Struct ServerConfig 

pub struct ServerConfig {

    pub max_connections: u64,
    pub front_timeout: u32,
    pub back_timeout: u32,
    pub connect_timeout: u32,
    pub zombie_check_interval: u32,
    pub accept_queue_timeout: u32,
    pub min_buffers: u64,
    pub max_buffers: u64,
    pub buffer_size: u64,
    pub log_level: String,
    pub log_target: String,
    pub access_logs_target: Option<String>,
    pub command_buffer_size: u64,
    pub max_command_buffer_size: u64,
    pub metrics: Option<ServerMetricsConfig>,
    pub access_log_format: i32,
    pub log_colored: bool,
    pub audit_logs_target: Option<String>,
    pub audit_logs_json_target: Option<String>,
    pub slab_entries_per_connection: Option<u64>,
    pub basic_auth_max_credential_bytes: Option<u64>,
    pub evict_on_queue_full: Option<bool>,
    pub max_connections_per_ip: Option<u64>,
    pub retry_after: Option<u32>,
    pub splice_pipe_capacity_bytes: Option<u64>,
}

Used by a worker to start its server loop. The defaults should match those of the config module

Fields

max_connections: u64

front_timeout: u32

back_timeout: u32

connect_timeout: u32

zombie_check_interval: u32

accept_queue_timeout: u32

min_buffers: u64

max_buffers: u64

buffer_size: u64

log_level: String

log_target: String

access_logs_target: Option<String>

command_buffer_size: u64

max_command_buffer_size: u64

metrics: Option<ServerMetricsConfig>

access_log_format: i32

log_colored: bool

audit_logs_target: Option<String>

Dedicated file path for the control-plane audit trail. When set on the main process, every audit line is also appended to this file opened O_APPEND | O_CREAT with mode 0o640. Workers currently ignore this field (audit only lives on the main), but the field is propagated on the proto wire so a future worker-side audit path can pick it up.

audit_logs_json_target: Option<String>

Dedicated JSON mirror of the audit log. One JSON object per line for SIEM ingest. Same lifecycle as audit_logs_target.

slab_entries_per_connection: Option<u64>

Slab capacity multiplier per connection. Defaults to 4 to accommodate H2 multiplexing (1 frontend + up to 3 backend connections per frontend). Operators with topologies that fan out across more clusters per session can raise this; the slab capacity is computed as 10 + slab_entries_per_connection * max_connections. Clamped to [2, 32] at config-load time. The previous compile-time constant was 4 and remains the default.

basic_auth_max_credential_bytes: Option<u64>

Maximum length, in bytes, of a base64-decoded Authorization: Basic payload accepted by mux::auth. Caps the per-failed-auth allocation so a hostile peer cannot force the worker to decode arbitrarily large tokens. RFC 7617 imposes no upper bound; the default is 4096 (well above the realistic shape username:password). Operators on tight memory budgets can lower this to 256-512; values that approach the per-frontend buffer_size raise a warning at config-load time (see config.rs validation). Set once at worker boot via mux::auth::set_max_decoded_credential_bytes.

evict_on_queue_full: Option<bool>

when the accept queue is full (max_connections reached), evict the least recently active sessions to make room for new connections. Defaults to false: during DDoS, existing connections are likely real clients.

max_connections_per_ip: Option<u64>

Default per-(cluster, source-IP) connection limit. 0 means unlimited (the default). When a request resolves to a cluster whose (cluster_id, client_ip) already holds this many concurrent connections, the proxy answers HTTP 429 (H1 + H2) or closes the TCP socket gracefully. Each cluster may override with its own max_connections_per_ip. The source IP is the proxy-protocol address when present, else peer_addr.

retry_after: Option<u32>

Default Retry-After header value (seconds) sent on HTTP 429 responses. 0 omits the header (rendering Retry-After: 0 invites an immediate retry that defeats the limit). Per-cluster overrides are available on the Cluster message. TCP rejections do not emit this value (no HTTP envelope), but it is still accepted in the proto/config shape for symmetry.

splice_pipe_capacity_bytes: Option<u64>

Requested kernel-pipe capacity, in bytes, for each splice(2) zero-copy direction in the Pipe protocol. Applied via fcntl(F_SETPIPE_SZ) per pipe at SplicePipe::new; the kernel rounds up to a page boundary and caps the value at /proc/sys/fs/pipe-max-size (default 1 MiB for unprivileged processes; CAP_SYS_RESOURCE goes higher). The realised capacity is read back via fcntl(F_GETPIPE_SZ) and used as the per-call len for splice_in. None keeps the kernel default of 64 KiB. Larger values amortise syscalls and reduce wakeups for bulk- transfer workloads at the cost of per-session pinned memory. Linux-only; ignored on builds without the splice feature.

