Configuring Configu Proxy

You can configure the Configu Proxy server using environment variables. The following environment variables are available:

CONFIGU_CONFIG
string
required

The (absolute) file path of the .configu configuration file. CONFIGU_CONFIGURATION can also be used.

CONFIGU_HTTP_PORT
number
default:"8080"

The host port to serve the HTTP server on.

CONFIGU_HTTP_TLS_ENABLED
boolean
default:"false"

Enables or disables transport layer security (TLS). - The CONFIGU_HTTP_TLS_CERT and CONFIGU_HTTP_TLS_KEY environment variables are required when CONFIGU_HTTP_TLS_ENABLED is set to true.

CONFIGU_HTTP_TLS_CERT
string

The (absolute) file path of the certificate to use for the TLS connection.

CONFIGU_HTTP_TLS_KEY
string

The (absolute) file path of the TLS key that should be used for the TLS connection.

CONFIGU_AUTH_ENABLED
boolean
default:"false"

Enables or disables the authentication mechanism. - The CONFIGU_AUTH_PRESHARED_KEYS environment variable is required when CONFIGU_AUTH_ENABLED is set to true.

CONFIGU_AUTH_PRESHARED_KEYS
string

Comma-separated list of pre-shared keys that are allowed to make requests to the server.

CONFIGU_PUBLIC_URL
string
default:"http://localhost:8080"

The public URL of the server.

CONFIGU_HTTP_ALLOWED_ORIGINS
string
default:"*"

Comma-separated list of origins that are allowed to make requests to the server.

CONFIGU_HTTP_TRUST_PROXY
boolean
default:"false"

Enables or disables the trust proxy setting.

CONFIGU_LOG_ENABLED
boolean
default:"true"

Enables or disables request logging.

CONFIGU_DOCS_ENABLED
boolean
default:"true"

Enables or disables the API reference documentation route at /docs.

Production Best Practices

For production environments, it is recommended to:

  • Enable authentication using pre-shared keys. CONFIGU_AUTH_ENABLED=true and CONFIGU_AUTH_PRESHARED_KEYS=key1,key2.
  • Disable request logging. CONFIGU_LOG_ENABLED=false.
  • Disable the API reference documentation route at /docs. CONFIGU_DOCS_ENABLED=false.
  • Enable transport layer security (TLS) and use a valid certificate from a trusted certificate authority (CA). CONFIGU_HTTP_TLS_ENABLED=true, CONFIGU_HTTP_TLS_CERT=/path/to/cert.pem, and CONFIGU_HTTP_TLS_KEY=/path/to/key.pem.
  • Use a reverse proxy like Nginx, Caddy, Traefik or HAProxy to handle TLS termination and load balancing. CONFIGU_HTTP_TRUST_PROXY=true.

Generating a Self-Signed Certificate

For development purposes, you can generate a self-signed certificate

Using OpenSSL:

openssl req -x509 -newkey rsa:4096 -nodes -sha256 -subj '/CN=localhost' -keyout server.key -out server.crt

Using mkcert:

mkcert --install
mkcert -key-file server.key -cert-file server.crt localhost

Running Configu Proxy

Using Docker

You can run the Configu Proxy server using Docker. The following command starts the server:

docker run --rm --init \
  -v /path/to/.configu:/config/.configu \
  -e CONFIGU_CONFIG=/config/.configu \
  -p 8080:8080 \
  configu/proxy

Replace /path/to/.configu with the path to your .configu configuration file.

Here is an example configuration for running the Configu Proxy server on different port with authentication and TLS enabled:

docker run --rm --init \
  -v /path/to/.configu:/config/.configu \
  -v /path/to/certs:/config/certs \
  -e CONFIGU_HTTP_PORT=3000 \
  -e CONFIGU_AUTH_ENABLED=true -e CONFIGU_AUTH_PRESHARED_KEYS=token \
  -e CONFIGU_HTTP_TLS_ENABLED=true -e CONFIGU_HTTP_TLS_CERT=/config/certs/localhost.pem -e CONFIGU_HTTP_TLS_KEY=/config/certs/localhost-key.pem \
  -e CONFIGU_CONFIG=/config/.configu \
  -p 3000:3000 \
  configu/proxy

Replace /path/to/.configu with the path to your .configu configuration file and /path/to/certs with the path to your certificate and key files.

Using Docker Compose

You can use Docker Compose to run the Configu Proxy server. Here is an example configuration:

docker-compose.yml
version: '3'
services:
  configu-proxy:
    image: configu/proxy:latest
    ports:
      - '8080:8080'
    volumes:
      - /path/to/.configu:/config/.configu
    environment:
      CONFIGU_CONFIG: '/config/.configu'

Replace /path/to/.configu with the path to your .configu configuration file.

Run the following command to start the server:

docker-compose up

Using Kubernetes

You can deploy the Configu Proxy server on Kubernetes using a Deployment and a Service. Here is an example configuration:

configu-proxy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: configu-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: configu-proxy
  template:
    metadata:
      labels:
        app: configu-proxy
    spec:
      containers:
        - name: configu-proxy
          image: configu/proxy
          ports:
            - containerPort: 8080
          volumeMounts:
            - name: configu-config
              mountPath: /config
              readOnly: true
          env:
            - name: CONFIGU_CONFIG
              value: '/config/.configu'
          volumes:
            - name: configu-config
              configMap:
                name: configu-config
---
apiVersion: v1
kind: Service
metadata:
  name: configu-proxy
spec:
  type: LoadBalancer
  ports:
    - port: 443
      targetPort: 8080
      protocol: TCP
  selector:
    app: configu-proxy

Create a ConfigMap with your .configu configuration file:

kubectl create configmap configu-config --from-file=/path/to/.configu

Replace /path/to/.configu with the path to your .configu configuration file.

Apply the configuration:

kubectl apply -f configu-proxy.yaml

Verify the deployment:

kubectl get pods -l app=configu-proxy
kubectl get svc -l app=configu-proxy

Using Helm

This section is under construction and will be ready soon. Thanks for your patience! 🚧