examples/conf/example.full.yaml

#
# Trickster 2.0 Example Configuration File - Exhaustive
#
# To use this, run: trickster -config /path/to/example.full.yaml
#
# This file contains descriptions and examples for all
# Trickster configuration options. More documentation is
# available at https://github.com/trickstercache/trickster/docs/
#
# Optional configs are commented out, required configs are uncommented
# and set to common values that let you try it out with Prometheus
#
# Copyright 2018 The Trickster Authors
#

# main:
#   # instance_id allows you to run multiple Trickster processes on the same host and log to separate files
#   # Useful for baremetal, not so much for elastic deployments, so only uncomment if you really need it
#   # default is 0, which means ignored
#   instance_id: 0

#   # config_handler_path provides the HTTP path to view a read-only printout of the running configuration
#   # which can be reached at http://your-trickster-endpoint:port/$config_handler_path
#   # default is /trickster/config
#   config_handler_path: /trickster/config

#   # ping_handler_path provides the HTTP path you will use to perform an uptime health check against Trickster
#   # which can be reached at http://your-trickster-endpoint:port/$ping_handler_path
#   # default is /trickster/ping
#   ping_handler_path: /trickster/ping

#   # health_handler_path provides the HTTP path prefix you will use to perform an uptime health check against
#   # configured Trickster backends via http://trickster/$health_handler_path/$backend_name
#   # default is /trickster/health. Set to empty string to fully disable upstream health checking
#   health_handler_path: /trickster/health

#   # pprof_server provides the name of the http listener that will host the pprof debugging routes
#   # Options are: "metrics", "reload", "both", or "off"; default is both
#   pprof_server: both

#   # server_name provides the name of this server instance, used to self-identfy in Via and other Forwarding headers
#   # server_name defaults to os.Hostname() when left blank
#   server_name: ''

# Configuration options for the Trickster Frontend
frontend:

  # listen_port defines the port on which Tricksters Front-end HTTP Proxy server listens.
  listen_port: 8480

#   # listen_address defines the ip on which Tricksters Front-end HTTP Proxy server listens.
#   # empty by default, listening on all interfaces
#   listen_address: ''

#   # tls_listen_address defines the ip on which Tricksters Front-end TLS Proxy server listens.
#   # empty by default, listening on all interfaces
#   tls_listen_address: ''

#   # tls_listen_port defines the port on which Tricksters Front-end TLS Proxy server listens.
#   # The default is 0, which means TLS is not used, even if certificates are configured below.
#   tls_listen_port: 0

#   # connections_limit defines the maximum number of concurrent connections
#   # Tricksters Proxy server may handle at any time.
#   # 0 by default, unlimited.
#   connections_limit: 0

# caches:
#   default:
#     # provider defines what kind of cache Trickster uses
#     # options are bbolt, badger, filesystem, memory, and redis
#     # The default is memory.
#     provider: memory

#     ## Configuration options for the Cache Index
#     # The Cache Index handles key management and retention for bbolt, filesystem and memory
#     # Redis and BadgerDB handle those functions natively and does not use the Tricksters Cache Index
#     index:
#       # reap_interval_ms defines how long the Cache Index reaper sleeps between reap cycles. Default is 3 (3s)
#       reap_interval_ms: 3000
#       # flush_interval_ms sets how often the Cache Index saves its metadata to the cache from application memory. Default is 5 (5s)
#       flush_interval_ms: 5000
#       # max_size_bytes indicates how large the cache can grow in bytes before the Index evicts least-recently-accessed items. default is 512MB
#       max_size_bytes: 536870912
#       # max_size_backoff_bytes indicates how far below max_size_bytes the cache size must be to complete a byte-size-based eviction exercise. default is 16MB
#       max_size_backoff_bytes: 16777216
#       # max_size_objects indicates how large the cache can grow in objects before the Index evicts least-recently-accessed items. default is 0 (infinite)
#       max_size_objects: 0
#       # max_size_backoff_objects indicates how far under max_size_objects the cache size must be to complete object-size-based eviction exercise. default is 100
#       max_size_backoff_objects: 100

#     ## Configuration options when using a Redis Cache
#     redis:
#       # client_type indicates which kind of Redis client to use. Options are: standard, cluster and sentinel
#       # default is standard
#       client_type: standard

