Skip to main content

HttpsListenerConfig

sozu_lib::testing

Struct HttpsListenerConfig 

Source 
pub struct HttpsListenerConfig {
Show 44 fields
    pub address: SocketAddress,
    pub public_address: Option<SocketAddress>,
    pub expect_proxy: bool,
    pub sticky_name: String,
    pub front_timeout: u32,
    pub back_timeout: u32,
    pub connect_timeout: u32,
    pub request_timeout: u32,
    pub active: bool,
    pub versions: Vec<i32>,
    pub cipher_list: Vec<String>,
    pub cipher_suites: Vec<String>,
    pub signature_algorithms: Vec<String>,
    pub groups_list: Vec<String>,
    pub certificate: Option<String>,
    pub certificate_chain: Vec<String>,
    pub key: Option<String>,
    pub send_tls13_tickets: u64,
    pub http_answers: Option<CustomHttpAnswers>,
    pub alpn_protocols: Vec<String>,
    pub h2_max_rst_stream_per_window: Option<u32>,
    pub h2_max_ping_per_window: Option<u32>,
    pub h2_max_settings_per_window: Option<u32>,
    pub h2_max_empty_data_per_window: Option<u32>,
    pub h2_max_continuation_frames: Option<u32>,
    pub h2_max_glitch_count: Option<u32>,
    pub h2_initial_connection_window: Option<u32>,
    pub h2_max_concurrent_streams: Option<u32>,
    pub h2_stream_shrink_ratio: Option<u32>,
    pub h2_max_rst_stream_lifetime: Option<u64>,
    pub h2_max_rst_stream_abusive_lifetime: Option<u64>,
    pub h2_max_rst_stream_emitted_lifetime: Option<u64>,
    pub h2_max_header_list_size: Option<u32>,
    pub strict_sni_binding: Option<bool>,
    pub disable_http11: Option<bool>,
    pub h2_stream_idle_timeout_seconds: Option<u32>,
    pub h2_max_header_table_size: Option<u32>,
    pub h2_graceful_shutdown_deadline_seconds: Option<u32>,
    pub h2_max_window_update_stream0_per_window: Option<u32>,
    pub sozu_id_header: Option<String>,
    pub answers: BTreeMap<String, String>,
    pub elide_x_real_ip: Option<bool>,
    pub send_x_real_ip: Option<bool>,
    pub hsts: Option<HstsConfig>,

}
Expand description

details of an HTTPS listener

Fields§

§address: SocketAddress§public_address: Option<SocketAddress>§expect_proxy: bool§sticky_name: String§front_timeout: u32

client inactive time, in seconds

§back_timeout: u32

backend server inactive time, in seconds

§connect_timeout: u32

time to connect to the backend, in seconds

§request_timeout: u32

max time to send a complete request, in seconds

§active: bool

wether the listener is actively listening on its socket

§versions: Vec<i32>

TLS versions

§cipher_list: Vec<String>§cipher_suites: Vec<String>§signature_algorithms: Vec<String>§groups_list: Vec<String>§certificate: Option<String>§certificate_chain: Vec<String>§key: Option<String>§send_tls13_tickets: u64

Number of TLS 1.3 tickets to send to a client when establishing a connection. The tickets allow the client to resume a session. This protects the client agains session tracking. Defaults to 4.

§http_answers: Option<CustomHttpAnswers>

DEPRECATED: per-status answer message. Prefer the answers map at field 43. Kept on the wire so legacy state files round-trip cleanly; workers populate both fields and treat them as equivalent on read.

§alpn_protocols: Vec<String>

ALPN protocols to advertise during TLS handshake, in order of preference. Valid values: “h2”, “http/1.1”. Defaults to [“h2”, “http/1.1”].

