Skip to main content
Version: 0.15.0

Bind

The bind block configures the primary listener address and its associated protocol settings.

bind = {
# The network interface to listen on.
interface = "127.0.0.1"

# The port to listen on.
port = 8443

# Enable HTTP/2 support (requires TLS).
# Plaintext upstreams are supported: the proxy translates HTTP/2 to HTTP/1.1 automatically.
enable_http2 = true

# Optional HTTP/2 server tuning. Requires enable_http2 = true.
# All fields are optional; unset fields keep the defaults listed below.
http2 = {
max_concurrent_streams = 100
max_header_list_size = 65536
initial_window_size = 65535
initial_connection_window_size = 1048576
}

# Redirect plain HTTP requests to HTTPS.
redirect_http_to_https = false

# TLS configuration for the listener.
tls = {
mode = "manual"
cert = "/path/to/certs/server.pem"
key = "/path/to/certs/server.key"
}

# See: Connection Filter, Connection Rate Limiter
connection_filter = { ... }
connection_rate_limiting_filter = { ... }
}

Fields

FieldTypeDefaultDescription
interfacestring(required)The network interface to bind to.
portinteger(required)The port to bind to on the specified interface.
enable_http2booleanfalseEnable HTTP/2 on the listener. TLS is required. When enabled, HTTP/2 clients can connect even if upstream services only speak HTTP/1.1; the proxy translates between the two protocols automatically.
http2object(optional)Advanced HTTP/2 tuning options. See HTTP/2 settings.
redirect_http_to_httpsbooleanfalseWhen enabled, plain HTTP requests are redirected to HTTPS.
tls.modestring(required)TLS mode. Use "manual" to provide your own certificate and key.
tls.certstring(required)Path to the TLS certificate file.
tls.keystring(required)Path to the TLS private key file.
connection_filterobject(optional)Connection filtering rules. See Connection Filter.
connection_rate_limiting_filterobject(optional)Connection rate limiting rules. See Connection Rate Limiter.

For details on TLS configuration, see the TLS section of the documentation.

HTTP/2 settings

The optional http2 block tunes the HTTP/2 server parameters advertised to clients. It is only valid when enable_http2 = true. Every field is optional: when the block (or a field) is omitted, the defaults below apply. Requests that exceed max_header_list_size are refused with status 431.

FieldTypeDefaultDescription
max_concurrent_streamsinteger100Maximum number of simultaneous HTTP/2 streams (in-flight requests) per client connection.
max_header_list_sizeinteger65536Maximum decoded header list size per request, in bytes.
initial_window_sizeinteger65535Initial flow-control window per stream, in bytes. Must be at most 2147483647.
initial_connection_window_sizeinteger65535Connection-level flow-control window for received data, in bytes. Must be at most 2147483647.

All values must be greater than zero. The two window sizes are capped at 2^31 - 1 (2,147,483,647 bytes), the maximum HTTP/2 flow-control window allowed by RFC 9113.