#       ## Supported by Redis (standard) #####################################
#       ## These configurations are ignored by Redis Sentinel and Redis Cluster
#       ##
#       # endpoint defines the fqdn+port or path to a unix socket file for connecting to redis
#       # default is redis:6379
#       endpoint: redis:6379

#       ## Supported by Redis Cluster and Redis Sentinel #####################
#       ## These configurations are ignored by Redis (standard)
#       ##
#       # endpoints is used for Redis Cluster and Redis Sentinel to define a list of endpoints
#       # default is [redis:6379]
#       endpoints:
#       - redis:6379
      
#       ## Supported by Redis Sentinel #######################################
#       ## These configurations are ignored by Redis (standard) and Redis Cluster
#       ##
#       # sentinel_master should be set when using Redis Sentinel to indicate the Master Node
#       sentinel_master: ''
      
#       ## Supported by all Redis Client Types ###############################
#       ## See the go-redis documentation at https://github.com/go-redis/redis/blob/master/options.go
#       ## for more information on tuning these settings

#       # protocol defines the protocol for connecting to redis (unix or tcp). tcp is default
#       protocol: tcp
#       # password provides the redis password. default is empty string ''
#       password: ''
#       # db is the Database to be selected after connecting to the server. default is 0
#       db: 0
#       # max_retries is the maximum number of retries before giving up on the command
#       max_retries: 0
#       # min_retry_backoff_ms is the minimum backoff time between each retry
#       min_retry_backoff_ms: 8
#       # max_retry_backoff_ms is the maximum backoff time between each retry
#       max_retry_backoff_ms: 512
#       # dial_timeout_ms is the timeout for establishing new connections
#       dial_timeout_ms: 5000
#       # read_timeout_ms is the timeout for socket reads. If reached, commands will fail with a timeout instead of blocking.
#       read_timeout_ms: 3000
#       # write_timeout_ms is the timeout for socket writes. If reached, commands will fail with a timeout instead of blocking.
#       write_timeout_ms: 3000
#       # pool_size is the maximum number of socket connections.
#       pool_size: 20
#       # min_idle_conns is the minimum number of idle connections which is useful when establishing new connection is slow.
#       min_idle_conns: 0
#       # max_conn_age_ms is the connection age at which client retires (closes) the connection.
#       max_conn_age_ms: 0
#       # pool_timeout_ms is the amount of time client waits for connection if all connections are busy before returning an error.
#       pool_timeout_ms: 4000
#       # idle_timeout_ms is the amount of time after which client closes idle connections.
#       idle_timeout_ms: 300000
#       # idle_check_frequency_ms is the frequency of idle checks made by idle connections reaper.
#       idle_check_frequency_ms: 60000

#     ## Configuration options when using a Filesystem Cache ###############
#     filesystem:
#       # cache_path defines the directory location under which the Trickster cache will be maintained
#       # default is /tmp/trickster
#       cache_path: /tmp/trickster

#     ## Configuration options when using a bbolt Cache ####################
#     bbolt:
#       # filename defines the file where the Trickster cache will be maintained
#       # default is trickster.db
#       filename: trickster.db
#       # bucket defines the name of the bbolt bucket (similar to a namespace) under which our key value store lives
#       # default is trickster
#       bucket: trickster

#     ## Configuration options when using a Badger cache ###################
#     badger:
#       # directory defines the directory location under which the Badger data will be maintained
#       # default is /tmp/trickster
#       directory: /tmp/trickster
#       # value_directory defines the directory location under which the Badger value log will be maintained
#       # default is /tmp/trickster
#       value_directory: /tmp/trickster

#     ## Configuration options when using cache chunking ###################
#     # Determines if cache chunking should be used. The following two options have no effect if false. Default value is false.
#     use_cache_chunking: true
#     # Determines the size of cache chunks that store timeseries data.
#     # Timeseries chunks are split by *duration*, not by literal size; the factor determines how large these chunks are
#     # based on the timestep of the provided query. Default value is 420.
#     timeseries_chunk_factor: 420
#     # Determines the size of cache chunks that store byterange data.
#     # Byterange chunks are split by literal size in bytes. Default value is 4096.
#     byterange_chunk_size: 4096

#   # Example of a second cache, sans comments, that backend configs below could use with: cache_name: bbolt_example
  
#   bolt_example:
#     provider: bbolt
#     bbolt:
#       filename: trickster.db
#       bucket: trickster

#     index:
#       reap_interval_ms: 3000
#       flush_interval_ms: 5000
#       max_size_bytes: 536870912
#       size_backoff_bytes: 16777216