§h2_max_rst_stream_per_window: Option<u32>

H2 flood detection thresholds (CVE mitigations). All are optional; when absent, built-in defaults are used. Maximum RST_STREAM frames per second window (CVE-2023-44487, CVE-2019-9514)

§h2_max_ping_per_window: Option<u32>

Maximum PING frames per second window (CVE-2019-9512)

§h2_max_settings_per_window: Option<u32>

Maximum SETTINGS frames per second window (CVE-2019-9515)

§h2_max_empty_data_per_window: Option<u32>

Maximum empty DATA frames per second window (CVE-2019-9518)

§h2_max_continuation_frames: Option<u32>

Maximum CONTINUATION frames per header block (CVE-2024-27316)

§h2_max_glitch_count: Option<u32>

Maximum accumulated protocol anomalies before ENHANCE_YOUR_CALM

§h2_initial_connection_window: Option<u32>

H2 connection tuning parameters. Connection-level receive window size in bytes (RFC 9113 §6.9.2). Default: 1048576 (1MB). The RFC default of 65535 is too small for proxying.

§h2_max_concurrent_streams: Option<u32>

Maximum concurrent H2 streams the proxy accepts (SETTINGS_MAX_CONCURRENT_STREAMS). Default: 100.

§h2_stream_shrink_ratio: Option<u32>

Shrink threshold ratio for recycled stream slots. Vec is shrunk when total_slots > active_streams * ratio. Default: 2.

§h2_max_rst_stream_lifetime: Option<u64>

Absolute lifetime cap on RST_STREAM frames received on a single H2 connection (CVE-2023-44487). Default: 10000.

§h2_max_rst_stream_abusive_lifetime: Option<u64>

Lifetime cap on “abusive” (pre-response-start) RST_STREAM frames received on a single H2 connection — the Rapid Reset signature. Default: 50.

§h2_max_rst_stream_emitted_lifetime: Option<u64>

Absolute lifetime cap on RST_STREAM frames emitted by the server on a single H2 connection (CVE-2025-8671 “MadeYouReset”). Covers the emission-direction-flipped sibling of Rapid Reset, where an attacker sends legitimate-looking frames (Content-Length mismatch, header parse error, rejected priority, zero-increment WINDOW_UPDATE on an open stream) that coerce the server into emitting RST_STREAM. Graceful NoError cancels are exempt. Default: 500.

§h2_max_header_list_size: Option<u32>

Maximum accumulated HPACK-decoded header list size per request (SETTINGS_MAX_HEADER_LIST_SIZE, RFC 9113 §6.5.2). Default: 65536.

§strict_sni_binding: Option<bool>

When true, every HTTP request served on this listener must have its :authority / Host host exact-match the TLS SNI that was negotiated at handshake (CWE-346 / CWE-444). Disabling this lifts the per-stream TLS trust boundary, so leave enabled unless an operational need requires cross-SNI routing. Default: true.

§disable_http11: Option<bool>

When true, this listener only accepts HTTP/2 connections: clients that fail to negotiate h2 via TLS ALPN (including those that omit ALPN altogether) are dropped at handshake instead of silently falling back to HTTP/1.1. Default: false — preserves the historical “ALPN missing defaults to h1” behavior.

§h2_stream_idle_timeout_seconds: Option<u32>

Per-stream idle timeout, in seconds. An open H2 stream that receives no meaningful application data (non-empty DATA or HEADERS frames) for this duration is cancelled (RST_STREAM / CANCEL). Active uploads that trickle DATA frames reset the timer on each non-empty frame. Defends against slow-multiplex Slowloris where a client keeps connection-level activity high (any frame resets the connection idle timer) while pinning up to h2_max_concurrent_streams streams. Default: 30.

§h2_max_header_table_size: Option<u32>

Maximum HPACK dynamic table size (SETTINGS_HEADER_TABLE_SIZE) accepted from the peer. Caps the peer-advertised value to prevent unbounded HPACK encoder memory growth. Default: 65536.

§h2_graceful_shutdown_deadline_seconds: Option<u32>

Maximum wall-clock seconds to wait for in-flight H2 streams after GOAWAY(NO_ERROR) before forcibly closing the connection. Default: 5. Set to 0 to require streams to finish (no forced close).

§h2_max_window_update_stream0_per_window: Option<u32>

Maximum connection-level (stream 0) WINDOW_UPDATE frames per second window. Caps non-zero stream-0 WINDOW_UPDATE floods that would otherwise stay under the generic glitch counter (zero-increment stream-0 updates already trigger GOAWAY per RFC 9113 §6.9). Default: 100.

