tcp:
  bind:
    - 22
    - 80
    - 443
  modules:
    - type: forward
      ports:
        - 22
      address: '127.0.0.1:8022'

udp:
  bind:
    - 53
  modules:
    - type: forward
      ports:
        - 53
      port: 5353
      # default host is localhost


tls:
  modules:
    - type: proxy
      domains:
        - localhost.bar.daplie.me
        - localhost.foo.daplie.me
      address: '127.0.0.1:5443'
    - type: acme
      domains:
        - '*.localhost.daplie.me'
      email: 'guest@example.com'
      challenge_type: 'http-01'

http:
  trust_proxy: true
  allow_insecure: false
  primary_domain: localhost.daplie.me

  modules:
    - type: redirect
      domains:
        - localhost.beta.daplie.me
      status: 301
      from: /old/path/*/other/*
      to: /path/new/:2/something/:1
    - type: proxy
      domains:
        - localhost.daplie.me
      host: localhost
      port: 4000
    - type: static
      domains:
        - '*.localhost.daplie.me'
      root: '/srv/www/:hostname'

domains:
  - names:
      - localhost.gamma.daplie.me
    modules:
      tls:
        - type: proxy
          port: 6443
  - names:
      - beta.localhost.daplie.me
      - baz.localhost.daplie.me
    modules:
      tls:
        - type: acme
          email: 'owner@example.com'
          challenge_type: 'tls-sni-01'
          # default server is 'https://acme-v01.api.letsencrypt.org/directory'
      http:
        - type: redirect
          from: /nowhere/in/particular
          to: /just/an/example
        - type: proxy
          address: '127.0.0.1:3001'


mdns:
  disabled: false
  port: 5353
  broadcast: '224.0.0.251'
  ttl: 300

tunnel_server:
  secret: abc123
  servernames:
    - 'tunnel.localhost.com'

ddns:
  loopback:
    type: 'tunnel@oauth3.org'
    domain: oauth3.org
  tunnel:
    type: 'tunnel@oauth3.org'
    token: user_token_id
  modules:
    - type: 'dns@oauth3.org'
      token: user_token_id
      domains:
        - www.example.com
        - api.example.com
        - test.example.com