# # Negative Caching Configurations
# # A Negative Cache is a map of HTTP Status Codes that are cached for the specified duration,
# # used for temporarily caching failures (e.g., 404s for 10 seconds)
# #
# # By default, each Origin Configuration maps to the default negative cache which you can
# # configure below, or can define your own negative caches, and specify them in your backend configs.
# # See /docs/negative-caching.md for more info.
# #

# negative_caches:
#   # default:
#   # The default negative cache config, mapped by all backends by default,
#   # is empty unless you populate it. Update it by adding entries here in the format of:
#   # "code": ttl_in_ms

# #  Heres a pre-populated negative cache config ready to be uncommented and used in an backend config
# #  The general negative cache config will cache common failure response codes for 3 seconds
#   general:
#     "400": 3000
#     "404": 3000
#     "500": 3000
#     "502": 3000

# Configuration options for mapping Origin(s)
backends:

  # example backend named default. default is always created with these settings unless a different backend is defined here.
  # access this backend via http[s]://trickster-fqdn/default/ unless path_routing_disabled is true
  default:

    # provider identifies the backend provider.
    # Valid options are: prometheus, influxdb, clickhouse, irondb, reverseproxycache (or just rpc)
    # provider is a required configuration value
    provider: prometheus

    # for prometheus backends, you can configure label injection as follows:
    # prometheus:
    #   labels:
    #     labelname: value

    # origin_url provides the base upstream URL for all proxied requests to this origin.
    # it can be as simple as http://example.com or as complex as https://example.com:8443/path/prefix
    # origin_url is a required configuration value
    origin_url: http://prometheus:9090

    # is_default describes whether this backend is the default backend considered when routing http requests
    # it is false, by default; but if you only have a single backend configured, is_default will be true unless explicitly set to false
    is_default: true

#     # hosts indicates which FQDNs requested by the client should route to this Origin (in addition to path-based routing)
#     # if you are using TLS, all FQDNs should be included in the certfiicate common names to avoid insecure warnings to clients
#     # default setting is empty list. List format is: hosts: [ 1.example.com, 2.example.com ]
#     hosts: []

#     # cache_name identifies the name of the cache (configured above) that you want to use with this backend. default is default
#     cache_name: default

#     # forwarded_headers indicates whether Trickster should use Forwarded, X-Forwarded-*
#     # or no forwarded headers when communicating with backends. A Via header is always sent,
#     # regardless of this values setting.
#     # Options are standard, x, both, or none; default is standard
#     forwarded_headers: standard

#     # cache_key_prefix defines the prefix this backend appends to cache keys. When using a shared cache like Redis,
#     # this can help partition multiple trickster instances that may have the same same hostname or ip address (the default prefix)
#     cache_key_prefix: example

#     # negative_cache_name identifies the name of the negative cache (configured above) to be used with this backend. default is default
#     negative_cache_name: default

#     # path_routing_disabled will prevent the backend from being accessible via /backend_name/ path to Trickster. Disabling this requires
#     # the backend to have hosts configured (see below) or be the target of a rule backend, or it will be unreachable.
#     # default is false
#     path_routing_disabled: false

#     # rule_name provides the name of the rule config to be used by this backend.
#     # This is only effective if the provider is rule
#     rule_name: example-rule

#     # req_rewriter_name is the name of a configured rewriter (in the request_rewriters key) that modifies the request prior to
#     # processing by the backend client
#     req_rewriter_name: example-rewriter

#     # tracing_name selects the distributed tracing configuration (crafted below) to be used with this backend. default is default
#     tracing_name: default

#     # dearticulate_upstream_ranges, when true, instructs Trickster to make multiple parallel requests to the backend for each
#     # range needed to fulfill the client request, rather than making a multipart range request. default is false
#     # This setting applies only to object request byte ranges and not time series requests (they are always dearticulated)
#     dearticulate_upstream_ranges: false

#     # multipart_ranges_disabled, when true, instructs Trickster to return the full object when the client provides
#     # a multipart range request. This setting applies only to object request byte ranges and not time series requests.
#     # The default is false.
#     multipart_ranges_disabled: false

#     # compressable_types defines the Content Types that will be compressed when stored in the Trickster cache
#     # reasonable defaults are set, so use this with care. To disable compression, set compressable_types: []
#     # Default list is provided here:
#     compressable_types:
#     - text/javascript, text/css, text/plain, text/xml, text/json, application/json, application/javascript, application/xml ]

