Struct ServerConfig 

#[non_exhaustive]
pub struct ServerConfig {

    pub listen_addr: String,
    pub listen_port: u16,
    pub tls_cert_path: Option<PathBuf>,
    pub tls_key_path: Option<PathBuf>,
    pub shutdown_timeout: String,
    pub request_timeout: String,
    pub allowed_origins: Vec<String>,
    pub stdio_enabled: bool,
    pub tool_rate_limit: Option<u32>,
    pub session_idle_timeout: String,
    pub sse_keep_alive: String,
    pub public_url: Option<String>,
    pub compression_enabled: bool,
    pub compression_min_size: u16,
    pub max_concurrent_requests: Option<usize>,
    pub admin_enabled: bool,
    pub admin_role: String,
    pub auth: Option<AuthConfig>,
}

Server listener configuration (reusable across MCP projects).

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

listen_addr: String

Listen address (IP or hostname). Default: 127.0.0.1.

listen_port: u16

Listen TCP port. Default: 8443.

tls_cert_path: Option<PathBuf>

Path to the TLS certificate (PEM). Required for TLS/mTLS.

tls_key_path: Option<PathBuf>

Path to the TLS private key (PEM). Required for TLS/mTLS.

shutdown_timeout: String

Graceful shutdown timeout, parsed via humantime.

request_timeout: String

Per-request timeout, parsed via humantime.

allowed_origins: Vec<String>

Allowed Origin header values for DNS rebinding protection (MCP spec). Requests with an Origin not in this list are rejected with 403. Requests without an Origin header are always allowed (non-browser).

stdio_enabled: bool

Allow the stdio transport subcommand. Disabled by default because stdio mode bypasses auth, RBAC, TLS, and Origin validation.

tool_rate_limit: Option<u32>

Maximum tool invocations per source IP per minute. When set, enforced by the RBAC middleware on tools/call requests. Protects against both abuse and runaway LLM loops.

session_idle_timeout: String

Idle timeout for MCP sessions. Sessions with no activity for this duration are closed automatically. Default: 20 minutes.

sse_keep_alive: String

Interval for SSE keep-alive pings sent to the client. Prevents proxies and load balancers from killing idle connections. Default: 15 seconds.

public_url: Option<String>

Externally reachable base URL (e.g. https://mcp.example.com). When set, OAuth metadata endpoints advertise this URL instead of the listen address. Required when the server binds to 0.0.0.0 behind a reverse proxy or inside a container.

compression_enabled: bool

Enable gzip/br response compression for MCP responses.

compression_min_size: u16

Minimum response size (bytes) before compression kicks in. Only used when compression_enabled is true. Default: 1024.

max_concurrent_requests: Option<usize>

Global cap on in-flight HTTP requests. When reached, excess requests receive 503 Service Unavailable (via load shedding).

admin_enabled: bool

Enable /admin/* diagnostic endpoints.

admin_role: String

RBAC role required to access admin endpoints.

auth: Option<AuthConfig>

Authentication configuration (API keys, mTLS, OAuth).

Trait Implementations

impl Debug for ServerConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ServerConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ServerConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.