:"qwertyuiopasdfghjklzxcvbnm123456"# Key for HMAC to validate JWTstls_ca_crt:"PEM or file://global_ca_cert.pem"# Path or inline CA certificatetls_ca_key:"PEM or file://global_ca_key.pem"# Path or inline CA keydefault_domain_action:ALLOW# Default action for unspecified domainsendpoints:# Specific Endpoint Settings# Endpoint with ACL, without SSL/TLS Termination, & without Stack - domain:"api.github.com"action:DENYallow: - ip:172.17.0.1 - id:dog# Endpoint with ACL, with SSL/TLS Termination & with Stack - domain:"api.example.com"action:DENYallow: - ip:172.17.0.1 - http-user:user2:password2 - tag:adminstack:complete# Reference to the 'complete' stackstacks:complete:middlewares: - name:duration-microconfig:"us"wasm:"docker://us-docker.pkg.dev/qpoint-edge/public/middleware/http_duration:0bb591c" - name:local-metricsconfig:"metrics-config"wasm:"/path/to/local/metrics.wasm"
Global Settings
These settings apply across the entire proxy configuration.
proxy:jwt_hmac_key:"qwertyuiopasdfghjklzxcvbnm123456"# Key for HMAC to validate JWTstls_ca_crt:"PEM or file://"# Path or inline CA certificatetls_ca_key:"PEM or file://"# Path or inline CA keydefault_domain_action:ALLOW# Default action for unspecified domains
jwt_hmac_key (optional): Key used for HMAC to validate JWTs for Access Control.
tls_ca_crt (optional): Path or inline CA certificate for optional SSL/TLS termination.
tls_ca_key (optional): Path or inline CA key for optional SSL/TLS termination
default_domain_action: Sets the default action for domain requests not explicitly defined in the endpoints section.
Endpoints
Controls traffic based on the requested domain, with specific rules for each domain.
proxy:...# Global Settingsendpoints: - domain:"api.example.com"action:DENYallow: - ip:172.17.0.1cert:ca:"PEM or file://"# Inline or path to CA certificatecrt:"PEM or file://"# Inline or path to domain certificatekey:"PEM or file://"# Inline or path to private keystack:complete# Reference to a stack for middleware processing
domain: The specific domain to which the rule applies.
action: Default action for this domain (ALLOW or DENY).
allow/deny: Conditions to override the default action based on IP addresses, user credentials, or JWT claims.
cert: SSL/TLS certificate configurations for the endpoint.
ca: Path or inline CA certificate.
crt: Path or inline server certificate.
key: Path or inline private key.
stack: Name of a middleware stack to apply additional inline processing (optional).
Stacks (Optional)
Defines groups of middleware modules for enhanced traffic processing. See more detailed information in Stacks
proxy:tls_ca_crt:"PEM or file://"# Path or inline CA certificatetls_ca_key:"PEM or file://"# Path or inline CA keydefault_domain_action:ALLOWendpoints: - domain:"api.example.com"action:DENYallow: - ip:172.17.0.1stack:complete# Reference to a stack for middleware processing