#     # timeout_ms defines how long Trickster will wait before aborting and upstream http request. Default: 180s
#     timeout_ms: 180000

#     # keep_alive_timeout_ms defines how long Trickster will wait before closing a keep-alive connection due to inactivity
#     # if the origins keep-alive timeout is shorter than Tricksters, the connect will be closed sooner. Default: 300
#     keep_alive_timeout_ms: 300000

#     # max_idle_conns set the maximum concurrent keep-alive connections Trickster may have opened to this backend
#     # additional requests will be queued. Default: 20
#     max_idle_conns: 20

#     # max_ttl_ms defines the maximum allowed TTL for any object cached for this backend. default is 86400
#     max_ttl_ms: 86400000

#     # revalidation_factor is the multiplier for object lifetime expiration to determine cache object TTL; default is 2
#     # for example, if a revalidatable object has Cache-Control: max-age=300, we will cache for 10 minutes (300s * 2)
#     # so there is an opportunity to revalidate
#     revalidation_factor: 2.0

#     # max_object_size_bytes defines the largest byte size an object may be before it is uncacheable due to size. default is 524288 (512k)
#     max_object_size_bytes: 524288

#     # These next 7 settings only apply to Time Series backends

#     # backfill_tolerance_ms prevents new datapoints that fall within the tolerance window (relative to time.Now) from being permanently
#     # cached. Think of it as "the newest N milliseconds of real-time data are preliminary and subject to updates, so refresh them periodically"
#     # default is 0
#     backfill_tolerance_ms: 0

#     # backfill_tolerance_points works like the _ms version, except the methodology is based on # of intervaled timestamps (points) in the series
#     # instead of a relative time. You can set both values and the one impacting the most number of elements in the time series takes precedence
#     backfill_tolerance_points: 0

#     # timeseries_retention_factor defines the maximum number of recent timestamps to cache for a given query. Default is 1024
#     timeseries_retention_factor: 1024

#     # timeseries_ttl_ms defines the relative expiration of cached timeseries. default is 6 hours (21600 seconds)
#     timeseries_ttl_ms: 21600000

#     # timeseries_eviction_method selects the metholodogy used to determine which timestamps are removed once
#     # the timeseries_retention_factor limit is reached. options are oldest and lru. Default is oldest
#     timeseries_eviction_method: oldest

#     # fast_forward_disable, when set to true, will turn off the fast forward feature for any requests proxied to this backend
#     fast_forward_disable: false

#     # fastforward_ttl_ms defines the relative expiration of cached fast forward data. default is 15s
#     fastforward_ttl_ms: 15000

#     # shard_max_size_points defines the maximum size of a timeseries request in unique timestamps,
#     # before sharding into multiple requests of this denomination and reconsitituting the results.
#     # If shard_max_size_points and shard_max_size_ms are both > 0, the configuration is invalid.
#     # default is 0
#     shard_max_size_points: 0

#     # shard_max_size_ms defines the max size of a timeseries request in milliseconds,
#     # before sharding into multiple requests of this denomination and reconsitituting the results.
#     # If shard_max_size_ms and shard_max_size_points are both > 0, the configuration is invalid.
#     # default is 0
#     shard_max_size_ms: 0

#     # shard_step_ms defines the epoch-aligned cadence to use when creating shards. When set to 0,
#     # shards are not aligned to the epoch at a specific step. shard_max_size_ms must be perfectly
#     # divisible by shard_step_ms when both are > 0, or the configuration is invalid.
#     # default is 0
#     shard_step_ms: 0

#     # Simulated Latency
#     # set latency_min_ms > 0 to apply a consistent latency to each request to this backend
#     # set latency_max_ms > latency_max_ms (which can be 0) to apply a random latency between the two
#     latency_max_ms = 0
#     latency_max_ms = 0

#     #
#     # Each backend provider implements their own defaults for health checking
#     # which can be overridden per backend configuration. See /docs/health.md for more information
#     healthcheck: 

#       ## Crafting a Heatlh Check

#       # verb is the HTTP Method Trickster will when performing an upstream health check for this backend
#       # default is GET for all backend types unless overridden per-backend here.
#       verb: GET

#       # scheme is either http or https
#       # default is http
#       scheme: https

#       # host defines a custom Host header to include in health check requests
#       # default is the hostname in the backend configuration's origin_url
#       host: alternate-host.example.com

