Forwarder Pac Server #
Usage: forwarder pac server --pac <file|url> [--protocol <http|https|h2>] [--address <host:port>] [flags]
Start HTTP server that serves a PAC file. You can start HTTP, HTTPS or H2 (HTTPS) server. The server may be protected by basic authentication. If you start an HTTPS server and you don’t provide a certificate, the server will generate a self-signed certificate on startup.
The PAC file can be specified as a file path or URL with scheme “file”, “http” or “https”. The PAC file must contain FindProxyForURL or FindProxyForURLEx and must be valid. Alerts are ignored.
Note: You can also specify the options as YAML, JSON or TOML file using --config-file
flag.
You can generate a config file by running forwarder pac server config-file
command.
Examples #
# HTTP server with basic authentication
forwarder pac server --pac pac.js --basic-auth user:pass
# HTTPS server with self-signed certificate
forwarder pac server --pac pac.js --protocol https --address localhost:80443
# HTTPS server with custom certificate
forwarder pac server --pac pac.js --protocol https --address localhost:80443 --tls-cert-file cert.pem --tls-key-file key.pem
Server options #
--address
#
- Environment variable:
FORWARDER_ADDRESS
- Value Format:
<host:port>
- Default value:
:8080
The server address to listen on. If the host is empty, the server will listen on all available interfaces.
--basic-auth
#
- Environment variable:
FORWARDER_BASIC_AUTH
- Value Format:
<username[:password]>
Basic authentication credentials to protect the server.
--idle-timeout
#
- Environment variable:
FORWARDER_IDLE_TIMEOUT
- Value Format:
<duration>
- Default value:
1h0m0s
The maximum amount of time to wait for the next request before closing connection.
--protocol
#
- Environment variable:
FORWARDER_PROTOCOL
- Value Format:
<http|https|h2>
- Default value:
http
The server protocol. For https and h2 protocols, if TLS certificate is not specified, the server will use a self-signed certificate.
--read-header-timeout
#
- Environment variable:
FORWARDER_READ_HEADER_TIMEOUT
- Value Format:
<duration>
- Default value:
1m0s
The amount of time allowed to read request headers.
--tls-cert-file
#
- Environment variable:
FORWARDER_TLS_CERT_FILE
- Value Format:
<path or base64>
TLS certificate to use if the server protocol is https or h2. Can be a path to a file or “data:” followed by base64 encoded certificate.
--tls-handshake-timeout
#
- Environment variable:
FORWARDER_TLS_HANDSHAKE_TIMEOUT
- Value Format:
<duration>
- Default value:
0s
The maximum amount of time to wait for a TLS handshake before closing connection. Zero means no limit.
--tls-key-file
#
- Environment variable:
FORWARDER_TLS_KEY_FILE
- Value Format:
<path or base64>
TLS private key to use if the server protocol is https or h2. Can be a path to a file or “data:” followed by base64 encoded key.
Proxy options #
-p, --pac
#
- Environment variable:
FORWARDER_PAC
- Value Format:
<path or URL>
- Default value:
file://pac.js
Proxy Auto-Configuration file to use for upstream proxy selection.
It can be a local file or a URL, you can also use ‘-’ to read from stdin.
The data URI scheme is supported, the format is data:base64,<encoded data>
.
DNS options #
--dns-round-robin
#
- Environment variable:
FORWARDER_DNS_ROUND_ROBIN
- Value Format:
<value>
- Default value:
false
If more than one DNS server is specified with the –dns-server flag, passing this flag will enable round-robin selection.
-n, --dns-server
#
- Environment variable:
FORWARDER_DNS_SERVER
- Value Format:
<ip>[:<port>]
DNS server(s) to use instead of system default. There are two execution policies, when more then one server is specified. Fallback: the first server in a list is used as primary, the rest are used as fallbacks. Round robin: the servers are used in a round-robin fashion. The port is optional, if not specified the default port is 53.
--dns-timeout
#
- Environment variable:
FORWARDER_DNS_TIMEOUT
- Value Format:
<duration>
- Default value:
5s
Timeout for dialing DNS servers. Only used if DNS servers are specified.
HTTP client options #
--cacert-file
#
- Environment variable:
FORWARDER_CACERT_FILE
- Value Format:
<path or base64>
Add your own CA certificates to verify against. The system root certificates will be used in addition to any certificates in this list. Can be a path to a file or “data:” followed by base64 encoded certificate. Use this flag multiple times to specify multiple CA certificate files.
--http-dial-timeout
#
- Environment variable:
FORWARDER_HTTP_DIAL_TIMEOUT
- Value Format:
<duration>
- Default value:
30s
The maximum amount of time a dial will wait for a connect to complete. With or without a timeout, the operating system may impose its own earlier timeout. For instance, TCP timeouts are often around 3 minutes.
--http-idle-conn-timeout
#
- Environment variable:
FORWARDER_HTTP_IDLE_CONN_TIMEOUT
- Value Format:
<duration>
- Default value:
1m30s
The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.
--http-response-header-timeout
#
- Environment variable:
FORWARDER_HTTP_RESPONSE_HEADER_TIMEOUT
- Value Format:
<duration>
- Default value:
0s
The amount of time to wait for a server’s response headers after fully writing the request (including its body, if any).This time does not include the time to read the response body. Zero means no limit.
--http-tls-handshake-timeout
#
- Environment variable:
FORWARDER_HTTP_TLS_HANDSHAKE_TIMEOUT
- Value Format:
<duration>
- Default value:
10s
The maximum amount of time waiting to wait for a TLS handshake. Zero means no limit.
--insecure
#
- Environment variable:
FORWARDER_INSECURE
- Value Format:
<value>
- Default value:
false
Don’t verify the server’s certificate chain and host name. Enable to work with self-signed certificates.
Logging options #
--log-file
#
- Environment variable:
FORWARDER_LOG_FILE
- Value Format:
<path>
Path to the log file, if empty, logs to stdout.
--log-http
#
- Environment variable:
FORWARDER_LOG_HTTP
- Value Format:
<none|short-url|url|headers|body|errors>,...
HTTP request and response logging mode. Setting this to none disables logging. The short-url mode logs [scheme://]host[/path] instead of the full URL. The error mode logs request line and headers if status code is greater than or equal to 500.
--log-level
#
- Environment variable:
FORWARDER_LOG_LEVEL
- Value Format:
<error|info|debug>
- Default value:
info
Log level.