Environment Variables
rproxy is configured entirely through environment variables. No config files needed.
Server
| Variable | Default | Description |
|---|---|---|
RPROXY_LISTEN | 0.0.0.0:443 | Address and port to listen on |
RPROXY_HTTP_PORT | 80 | Port for HTTP→HTTPS redirect |
RPROXY_LOG_LEVEL | info | Log level: error, warn, info, debug, trace |
Upstream
| Variable | Default | Description |
|---|---|---|
RPROXY_UPSTREAM | 127.0.0.1:3000 | Backend server address |
RPROXY_UPSTREAM_TIMEOUT | 30 | Connection timeout in seconds |
TLS
| Variable | Default | Description |
|---|---|---|
RPROXY_TLS_DOMAINS | - | Domains for Let’s Encrypt (comma-separated) |
RPROXY_TLS_EMAIL | - | Email for Let’s Encrypt notifications |
RPROXY_TLS_CACHE_DIR | /var/lib/rproxy/certs | Directory for certificate storage |
Note: If RPROXY_TLS_DOMAINS is empty, TLS is disabled and the server runs HTTP only.
Rate Limiting
| Variable | Default | Description |
|---|---|---|
RPROXY_RATE_LIMIT_ENABLED | true | Enable rate limiting |
RPROXY_RATE_LIMIT | 100 | Requests per second per IP |
RPROXY_RATE_BURST | 200 | Maximum burst size |
Caching
| Variable | Default | Description |
|---|---|---|
RPROXY_CACHE_ENABLED | true | Enable response caching |
RPROXY_CACHE_SIZE | 500 | Maximum cache entries |
RPROXY_CACHE_PATHS | /_next/static/*,*.css,*.js | Paths to cache (comma-separated globs) |
Security
| Variable | Default | Description |
|---|---|---|
RPROXY_HSTS | true | Enable HSTS header |
RPROXY_FILTER_ENABLED | true | Enable path filtering |
RPROXY_BLOCKED_PATHS | /.env*,/.git*,/*.sql | Blocked paths (comma-separated globs) |
Default Security Headers
When enabled, rproxy adds these headers to all responses:
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-originWebSocket
| Variable | Default | Description |
|---|---|---|
RPROXY_WS_ENABLED | true | Enable WebSocket passthrough |
RPROXY_WS_PATHS | /_next/webpack-hmr,/ws/*,/socket.io/* | WebSocket paths (comma-separated) |
Example Configurations
Next.js Production
RPROXY_UPSTREAM=nextjs:3000
RPROXY_TLS_DOMAINS=myapp.com,www.myapp.com
RPROXY_TLS_EMAIL=admin@myapp.com
RPROXY_RATE_LIMIT=100
RPROXY_HSTS=true
RPROXY_CACHE_ENABLED=trueLocal Development
RPROXY_UPSTREAM=127.0.0.1:3000
RPROXY_TLS_DOMAINS=""
RPROXY_LISTEN=0.0.0.0:8080
RPROXY_LOG_LEVEL=debugHigh-Traffic API
RPROXY_UPSTREAM=api:8000
RPROXY_TLS_DOMAINS=api.myapp.com
RPROXY_RATE_LIMIT=500
RPROXY_RATE_BURST=1000
RPROXY_CACHE_ENABLED=false
RPROXY_WS_ENABLED=falseLast updated on