#       # port defines a custom port to include in health check requests
#       # default is 80 or 443 depending upon scheme
#       port: 8080

#       # path is the URL Trickster will request against this backend to
#       # when a health check request is received by Trickster via http://<trickster-endpoint>/trickster/<backend_name>/health 
#       # this is the default value for prometheus:
#       path: /api/v1/query

#       # query is the query string Trickster will append the when performing an upstream health check for this backend
#       # This example value is the default for prometheus (again, see /docs/health.md)
#       query: query=up

#       # headers provides a list of HTTP Headers to add to Health Check HTTP Requests to this backend
#       # default is none
#       headers:
#         Authorization: Basic SomeHash

#       # body provides a body to use with the health check request when the method is POST or PUT
#       # default is empty string, and is ignored for non-Body-based methods
#       body: "my health check request body"

#       ## Crafting a Healthy Response Profile

#       # timeout_ms is the maximum during the health checker will wait for a response before aborting the check
#       # default is 3s
#       timeout_ms: 3000

#       # expected_codes is the list of acceptable HTTP response codes when health checking the backend
#       # for considering the backend healthy
#       # default is [ 200 ]
#       expected_codes: [ 200, 204, 206, 301, 302, 304 ]

#       # expected_headers is the list of required HTTP response headers when health checking the backend
#       # for considering the backend healthy
#       # default is empty set
#       expected_headers:
#         X-Health-Check-Status: success

#       # expected_body is the response body string a health check response must provide
#       # for considering the backend healthy
#       # default is not checked
#       expected_body: "health check pass."

#     # the paths section customizes the behavior of Trickster for specific paths for this Backend. See /docs/paths.md for more info.
#     paths:
#       example1:
#         path: /api/v1/admin/
#         methods: [ '*' ]                                 # HTTP methods to be routed with this path config. * for all methods.
#         match_type: prefix                             # match $path* (using exact will match just $path)
#         handler: localresponse                         # dont actually proxy this request, respond immediately
#         response_code: 401
#         response_body: 'No soup for you!'
#         no_metrics: true                                 # do not record metrics for requests to this path
#         response_headers:
#           Cache-Control: no-cache                  # attach these headers to the response down to the client
#           Content-Type: text/plain
#         example2:
#           path: /example/
#           methods: [ GET, POST ]
#           collapsed_forwarding: progressive    # see /docs/collapsed_forwarding.md
#           match_type: prefix                   # this path is routed using prefix matching
#           handler: proxycache                  # this path is routed through the cache
#           req_rewriter_name: example-rewriter  # name of a rewriter to modify the request prior to handling
#           cache_key_params: [ ex_param1, ex_param2 ]       # the cache key will be hashed with these query parameters (GET)
#           cache_key_form_fields: [ ex_param1, ex_param2 ]  # or these form fields (POST)
#           cache_key_headers: [ X-Example-Header ]            # and these request headers, when present in the incoming request
#           request_headers:
#             Authorization: custom proxy client auth header
#             -Cookie: ''                                # attach these request headers when proxying. the + in the header name
#             +Accept-Encoding: gzip                   # means append the value if the header exists, rather than replace
#                                                                 # while the - will remove the header
#           request_params:
#             +authToken: SomeTokenHere                 # manipulate request query parameters in the same way

#         # the tls section configures the frontend and backend TLS operation for the backend
#     tls:
#         # TLS Frontend Configs
#         # You can configure which certificate and key to use when this endpoint serves downstream clients over TLS
#         # Trickster will fail out at startup if the provided files do not exist, are unreadable, or in an invalid format
#         # These settings by default are '' (empty string), which disables this backend from being routed over the TLS port
#         full_chain_cert_path: /path/to/your/cert.pem
#         private_key_path: /path/to/your/key.pem

#         # TLS Backend Configs
#         # These settings configure how Trickster will behave as a client when communicating with
#         # this backend over TLS
        
#         # if insecure_skip_verify is true, Trickster will trust the origins certificate without any verification
#         # default is false
#         insecure_skip_verify: false
        
#         # certificate_authority_paths provides a list of additional certificate authorities to be used to trust an upstream origin
#         # in addition to Operating System CAs.  default is an empty list, which insructs the Trickster to use only the OS List
#         certificate_authority_paths: [ ../../testdata/test.rootca.pem ]
        
#         # client_cert_path provides the path to a client certificate for Trickster to use when authenticating with an upstream server
#         # empty string '' by default
#         client_cert_path: /path/to/my/client/cert.pem
        
