Skip to content
User65k edited this page Oct 10, 2021 · 5 revisions

Welcome to the flash_rust_ws wiki!

Configuration File

The FRWS config file is a TOML file consisting of a Server Config and a tree of virtual hosts and mount paths.

Example Config

This config will

  • bind on 127.0.0.1:443 using TLS and Let's Encrypt Certificates for example.com
  • change user and group to www-data
  • adjust logging
  • under /doc, serves authenticated users files from ./target/doc/
  • under /php, forward requests to *.php files to an FCGI Application while static files are served directly
  • under /py, forward requests to a Flup application via FCGI
  • but serves /py/static with JS and CSS files
  • under /dav, allow RW file access to /var/www/shared/ via webdav
  • everything that does not match will serve files from /var/www/
  • If the requested Host is api.example.com:
    • use TLS but a different Certificate
    • under /php-fpm, forward requests to a PHP-FPM application via FCGI
    • under /ws, forward websocket data to an Application binding on 127.0.0.1:1337
    • everything else - inluding the webroot (/) will get 403 Permission Denied
pidfile  = "/var/run/frws.pid" # Optional: Write PID to this file
# Optional: Change user after binding
user = "www-data"
group = "www-data"

# Optional: Change logging - See README for more
[log]
appenders.stdout = {kind = "console"}
root = {level = "info", appenders = ["stdout"]}

["example.com"]
ip = "127.0.0.1:443"
#validate_server_name = true # Optional: Match Host header against this vHost
dir = "/var/www/" # Optional: A mount point must match if omitted
tls.host.ACME = {uri="https://acme-staging-v02.api.letsencrypt.org/directory",cache_dir=".",contact=["mailto:[email protected]"]} # Optional: TLS via Let's Encrypt

["example.com".docs] # /docs/* will not go to /var/www/ but to ./target/doc/
dir = "target/doc/"
index = ["index.html"]
# Optional: Set some headers if they were not present before
header = {Referrer-Policy = "strict-origin-when-cross-origin", Feature-Policy = "microphone 'none'; geolocation 'none'"}
follow_symlinks = true # Optional: follow symlinks
auth = {type = "Digest", realm = "test", userfile = ".htdigest"}

["example.com".php] # /php/* will go to php-cgi via FastCGI
dir = "/opt/php/"
index = ["index.php"]
fcgi.sock = "127.0.0.1:9000" # TCP
fcgi.exec = ["php"] # check that the file exists and ends in .php
# Optional: If we don't want so serve everything else,
# we can limit what will be served to:
serve = ["css", "js", "png", "jpeg", "jpg"]
# PHP does not follow the CGI/1.1 spec, it needs SCRIPT_FILENAME set
# to do so:
fcgi.set_script_filename = true
# Optional: Start the FCGI App from here
fcgi.bin.path = "/usr/bin/php-cgi7.4"
fcgi.bin.environment = {PHP_FCGI_CHILDREN = "16", PHP_FCGI_MAX_REQUESTS = "10000"}
fcgi.bin.copy_environment = ["PATH", "SHELL", "USER"]

["example.com".py] # /py/* will go to flup via FastCGI
dir = "/opt/py/"
fcgi.sock = "/tmp/py.sock" # Unix Socket
# we don't check if the file actually exists. This is up to Python

["example.com"."py/static"] # /py/static/* will serve .js and .css files
dir = "/opt/py/static/"
serve = ["js", "css"]

["example.com".dav] # /dav is a WebDAV share and can be mounted as a Filesystem
root = "/var/www/shared/"

["api.example.com"]
ip = "127.0.0.1:443"
validate_server_name = true # Optional: Match Host header against this vHost
tls.host.Files = [{key = "./4kRsa.pem", cert = "./localhost.crt"}] # Optional: TLS with own Keymaterial

["api.example.com".php-fpm] # /php-fpm/* will go to php-cgi via FastCGI
fcgi.sock = "/var/run/php/php7.4-fpm.sock"
fcgi.set_script_filename = true

["api.example.com".ws] # /ws is a websocket...
assock = "127.0.0.1:1337" # that connects to a TCP socket
forward_header = true # and forwards the HTTP header from the request

Place the config file in one of these places:

  • ./config.toml
  • /etc/defaults/frws.toml
Clone this wiki locally