§sozu_id_header: Option<String>

Name of the correlation header Sozu injects into every request and response to carry the per-request ULID. Default: “Sozu-Id”. Operators who want to rebrand can set e.g. “X-Edge-Id” or “X-Request-Trace”.

§answers: BTreeMap<String, String>

Per-status HTTP answer template bodies, keyed by HTTP status code (e.g. “404”, “503”). Replaces the per-field shape of CustomHttpAnswers (field 21). The new field is populated alongside http_answers so legacy state files round-trip; new code should read this map.

§elide_x_real_ip: Option<bool>

When true, any client-supplied X-Real-IP header is stripped from requests before forwarding (anti-spoofing). Independently combinable with send_x_real_ip. Default: false.

§send_x_real_ip: Option<bool>

When true, a proxy-generated X-Real-IP header carrying the connection peer IP (post-PROXY-v2 unwrap, i.e. the original client IP) is appended to every forwarded request. Independently combinable with elide_x_real_ip. Default: false.

§hsts: Option<HstsConfig>

Listener-default HSTS (HTTP Strict Transport Security, RFC 6797) policy. When set, every successful response on this listener gains a Strict-Transport-Security header derived from the materialised policy (RFC 6797 §6.1 single-header requirement, §7.2 HTTPS-only emission, §8.1 host scope, §11.4 max-age=0 kill-switch). A per-frontend RequestHttpFrontend.hsts overrides this default.

Implementations§

Source§

impl HttpsListenerConfig

Source

pub fn versions( &self, ) -> FilterMap<Cloned<Iter<'_, i32>>, fn(i32) -> Option<TlsVersion>>

Returns an iterator which yields the valid enum values contained in versions.

Source

pub fn push_versions(&mut self, value: TlsVersion)

Appends the provided enum value to versions.

Source

pub fn certificate(&self) -> &str

Returns the value of certificate, or the default value if certificate is unset.

Source

pub fn key(&self) -> &str

Returns the value of key, or the default value if key is unset.

Source

pub fn h2_max_rst_stream_per_window(&self) -> u32

Returns the value of h2_max_rst_stream_per_window, or the default value if h2_max_rst_stream_per_window is unset.

Source

pub fn h2_max_ping_per_window(&self) -> u32

Returns the value of h2_max_ping_per_window, or the default value if h2_max_ping_per_window is unset.

Source

pub fn h2_max_settings_per_window(&self) -> u32

Returns the value of h2_max_settings_per_window, or the default value if h2_max_settings_per_window is unset.

Source

pub fn h2_max_empty_data_per_window(&self) -> u32

Returns the value of h2_max_empty_data_per_window, or the default value if h2_max_empty_data_per_window is unset.

Source

pub fn h2_max_continuation_frames(&self) -> u32

Returns the value of h2_max_continuation_frames, or the default value if h2_max_continuation_frames is unset.

Source

pub fn h2_max_glitch_count(&self) -> u32

Returns the value of h2_max_glitch_count, or the default value if h2_max_glitch_count is unset.

Source

pub fn h2_initial_connection_window(&self) -> u32

Returns the value of h2_initial_connection_window, or the default value if h2_initial_connection_window is unset.

Source

pub fn h2_max_concurrent_streams(&self) -> u32

Returns the value of h2_max_concurrent_streams, or the default value if h2_max_concurrent_streams is unset.

Source

pub fn h2_stream_shrink_ratio(&self) -> u32

Returns the value of h2_stream_shrink_ratio, or the default value if h2_stream_shrink_ratio is unset.

Source

pub fn h2_max_rst_stream_lifetime(&self) -> u64

Returns the value of h2_max_rst_stream_lifetime, or the default value if h2_max_rst_stream_lifetime is unset.

Source

pub fn h2_max_rst_stream_abusive_lifetime(&self) -> u64

Returns the value of h2_max_rst_stream_abusive_lifetime, or the default value if h2_max_rst_stream_abusive_lifetime is unset.

Source

pub fn h2_max_header_list_size(&self) -> u32

Returns the value of h2_max_header_list_size, or the default value if h2_max_header_list_size is unset.