#         # client_key_path provides the path to a client key for Trickster to use when authenticating with an upstream server
#         # empty string '' by default
#         client_key_path: /path/to/my/client/key.pem

#   # For multi-backend support, backends are named, and the name is the second word of the configuration section name.
#   # In this example, backends are named foo-01.example.com and foo-02.example.com.
#   # Clients can indicate this backend in their path (http://trickster.example.com:8480/foo/api/v1/query_range?.....)
#   # unless path_routing_disabled: true
#   # there are other ways for clients to indicate which backend to use in a multi-backend setup. See the documentation for more information

#   foo-01.example.com:
#     is_default: false
#     provider: reverseproxy
#     origin_url: http://foo-origin-01
#     healthcheck:
#       interval_ms: 1000

#   foo-02.example.com:
#     is_default: false
#     provider: reverseproxy
#     origin_url: http://foo-origin-02
#     healthcheck:
#       interval_ms: 1000

# # Application Load Balancer Backend configuration options, see /docs/alb.md for more information
#
#   alb01:
#     hosts: [ foo.example.com ]
#     path_routing_disabled: true # only route to the alb via the foo.example.com Host header
#     provider: alb
#     alb:
#       # mechanism defines the ALB pool member selection mechanism.
#       # values are rr, fr, fgr, nlm, or tsm. see the docs for detailed descriptions of each
#       # rr - standard round robin
#       # fr - fanout and return the First Response regardless of status code
#       # fgr - fanout and return the First Good Response based on status code
#       # nlm - fanout and return the Response with the Newest Last-Modified header
#       # tsm - fanount and perform a Time Series Merge of the results into a single time series
#
#       mechanism: rr # use a basic round robin

#       # pool defines the pool of backends to which the alb routes
#       # use the two example backends above
#       pool: [ foo-01.example.com, foo-02.example.com ]

#       # healthy_floor is the minimum health status for a Backend to be considered healthy in the pool
#       #  1 indicates only backends positively reporting as healthy are included
#       #  0 indicates backends in either a unknown/unchecked state or healthy reporting state
#       # -1 includes all backends, regardless of reporting state
#       # default is 0
#       healthy_floor: 0

#       # fgr_status_codes is a list of status codes considered 'good' when using the fgr mechanism
#       # when this is not set, any response code < 400 is considered good. Use this setting to
#       # provide an explicit list.
#       fgr_status_codes: [ 200 ] # this would consider only 200 OK's good, and not 204, 302, etc.

# # Configuration Options for Request Routing Rules - see /docs/rule.md for more information

# rules:
# # This example rule will route a request to the reader or writer backend based on the Username header

#   example:
#     input_source: header       # path, host, param
#     input_key: Authorization   # Authorization: Basic SomeBase64EncodedString
#     input_type: string
#     input_encoding: base64
#     input_index: 1               # split the header value into zero-indexed parts at spaces, use part 1
#     input_delimiter:  
#     operation: prefix              # check the input value matches any of the defined cases:
#     next_route: reader-cluster # by default, route to reader-cluster backend (would need to be defined)
# #  Other available rule configs that are not pertinent to this example:
#     ingress_req_rewriter_name: '' # name of a rewriter to process the request before evaluating the rule
#     egress_req_rewriter_name: ''  # name of a rewriter to process the request after evaluating the rule
#   #                                 # and handing off to the new route
#     nomatch_req_rewriter_name: '' # name of a rewriter to run the request through when there are no matching cases
#     operation_arg: '' # an argument to pass to the operation.
#     redirect_url: '' # provides a URL to redirect the request in the default case, rather than handing to next_route
#     max_rule_executions: 16        # limits the max number of per-Request rule-based hops to avoid execution loops.

