default_cfg.lua at master · nilfinx.tngl.sh/LPLE

nilfinx.tngl.sh / LPLE
fork atom
LiquidProxy Lua Edition
fork atom
LPLE / default_cfg.lua
at master 131 lines 3.4 kB view raw
wrap content
nilfinx.tngl.sh Init directTCP, minor changes 10d ago
89d01b76
  1---@class config
  2local c = {
  3	---@type "none"|"error"|"warning"|"info"|"debug"
  4	log_level = "info",
  5
  6	-- Also logs UA for HTTP, format is like DATE | [DEBUG]  | CONNECT to HOST:IP by ClientIP (UA: User-Agent-Here)
  7	-- Fallback text is always `none`
  8	-- Note: around [DEBUG] has control characters, match by `CONNECT to` if you use reges
  9	log_ip = true, -- TODO for standard HTTP and also possibly others
 10
 11	-- Everything sits in certs dir
 12	key = "key.pem",
 13	cert = "cert.pem",
 14
 15	---@type table<string,table<string,integer|false>>
 16	-- set any to false to disable
 17	ports = {
 18		http = {
 19			plain = 51531,
 20			secure = 51532
 21		},
 22		imap = { -- TODO
 23			starttls = 51533,
 24			secure = 51534
 25		},
 26		smtp = { -- TODO
 27			starttls = 51535,
 28			secure = 51536,
 29		},
 30		xmpp = { -- TODO
 31			starttls = 51537,
 32			secure = 51538
 33		},
 34		directTCP = {
 35			--{"_xmpps-client._tcp.disroot.org", 51541} -- SRV record first, A record second
 36			--{"disroot.org", 51542} -- Always A record
 37		}
 38	},
 39
 40	---@alias ver "SSLv3"|"TLSv1"|"TLSv1.1"|"TLSv1.2"|"TLSv1.3"
 41	-- iPhoneOS/iOS
 42	--  3 TLSv1
 43	--  5.1? TLSv1.2
 44	-- Android
 45	-- fill me maybe
 46
 47	-- TLS/SSL version limits. min is immediately applied, while max is always latest. When handshake ends and the client supports something above max, the pipe will be killed.
 48	secure = {
 49		fail2ban_max_tries = 10,
 50		tls = {
 51			---@type ver
 52			-- min always cuts conection
 53			min = "TLSv1",
 54
 55			---@type ver
 56			max = "TLSv1.2",
 57
 58			key_length = 4096,
 59
 60			-- Instead of being a limit, use it to immediately pass auth
 61			pass_auth = true,
 62
 63			-- Request a client certificate to be used
 64			-- TODO
 65			request_cert = false,
 66		},
 67		mod = {
 68			http = {
 69				username = "lp",
 70				password = nil,
 71				-- Verify username if given, don't otherwise
 72				require_username = false,
 73				-- Ask for authentication on web UI or not
 74				webui_authenticate = true,
 75				-- HTTP1.1 or older = auth immediately
 76				httpver_auth = true
 77			},
 78			directTCP = {
 79				-- Require HTTP auth to pass on the IP before it gets allowed
 80				auth = true,
 81			}
 82		},
 83
 84		---@type table<string>
 85		-- all usernames below will be allowed to connect, if the list isn't empty. ALL OTHER ACCOUNTS ARE BLOCKED.
 86		-- Format is ["username@server"] = true.
 87		-- {["username@server"]=true}, etc. Add a `,` in end of each one before the next, like:
 88		-- {
 89		-- 	["u@s"] = true,
 90		-- 	["au@s"] = true
 91		-- }
 92		-- For XMPP, it is always username@example.com, but for mail, it could be username@example.com or username (not mail.example.com).
 93		username_whitelist = {
 94			--["johndoe@example.com"] = true,
 95			--["zechfelms-whatsapp-user-somehow-fuck-them"] = true,
 96			--["matrixsux"] = true
 97		}
 98	},
 99
100	mod = {
101		http = {
102			enabled = true,
103
104			-- Set http.webui or http.webui.hosts to nil to disable
105			webui = {
106				-- Body of when your request gets denied (either proxyless or fail2ban)
107				forbidden_response = "403 Forbidden",
108
109				---@type table<string>
110				hosts = {
111					"lp.r.e.a.l",
112					"lp.real.com",
113					"liquidproxy.r.e.a.l"
114				},
115
116				realm = "admin",
117
118				-- Allow www.<any of the hosts> because fuck world wide web
119				www_host = true,
120
121				-- Allow connection by hitting ip:port, not a specified webUI host through proxy
122				proxyless = false
123			},
124		},
125		directTCP = {
126			enabled = true,
127		}
128	},
129}
130
131return c