Source

pub fn strict_sni_binding(&self) -> bool

Returns the value of strict_sni_binding, or the default value if strict_sni_binding is unset.

Source

pub fn disable_http11(&self) -> bool

Returns the value of disable_http11, or the default value if disable_http11 is unset.

Source

pub fn h2_stream_idle_timeout_seconds(&self) -> u32

Returns the value of h2_stream_idle_timeout_seconds, or the default value if h2_stream_idle_timeout_seconds is unset.

Source

pub fn h2_max_header_table_size(&self) -> u32

Returns the value of h2_max_header_table_size, or the default value if h2_max_header_table_size is unset.

Source

pub fn h2_max_rst_stream_emitted_lifetime(&self) -> u64

Returns the value of h2_max_rst_stream_emitted_lifetime, or the default value if h2_max_rst_stream_emitted_lifetime is unset.

Source

pub fn h2_graceful_shutdown_deadline_seconds(&self) -> u32

Returns the value of h2_graceful_shutdown_deadline_seconds, or the default value if h2_graceful_shutdown_deadline_seconds is unset.

Source

pub fn h2_max_window_update_stream0_per_window(&self) -> u32

Returns the value of h2_max_window_update_stream0_per_window, or the default value if h2_max_window_update_stream0_per_window is unset.

Source

pub fn sozu_id_header(&self) -> &str

Returns the value of sozu_id_header, or the default value if sozu_id_header is unset.

Source

pub fn elide_x_real_ip(&self) -> bool

Returns the value of elide_x_real_ip, or the default value if elide_x_real_ip is unset.

Source

pub fn send_x_real_ip(&self) -> bool

Returns the value of send_x_real_ip, or the default value if send_x_real_ip is unset.

Trait Implementations§

Source§

impl Clone for HttpsListenerConfig

Source§

fn clone(&self) -> HttpsListenerConfig

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for HttpsListenerConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for HttpsListenerConfig

Source§

fn default() -> HttpsListenerConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for HttpsListenerConfig

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<HttpsListenerConfig, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for HttpsListenerConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Hash for HttpsListenerConfig

Source§

fn hash<__H>(&self, state: &mut __H)
where __H: Hasher,

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl Message for HttpsListenerConfig

Source§

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.
Source§

fn clear(&mut self)

Clears the message, resetting all fields to their default.
Source§

fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>
where Self: Sized,

Encodes the message to a buffer. Read more
Source§

fn encode_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message to a newly allocated buffer.
Source§

fn encode_length_delimited( &self, buf: &mut impl BufMut, ) -> Result<(), EncodeError>
where Self: Sized,

Encodes the message with a length-delimiter to a buffer. Read more
Source§

fn encode_length_delimited_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.
Source§

fn decode(buf: impl Buf) -> Result<Self, DecodeError>
where Self: Default,

Decodes an instance of the message from a buffer. Read more
Source§

fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>
where Self: Default,

Decodes a length-delimited instance of the message from the buffer.
Source§

fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>
where Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self. Read more
Source§

fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>
where Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.
Source§

impl Ord for HttpsListenerConfig

Source§

fn cmp(&self, other: &HttpsListenerConfig) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 (const: unstable) · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 (const: unstable) · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 (const: unstable) · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl PartialEq for HttpsListenerConfig

Source§

fn eq(&self, other: &HttpsListenerConfig) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PartialOrd for HttpsListenerConfig

Source§

fn partial_cmp(&self, other: &HttpsListenerConfig) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 (const: unstable) · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 (const: unstable) · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 (const: unstable) · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 (const: unstable) · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl Serialize for HttpsListenerConfig

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for HttpsListenerConfig

Source§

impl StructuralPartialEq for HttpsListenerConfig

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Comparable<K> for Q
where Q: Ord + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn compare(&self, key: &K) -> Ordering

Compare self to key and return their ordering.
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Reset for T
where T: Default + Clone,

Source§

fn reset(&mut self)

Source§

impl<T> Reset for T
where T: Default + Clone,

Source§

fn reset(&mut self)

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,