#     cases:
#       "1":
#         matches: ['johndoe:', 'janedoe:']  # if the Authorization header has user johndoe or janedoe,
#         next_route: writer-cluster       # route the request to hypothetical writer-cluster backend
#   #     Other available case configs that are not pertinent to this example:
#         req_rewriter_name: '' # name of a rewriter to process the request if it matches this case
#                               # case rewrites are executed prior to giving control back to the rule
#         redirect_url: ''  # provides a URL to redirect the request if it matches this case


# # Configuration Options for Request Rewriter Instructions - see /docs/request_rewriters.md for more info

# request_rewriters:
#   example-rewriter: # this example sets an authorization header before calling the origin
#     instructions: [
#       [header, set, Authorization, Basic SomeBase64EncodedCredentials],
#     ]

# # Configuration Options for Tracing Instrumentation. see /docs/tracing.md for more information
# tracing:

#     # This is the default tracing config with its default options, which you can change here.
#     # you can also add additional tracing configs here. user-defined tracing configs are mapped
#     # to backends by the tracing_name value in backend configs, which, by default, use default
#   default:

#     # provider specifies the type of backend tracing system where traces are sent (in that format)
#     # options are: jaeger, zipkin, stdout or none.  none is the default
#     provider: none

#     # service_name specifies the service name under which the traces are registered by this tracer
#     # default is trickster
#     service_name: trickster

#     # collector_url is the URL of the tracing backend
#     # required for zipkin and jaeger, unused for stdout
#     collector_url: http://jaeger:14268/api/traces

#     # collector_user is the username credential for authenticating with the tracing backend
#     # optional jaeger; unused for zipkin and stdout
#     collector_user: ''

#     # collector_pass is the username credential for authenticating with the tracing backend
#     # optional jaeger; unused for zipkin and stdout
#     collector_pass: ''

#     # sample_rate sets the probability that a span will be recorded.
#     # A floating point value of 0.0 to 1.0 (inclusive) is permitted
#     # default is 1.0 (meaning 100% of requests are recorded)
#     sample_rate: 1.0

#     # omit_tags is a list of tag names that, while normally added by Trickster to various spans,
#     # are omitted for spans produced by this tracer. The default setting is empty list.
#     omit_tags: []
    
#       # tags will append these tags/attributes to each trace that is recorded
#       # only string key/value tags are supported. numeric values, etc are not.
#       # For Jaeger, these key/values are added to the "Process" section
#       # default tags list is empty
#     tags:
#       key1: "value1"
#       key2: "value2"

#       # configurations for this tracer, specific to jaeger
#     jaeger:
#       # endpoint_type indicates whether the jaeger tracing backend is a collector or agent
#       # default is collector
#       endpoint_type: collector

#       # configurations for this tracer, specific to stdout
#     stdout:
#       # pretty_print indicates whether the output to stdout is formatted better human readability
#       # default is false
#       pretty_print: false

#     # another example tracing config named example using jaeger agent backend and a 50% sample rate
#   example:
#     provider: jaeger
#     collector_url: jaeger:6831
#     sample_rate: 0.5
#     jaeger:
#       endpoint_type: agent

#     # another example tracing config named zipkin-example using zipkin backend and a 10% sample rate
#   zipkin-example:
#     provider: zipkin
#     collector_url: https://zipkin.example.com:9411/api/v2/spans
#     sample_rate: 0.1


# # Configuration Options for Metrics Instrumentation
# metrics:
#   # listen_port defines the port that Tricksters metrics server listens on at /metrics
#   # 8481 is the default
#   listen_port: 8481
#   # listen_address defines the ip that Tricksters metrics server listens on at /metrics
#   # empty by default, listening on all interfaces
#   listen_address: ''

# # Configuration Options for Config Reloading
# reloading:
#   # listen_port defines the port where Tricksters config reload server listens
#   # 8484 is the default 
#   listen_port: 8484
#   # listen_address defines the ip where Tricksters config reload server listens
#   # empty by default, listening on all interfaces
#   listen_address: ''
#   # handler_path defines the HTTP path where the Reload interface is available.
#   # by default, this is /trickster/config/reload
#   handler_path: /trickster/config/reload
#   # drain_timeout_ms defines how long old HTTP listeners will live to allow
#   # outstanding connection to close organically, before the listener is forcefully closed
#   # the default is 30
#   drain_timeout_ms: 30000
#   # rate_limit_ms specifies the rate limit timeout duration to apply to the HTTP reload interface.
#   # The reload interface is disabled for this duration of time whenever a config reload request is
#   # made that fails because the underlying config file is unmodified. default is 3
#   rate_limit_ms: 3000

# # Configuration Options for Logging Instrumentation
# logging:
#   # log_level defines the verbosity of the logger. Possible values are debug, info, warn, error
#   # default is info
#   log_level: info

#   # log_file defines the file location to store logs. These will be auto-rolled and maintained for you.
#   # not specifying a log_file (this is the default behavior) will print logs to STDOUT
#   log_file: /some/path/to/trickster.log