Expand description
parse TOML config and generate requests from it
§Sōzu’s configuration
This module is responsible for parsing the config.toml provided by the flag --config
when starting Sōzu.
Here is the workflow for generating a working config:
config.toml -> FileConfig -> ConfigBuilder -> Configconfig.toml is parsed to FileConfig, a structure that itself contains a lot of substructures
whose names start with File- and end with -Config, like FileHttpFrontendConfig for instance.
The instance of FileConfig is then passed to a ConfigBuilder that populates a final Config
with listeners and clusters.
To illustrate:
use sozu_command_lib::config::{FileConfig, ConfigBuilder};
let file_config = FileConfig::load_from_path("../config.toml")
.expect("Could not load config.toml");
let config = ConfigBuilder::new(file_config, "../assets/config.toml")
.into_config()
.expect("Could not build config");Note that the path to config.toml is used twice: the first time, to parse the file,
the second time, to keep the path in the config for later use.
However, there is a simpler way that combines all this:
use sozu_command_lib::config::Config;
let config = Config::load_from_path("../assets/config.toml")
.expect("Could not build config from the path");§How values are chosen
Values are chosen in this order of priority:
- values defined in a section of the TOML file, for instance, timeouts for a specific listener
- values defined globally in the TOML file, like timeouts or buffer size
- if a variable has not been set in the TOML file, it will be set to a default defined here
Structs§
- Backend
Config - Config
- Sōzu configuration, populated with clusters and listeners.
- Config
Builder - A builder that converts FileConfig to Config
- File
Cluster Config - File
Cluster Frontend Config - File
Config - Parsed from the TOML config provided by the user.
- File
Health Check Config - File
Hsts Config - HSTS (HTTP Strict Transport Security, RFC 6797) policy as serialised
under
[https.listeners.default.hsts](listener default) or[clusters.<id>.frontends.hsts](per-frontend override). - File
UdpCluster Config - UDP-specific cluster knobs, parsed from a
[clusters.<id>.udp]block. - File
UdpHealth Config - UDP backend health-check configuration, parsed from
[clusters.<id>.udp.health]. - Header
Edit Config - A single header mutation as serialised under
[[clusters.<id>.frontends.headers]]. Maps to the protoHeadermessage at request-build time. - Http
Cluster Config - Http
Frontend Config - Listener
Builder - An HTTP, HTTPS or TCP listener as parsed from the
Listenerssection in the toml - Metrics
Config - TcpCluster
Config - TcpFrontend
Config
Enums§
- Cluster
Config - Config
Error - File
Cluster Protocol Config - Incompatibility
Kind - Listener
Protocol - Metric
Detail Level - Cardinality knob for metrics labels in the StatsD network drain.
- Missing
Kind - Path
Rule Type
Constants§
- DEFAULT_
ACCEPT_ QUEUE_ TIMEOUT - timeout to accept connection events in the accept queue (60 seconds)
- DEFAULT_
ALPN_ PROTOCOLS - Default ALPN protocols advertised by HTTPS listeners. Both HTTP/2 and HTTP/1.1 are enabled, allowing clients to negotiate either.
- DEFAULT_
AUTOMATIC_ STATE_ SAVE - wether to save the state automatically (false)
- DEFAULT_
BACK_ TIMEOUT - maximum time of inactivity for a backend socket (30 seconds)
- DEFAULT_
BUFFER_ SIZE - size of the buffers, in bytes (16 KB)
- DEFAULT_
CIPHER_ LIST - Authoritative list of default cipher suites for all rustls-based TLS providers.
- DEFAULT_
COMMAND_ BUFFER_ SIZE - size of the buffer for the channels, in bytes. Must be bigger than the size of the data received. (1 MB)
- DEFAULT_
CONNECT_ TIMEOUT - maximum time to connect to a backend server (3 seconds)
- DEFAULT_
DISABLE_ CLUSTER_ METRICS - wether to avoid register cluster metrics in the local drain
- DEFAULT_
EVICT_ ON_ QUEUE_ FULL - whether to evict least-recently-active sessions when the accept queue is saturated (false). Defaults to false because during a DDoS the existing connections are more likely to be legitimate clients than the queued ones; evicting them would serve the attacker. Enable when overload is dominated by normal traffic spikes rather than attacks.
- DEFAULT_
FRONT_ TIMEOUT - maximum time of inactivity for a frontend socket (60 seconds)
- DEFAULT_
GROUPS_ LIST - DEFAULT_
HSTS_ MAX_ AGE - Default
Strict-Transport-Security: max-agevalue (1 year, 31_536_000 seconds) substituted at config-load when an [hsts] block setsenabled = truebut omitsmax_age. Matches the HSTS preload list minimum (https://hstspreload.org/) and the Caddy / Nginx community recommendation. Operators can override with anyu32;max_age = 0is the RFC 6797 §11.4 kill switch and is allowed silently. - DEFAULT_
LOG_ TARGET - for both logs and access logs
- DEFAULT_
MAX_ BUFFERS - maximum number of buffers (1 000)
- DEFAULT_
MAX_ COMMAND_ BUFFER_ SIZE - maximum size of the buffer for the channels, in bytes. (2 MB)
- DEFAULT_
MAX_ CONNECTIONS - maximum number of simultaneous connections (10 000)
- DEFAULT_
MAX_ CONNECTIONS_ PER_ IP - Default per-(cluster, source-IP) connection limit.