Implementations

impl ServerConfig

pub const DEFAULT_SLAB_ENTRIES_PER_CONNECTION: u64 = 4

Default number of slab entries per connection. Set to 4 to accommodate H2 multiplexing (1 frontend + up to 3 backend connections per frontend with stream multiplexing). Previous value was 2 for H1-only operation. Operators with topologies that fan out across more clusters per session can override via slab_entries_per_connection in the config (clamped to [2, 32]).

pub const MIN_SLAB_ENTRIES_PER_CONNECTION: u64 = 2

Lower bound for the runtime knob. Below 2 the slab cannot hold one frontend + one backend per session.

pub const MAX_SLAB_ENTRIES_PER_CONNECTION: u64 = 32

Upper bound for the runtime knob. 32 caps memory blow-up from a runaway config; 32 backends per frontend covers any sane topology.

pub fn effective_slab_entries_per_connection(&self) -> u64

Effective slab-entries-per-connection. Applies the [MIN, MAX] clamp and falls back to the default when the proto field is absent or 0.

pub fn slab_capacity(&self) -> u64

Size of the slab for the Session manager.

With HTTP/2 multiplexing, each frontend session can have multiple backend connections (one per cluster), so we allocate Self::effective_slab_entries_per_connection entries per connection instead of the old H1-only multiplier of 2.

impl ServerConfig

pub fn access_logs_target(&self) -> &str

Returns the value of access_logs_target, or the default value if access_logs_target is unset.

pub fn access_log_format(&self) -> ProtobufAccessLogFormat

Returns the enum value of access_log_format, or the default if the field is set to an invalid enum value.

pub fn set_access_log_format(&mut self, value: ProtobufAccessLogFormat)

Sets access_log_format to the provided enum value.

pub fn audit_logs_target(&self) -> &str

Returns the value of audit_logs_target, or the default value if audit_logs_target is unset.

pub fn audit_logs_json_target(&self) -> &str

Returns the value of audit_logs_json_target, or the default value if audit_logs_json_target is unset.

pub fn slab_entries_per_connection(&self) -> u64

Returns the value of slab_entries_per_connection, or the default value if slab_entries_per_connection is unset.

pub fn basic_auth_max_credential_bytes(&self) -> u64

Returns the value of basic_auth_max_credential_bytes, or the default value if basic_auth_max_credential_bytes is unset.

pub fn evict_on_queue_full(&self) -> bool

Returns the value of evict_on_queue_full, or the default value if evict_on_queue_full is unset.

pub fn max_connections_per_ip(&self) -> u64

Returns the value of max_connections_per_ip, or the default value if max_connections_per_ip is unset.

pub fn retry_after(&self) -> u32

Returns the value of retry_after, or the default value if retry_after is unset.

pub fn splice_pipe_capacity_bytes(&self) -> u64

Returns the value of splice_pipe_capacity_bytes, or the default value if splice_pipe_capacity_bytes is unset.

Trait Implementations

impl Clone for ServerConfig

fn clone(&self) -> ServerConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ServerConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ServerConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ServerConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<&Config> for ServerConfig

reduce the config to the bare minimum needed by a worker

fn from(config: &Config) -> Self

Converts to this type from the input type.

impl Hash for ServerConfig

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Message for ServerConfig

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>

where Self: Sized,

Encodes the message to a buffer.

fn encode_to_vec(&self) -> Vec<u8>

where Self: Sized,

Encodes the message to a newly allocated buffer.

fn encode_length_delimited( &self, buf: &mut impl BufMut, ) -> Result<(), EncodeError>

where Self: Sized,

Encodes the message with a length-delimiter to a buffer.

fn encode_length_delimited_to_vec(&self) -> Vec<u8>

where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.

fn decode(buf: impl Buf) -> Result<Self, DecodeError>

where Self: Default,

Decodes an instance of the message from a buffer.

fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>

where Self: Default,

Decodes a length-delimited instance of the message from the buffer.

fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>

where Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self.

fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>

where Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl Ord for ServerConfig

fn cmp(&self, other: &ServerConfig) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for ServerConfig

fn eq(&self, other: &ServerConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for ServerConfig

fn partial_cmp(&self, other: &ServerConfig) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for ServerConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for ServerConfig

impl StructuralPartialEq for ServerConfig