# ACME Reverse Proxy Configuration Example

# CA (Certificate Authority) settings for Let's Encrypt
[CA]
  Email    = "admin@example.com"           # Your email for Let's Encrypt registration
  CacheDir = "/var/lib/acme-reverseproxy"  # Directory to store certificates

# Well-known directory for ACME challenges (used if NFS is disabled)
WellKnownDir = "/tmp/.well-known"

# NFS configuration for .well-known directory
# When enabled, the .well-known directory will be mounted from NFS server
[NFS]
  enabled     = false                             # Set to true to enable NFS mounting
  server      = "10.200.1.3"                      # NFS server address
  export_path = "/export/acme"                    # NFS export path
  mount_point = "/mnt/acme-wellknown"             # Local mount point
  options     = "rw,vers=4.1,timeo=50,retrans=2"  # Mount options (optional)

# Domain to backend mappings
# Format: "domain.com" = "http://backend:port" or "https://backend:port"
[Mapping]
  "example.com"        = "http://localhost:8080"
  "secure.example.com" = "https://localhost:8443"
  "api.example.com"    = "http://192.168.1.10:3000"

# UDP/TCP stream configurations
# Each stream is defined as a separate table with the domain name
#
# PORTS:
# - Shared mode: TCP/UDP on port 10000 (requires domain in header)
# - Transparent mode: Each domain gets its own port
#   * TCP streams: ports 10001, 10002, 10003, ...
#   * UDP streams: ports 11001, 11002, 11003, ...
#
# FORMAT:
# [Streams."domain.com"]
#   protocol = "tcp"|"udp"
#   target = "host:port"
#   timeout = seconds (optional, default 300)

# TCP stream examples
[Streams."tcp.example.com"]
  protocol = "tcp"
  target = "localhost:22"
  timeout = 300

[Streams."ssh.example.com"]
  protocol = "tcp"
  target = "192.168.1.100:2222"
  timeout = 600

# UDP stream examples
[Streams."dns.example.com"]
  protocol = "udp"
  target = "8.8.8.8:53"
  timeout = 30

[Streams."ntp.example.com"]
  protocol = "udp"
  target = "pool.ntp.org:123"
  timeout = 60