tcp:
  bind:
    - 22
    - 80
    - 443
  modules:
    - name: forward
      ports:
        - 22
      address: '127.0.0.1:8022'

# tunnel: jwt
# tunnel:
#   - jwt1
#   - jwt2

tunnel_server:
  secret: abc123
  servernames:
    - 'tunnel.localhost.com'

tls:
  acme:
    email: 'joe.shmoe@example.com'
    server: 'https://acme-staging.api.letsencrypt.org/directory'
    challenge_type: 'http-01'
    approved_domains:
      - localhost.baz.daplie.me
      - localhost.beta.daplie.me
  domains:
    - names:
        - localhost.gamma.daplie.me
      modules:
        - name: proxy
          address: '127.0.0.1:6443'
    - names:
        - beta.localhost.daplie.me
        - baz.localhost.daplie.me
      modules:
        - name: acme
          email: 'owner@example.com'
          challenge_type: 'tls-sni-01'
          # default server is 'https://acme-v01.api.letsencrypt.org/directory'
  modules:
    - name: proxy
      domains:
        - localhost.bar.daplie.me
        - localhost.foo.daplie.me
      address: '127.0.0.1:5443'
    - name: acme
      email: 'guest@example.com'
      challenge_type: 'http-01'
      domains:
        - foo.localhost.daplie.me
        - gamma.localhost.daplie.me


http:
  trust_proxy: true
  allow_insecure: false
  primary_domain: localhost.foo.daplie.me
  domains:
    - names:
        - localhost.baz.daplie.me
      modules:
        - name: redirect
          from: /nowhere/in/particular
          to: /just/an/example
        - name: proxy
          port: 3001

  modules:
    - name: redirect
      domains:
        - localhost.beta.daplie.me
      status: 301
      from: /old/path/*/other/*
      to: /path/new/:2/something/:1
    - name: proxy
      domains:
        - localhost.daplie.me
      host: localhost
      port: 4000
    - name: static
      domains:
        - '*.localhost.daplie.me'
      root: '/srv/www/:hostname'

mdns:
  disabled: false
  port: 5353
  broadcast: '224.0.0.251'
  ttl: 300