# ============================================================================== # MasterHttpRelayVPN - Server Configuration # ------------------------------------------------------------------------------ # This file controls the Go relay server that receives encrypted HTTP batches, # decrypts them, manages client sessions, and talks to upstream targets. # Each option below includes: # - purpose # - default value used by the code when omitted # - allowed values or constraints # ------------------------------------------------------------------------------ # Notes: # - String values must stay inside quotes. # - Time values here are in milliseconds unless stated otherwise. # - Size values here are in bytes. # ============================================================================== # ============================================================================== # SECURITY # ------------------------------------------------------------------------------ # AES_ENCRYPTION_KEY: # Shared symmetric key used to decrypt incoming client batches and encrypt responses. # This value must match the client configuration exactly. # Default: none, required # Allowed: any non-empty string AES_ENCRYPTION_KEY = "c4710a45afed2fdc00e0522c70802e71" # ============================================================================== # SERVER LISTEN ADDRESS # ------------------------------------------------------------------------------ # SERVER_HOST: # Interface/address that the Go relay server binds to. # Default: "127.0.0.1" # Allowed: any valid bind host/IP SERVER_HOST = "127.0.0.1" # SERVER_PORT: # TCP port used by the relay HTTP server. # Default: 28080 # Allowed: integer 1..65535 SERVER_PORT = 28080 # ============================================================================== # LOGGING # ------------------------------------------------------------------------------ # LOG_LEVEL: # Controls server log verbosity. # Default: "INFO" # Allowed in practice by logger: "DEBUG", "INFO", "WARN", "ERROR" LOG_LEVEL = "DEBUG" # ============================================================================== # TRANSPORT / PROTOCOL LIMITS # ------------------------------------------------------------------------------ # MAX_CHUNK_SIZE: # Maximum chunk size expected by the protocol for upstream-to-client packetization. # This should stay aligned with the client side to avoid shape mismatches. # Default: 16384 (16 KiB) # Allowed: integer >= 1 MAX_CHUNK_SIZE = 16384 # MAX_PACKETS_PER_BATCH: # Maximum number of response packets the server may include in one response batch. # Default: 32 # Allowed: integer >= 1 MAX_PACKETS_PER_BATCH = 32 # MAX_BATCH_BYTES: # Maximum response payload bytes the server may drain into one response batch. # Must be >= MAX_CHUNK_SIZE. # Default: 262144 (256 KiB) # Allowed: integer >= MAX_CHUNK_SIZE MAX_BATCH_BYTES = 262144 # WORKER_COUNT: # Shared protocol tuning value kept for config symmetry with the client. # The current server code does not spin sender workers from this value, but the # parser still supports it and the shared validation requires it. # Default: 4 # Allowed: integer >= 1 WORKER_COUNT = 4 # ============================================================================== # SESSION / STREAM LIFECYCLE # ------------------------------------------------------------------------------ # SESSION_IDLE_TIMEOUT_MS: # If a client session has no remaining SOCKS states and stays idle longer than # this timeout, the whole session is removed from memory. # Default: 300000 (5 minutes) # Allowed: integer >= 1 SESSION_IDLE_TIMEOUT_MS = 300000 # SOCKS_IDLE_TIMEOUT_MS: # If an individual SOCKS/upstream state stays idle longer than this timeout, the # server closes the upstream connection and removes that state. # Default: 120000 (2 minutes) # Allowed: integer >= 1 SOCKS_IDLE_TIMEOUT_MS = 120000 # ============================================================================== # BODY / QUEUE SAFETY LIMITS # ------------------------------------------------------------------------------ # READ_BODY_LIMIT_BYTES: # Maximum allowed HTTP request body size accepted by the server before rejection. # Must be >= MAX_CHUNK_SIZE. # Default: 2097152 (2 MiB) # Allowed: integer >= MAX_CHUNK_SIZE READ_BODY_LIMIT_BYTES = 2097152 # MAX_SERVER_QUEUE_BYTES: # Maximum queued outbound payload bytes per SOCKS state on the server side. # Prevents unbounded memory growth if the client is slow to poll or receive. # Must be >= MAX_CHUNK_SIZE. # Default: 2097152 (2 MiB) # Allowed: integer >= MAX_CHUNK_SIZE MAX_SERVER_QUEUE_BYTES = 2097152 # REORDER_TIMEOUT_MS: # Maximum time an out-of-order inbound packet may stay buffered waiting for a gap. # If the gap is not resolved in time, the server resets that SOCKS state. # Default: 5000 # Allowed: integer >= 1 REORDER_TIMEOUT_MS = 5000 # MAX_REORDER_BUFFER_PACKETS: # Maximum number of out-of-order inbound packets buffered per SOCKS state. # If exceeded, the server resets that SOCKS state to cap memory usage. # Default: 128 # Allowed: integer >= 1 MAX_REORDER_BUFFER_PACKETS = 128 # ==============================================================================