0means unlimited. Counts are kept per(cluster_id, source_ip)so two clusters never share a counter even from the same IP. Per-cluster overrides on theClustermessage take precedence. - DEFAULT_
MIN_ BUFFERS - minimum number of buffers (1)
- DEFAULT_
REQUEST_ TIMEOUT - maximum time to receive a request since the connection started (10 seconds)
- DEFAULT_
RETRY_ AFTER - Default
Retry-Afterheader value (seconds) on HTTP 429 responses emitted when a per-(cluster, source-IP) connection limit is hit.0omits the header —Retry-After: 0invites an immediate retry that defeats the limit. TCP rejections do not emit this value (no HTTP envelope), but the field is accepted for symmetry. - DEFAULT_
SEND_ TLS_ 13_ TICKETS - Number of TLS 1.3 tickets to send to a client when establishing a connection. The tickets allow the client to resume a session. This protects the client agains session tracking. Increases the number of getrandom syscalls, with little influence on performance. Defaults to 4.
- DEFAULT_
SIGNATURE_ ALGORITHMS - DEFAULT_
SNI_ PREREAD_ MAX_ BYTES - maximum number of bytes buffered while prereading the TLS ClientHello
looking for the SNI extension on a TCP listener (16 KB — matches the
H2 frame ceiling used elsewhere in this file). Only relevant when at
least one SNI-scoped
TcpFrontendConfigtargets the listener; clamped by the globalbuffer_size(seeConfigError::SniPrereadMaxBytesExceedsBufferSize). Must match the proto default onTcpListenerConfig.sni_preread_max_bytes. - DEFAULT_
SNI_ PREREAD_ TIMEOUT - maximum time allowed to receive enough bytes of the TLS ClientHello to
read the SNI extension on a TCP listener (5 seconds). Only relevant when
at least one SNI-scoped
TcpFrontendConfigtargets the listener. Must match the proto default onTcpListenerConfig.sni_preread_timeout. - DEFAULT_
STICKY_ NAME - a name applied to sticky sessions (“SOZUBALANCEID”)
- DEFAULT_
UDP_ BACK_ TIMEOUT - upstream flow idle timeout for a UDP listener (30 seconds)
- DEFAULT_
UDP_ FRONT_ TIMEOUT - client/upstream flow idle timeout for a UDP listener (30 seconds)
- DEFAULT_
UDP_ MAX_ FLOWS - maximum number of concurrent UDP flows per listener.
0selects the runtime auto policy (~70% of the softRLIMIT_NOFILE). - DEFAULT_
UDP_ MAX_ RX_ DATAGRAM_ SIZE - maximum received datagram size for a UDP listener, in bytes (1500 = a
typical Ethernet MTU). Capped at the effective
buffer_sizeat runtime. - DEFAULT_
WORKER_ AUTOMATIC_ RESTART - wether a worker is automatically restarted when it crashes (true)
- DEFAULT_
WORKER_ COUNT - number of workers, i.e. Sōzu processes that scale horizontally (2)
- DEFAULT_
WORKER_ TIMEOUT - maximum time to wait for a worker to respond, until it is deemed NotAnswering (10 seconds)
- DEFAULT_
ZOMBIE_ CHECK_ INTERVAL - Interval between checking for zombie sessions, (30 minutes)
- H2_
MIN_ BUFFER_ SIZE - minimum buffer size required when any HTTPS listener advertises H2 ALPN.
- MAX_
LOOP_ ITERATIONS - MIN_
SNI_ PREREAD_ MAX_ BYTES - minimum allowed
sni_preread_max_byteson a TCP listener targeted by an SNI frontend (5 bytes — a full TLS record header: 1-byteContentType+ 2-byteProtocolVersion+ 2-byte length, RFC 8446 §5.1).0(and every value below this floor) makes the preread shell issue reads that can never accumulate enough bytes to parse even the outer record framing, spinning until the event-loop iteration guard (MAX_LOOP_ITERATIONS) trips instead of ever reaching a routing decision. SeeConfigError::SniPrereadMaxBytesTooSmall.
Functions§
- default_
sticky_ name - load_
answers - Load every per-status template referenced by
answers. - resolve_
answer_ source - Resolve a single
answersmap entry into the literal template body the proto layer expects. - validate_
health_ check_ config - Validate a
HealthCheckConfigfor the rules every layer relies on: strict positive thresholds and a URI that cannot smuggle a second HTTP message on the wire (RFC 9110 §5.1 — request-target). Used by the CLI request builder and the workerSetHealthCheckhandler so off-channel inputs (TOML reload, third-party clients) are constrained the same way assozu cluster health-check set. - validate_
sni_ pattern - Validates and normalizes a TCP frontend’s SNI pattern
(sozu-proxy/sozu#1279): either an exact hostname or a single leading
*.wildcard label. Rejects an embedded*anywhere else (so*.*.example.comandfoo.*.comare both invalid), a bare*, any empty label (leading/trailing/consecutive dots), and any non-ASCII character (ConfigError::NonAsciiSniPattern) — on-wire SNI is always an ASCII A-label (RFC 6066 §3 / IDNA), so a Unicode U-label would load fine but never match at runtime, a silent routing failure. Full IDNA/ punycode transformation at config-load is intentionally out of scope (noidnadependency in this crate); operators write the A-label form directly, consistent with what the HTTP router produces viaidna::domain_to_asciiinlib/src/router/mod.rs. ASCII-lowercases the accepted pattern for case-insensitive comparison.