section.config.json Reference
Learn about the section.config.json file that is used to configure workloads on CloudFlow.
| Key | Value | Required | Description |
|---|---|---|---|
proxychain | obj[] | Yes | Array of module objects in the proxy chain. The first accepts the incoming request from the ingress and the last passes it to the egress. |
proxychain > name | string | No | Module directory name (e.g. varnish). |
proxychain > image | string | No | Module directory image (e.g. varnish:7.0.2). |
environments | obj | Yes | Environment objects. |
environments > <environment_name> | obj | Yes | Environment name (e.g. Production). |
environments > <environment_name> > origin | obj | Yes | Environment origin object used for handling incoming and outgoing HTTP traffic. |
environments > <environment_name> > origin > address | string | Yes | Origin address. Accepts a fully qualified domain name or an IP address (e.g. www.example.com or 123.456.789.10). |
environments > <environment_name> > origin > host_header | string | No | Host request header override. Forwards the value received from the client otherwise. |
environments > <environment_name> > origin > disable_keepalive | bool | No | Whether to disable persistent connections. |
environments > <environment_name> > origin > http_port | 80, 443, 5080, 5443, 8080, or 8443int | No | HTTP port override. Default is 80. |
environments > <environment_name> > origin > https_port | 80, 443, 5080, 5443, 8080, or 8443int | No | HTTPS port override. Default is 443. |
environments > <environment_name> > origin > upstream_response_timeout_seconds | 1-600int | No | The number of seconds that egress waits for a response from the origin before a timeout. Default is 120. |
environments > <environment_name> > origin > keepalive_seconds | 1-240int | No | The number of seconds that a persistent connection should remain open. Idle connections will be closed after 60 seconds otherwise. |
environments > <environment_name> > origin > tls_name | string | No | Server name override passed through SNI when establishing a connection, which is used to verify the certificate of the upstream HTTPS server. |
environments > <environment_name> > origin > enable_sni | bool | No | Whether to pass the server name through TLS/SNI when establishing a connection with the upstream HTTPS server. |
environments > <environment_name> > origin > verify_certificate | bool | No | Whether to verify the upstream HTTPS server certificate. |
environments > <environment_name> > origin > proxy_acme_challenge | bool | No | Whether to pass the DNS ACME challenge certificate. |
environments > <environment_name> > origin > remove_request_headers | string[] | No | Array of request headers to remove. |
environments > <environment_name> > non_https_response_code | 301, 302, 303, 307, 308, 400, or 409string | No | Response code to return if an HTTP request is made. Redirect-related response codes will have the Location response header added. |
environments > <environment_name> > ip_blacklist | string[] | No | Array of IPv4 addresses to block at the edge proxy. |
environments > <environment_name> > alternate_origins | obj | No | Object containing alternate origin objects. |
environments > <environment_name> > alternate_origins > <alternate_origin_name> | obj | No | Alternate origin object that can contain a subset of the values of the origin object. In order for egress to route requests to the alternate origin, the Section-Origin request header must be set with a value matching the <alternate_origin_name>. |
section.config.json Example
section.config.json
{
"proxychain": [
{
"name": "openresty",
"image": "openresty:latest"
},
{
"name": "varnish",
"image": "varnish:7.0.2"
}
],
"environments": {
"Production": {
"origin": {
"address": "123.456.789.10",
"host_header": "www.example.com",
"disable_keepalive": false,
"http_port": 80,
"https_port": 443,
"upstream_response_timeout_seconds": 120,
"keepalive_seconds": 60,
"tls_name": "example",
"enable_sni": true,
"verify_certificate": false,
"proxy_acme_challenge": false,
"remove_request_headers": [
"X-Forwarded-For"
]
},
"non_https_response_code": "302",
"ip_blacklist": [
"234.567.89.10"
],
"alternate_origins": {
"status": {
"address": "123.456.789.11",
"host_header": "status.example.com",
"disable_keepalive": false,
"http_port": 80,
"https_port": 443,
"keepalive_seconds": 60,
"tls_name": "example",
"proxy_acme_challenge": false
}
}
}
}
}