Configuration Reference
Avalon uses TOML format configuration files. This document details all available configuration options.
Configuration Structure
[global] # Global settings
[tls] # TLS/HTTPS settings
[[servers]] # Server configuration (array)
[global] Global Settings
| Option | Type | Default | Description |
|---|
log_level | string | "info" | Log level: trace, debug, info, warn, error |
admin_listen | string | "localhost:2019" | Admin API listen address |
access_log | string | - | Access log file path |
access_log_format | string | "common" | Log format: common, json, combined |
[global.compression] Compression Settings
| Option | Type | Default | Description |
|---|
enabled | bool | true | Enable response compression |
gzip | bool | true | Enable gzip |
brotli | bool | true | Enable brotli |
min_size | int | 1024 | Minimum compression size (bytes) |
level | int | 6 | Compression level (gzip: 1-9, brotli: 0-11) |
[global.cache] Cache Settings
| Option | Type | Default | Description |
|---|
enabled | bool | false | Enable response caching |
default_ttl | int | 300 | Default cache time (seconds) |
max_entry_size | int | 10485760 | Max single cache entry size (10MB) |
max_cache_size | int | 104857600 | Max total cache size (100MB) |
[tls] TLS Settings
| Option | Type | Default | Description |
|---|
email | string | - | ACME account email (required if ACME enabled) |
acme_enabled | bool | true | Enable ACME auto certificates |
acme_ca | string | Let's Encrypt | ACME CA URL or provider name |
storage_path | string | "./certs" | Certificate storage directory |
cert_path | string | - | Manual certificate file path |
key_path | string | - | Manual private key file path |
ACME CA options:
letsencrypt - Let's Encrypt (default)le-staging - Let's Encrypt stagingzerossl - ZeroSSLbuypass - Buypassgoogle - Google Trust Services
[[servers]] Server Configuration
| Option | Type | Default | Description |
|---|
name | string | "default" | Server name (for logging) |
listen | array | - | Listen addresses (required) |
https_redirect | bool | false | Auto redirect HTTP to HTTPS |
Handler Types
reverse_proxy
[servers.routes.handle]
type = "reverse_proxy"
upstreams = ["127.0.0.1:3000", "127.0.0.1:3001"]
load_balancing = "round_robin"
timeout = 30
Load balancing strategies:
round_robin - Round robinrandom - Randomleast_conn - Least connectionsip_hash - IP hashfirst - Always use first
file_server
[servers.routes.handle]
type = "file_server"
root = "/var/www/html"
browse = false
index = ["index.html", "index.htm"]
compress = true
static_response
[servers.routes.handle]
type = "static_response"
status = 200
body = "Hello, World!"
[servers.routes.handle.headers]
Content-Type = "text/plain"
redirect
[servers.routes.handle]
type = "redirect"
to = "https://example.com{uri}"
code = 301
Authentication
Basic Auth
[servers.routes.handle.auth]
realm = "Protected Area"
[[servers.routes.handle.auth.basic]]
username = "admin"
password = "password123"
API Key Auth
[[servers.routes.handle.auth.api_keys]]
key = "sk-xxxx"
name = "production"
source = "header"
param_name = "X-API-Key"
JWT Auth
[servers.routes.handle.auth.jwt]
secret = "your-secret-key"
algorithm = "HS256"
header = "Authorization"
CORS
[servers.routes.handle.cors]
allowed_origins = ["https://example.com"]
allowed_methods = ["GET", "POST", "PUT", "DELETE"]
allowed_headers = ["Content-Type", "Authorization"]
allow_credentials = true
max_age = 3600