initial commit

g3proxy/doc/configuration/user_group/user.rst

@@ -0,0 +1,324 @@
+.. _configuration_user_group_user:
+
+****
+User
+****
+
+The user config is in map format. We can specify how to authenticate the user, set limitations and we may also specify
+som custom actions for each user.
+
+name
+----
+
+**required**, **type**: :ref:`username <conf_value_username>`
+
+Set the username.
+
+token
+-----
+
+**required**, **type**: mix
+
+Set the token used to authenticate the user. The token can be in the following types:
+
+* str
+
+  The value should be a string in unix format, see crypt(5).
+
+* map
+
+  The key *type* specify the real type.
+
+  * fast_hash
+
+    A custom type. We use salt, and one or more value of md5, sha1, blake3. The hash is weak, but fast.
+    The values for *salt*, *md5*, *sha1*, *blake3* should be in hex encoded ascii string.
+
+  * xcrypt_hash
+
+    The required key is *value*, which value should be a valid crypt(5) string.
+
+The currently supported crypt(5) methods are: md5, sha256, sha512.
+
+expire
+------
+
+**optional**, **type**: :ref:`rfc3339 datetime str <conf_value_rfc3339_datetime_str>`
+
+Set when the user should be considered expired. The check interval is set by
+:ref:`refresh interval <conf_user_group_refresh_interval>` in group config.
+
+**default**: not set
+
+block_and_delay
+---------------
+
+**optional**, **type**: :ref:`humanize duration <conf_value_humanize_duration>`
+
+Block the user, and delay sending of the error response by the specified duration.
+
+The response code for blocked user will be forbidden instead of auth failed.
+
+**default**: not set
+
+proxy_request_filter
+--------------------
+
+**optional**, **type**: :ref:`proxy request acl rule <conf_value_proxy_request_acl_rule>`
+
+Set the proxy request types that we should handle.
+
+**default**: not set
+
+dst_host_filter_set
+-------------------
+
+**optional**, **type**: :ref:`dst host acl rule set <conf_value_dst_host_acl_rule_set>`
+
+Set the filter for dst host of each request, which means it won't apply to udp associate tasks.
+
+**default**: not set
+
+dst_port_filter
+---------------
+
+**optional**, **type**: :ref:`exact port acl rule <conf_value_exact_port_acl_rule>`
+
+Set the filter for dst port of each request, which means it won't apply to udp associate tasks.
+
+**default**: not set
+
+http_user_agent_filter
+----------------------
+
+**optional**, **type**: :ref:`user agent acl rule <conf_value_user_agent_acl_rule>`
+
+Set the filter for HTTP User-Agent header.
+
+.. note:: This only applies to layer-7 http traffic, including http forward and https forward.
+
+**default**: not set
+
+tcp_connect
+-----------
+
+**optional**, **type**: :ref:`tcp connect <conf_value_tcp_connect>`
+
+Set user level tcp connect params, which will take effect for *direct* type escapers.
+And this will be limited by the escaper level settings.
+
+**default**: not set
+
+tcp_sock_speed_limit
+--------------------
+
+**optional**, **type**: :ref:`tcp socket speed limit <conf_value_tcp_sock_speed_limit>`
+
+Set speed limit for each tcp socket.
+
+**default**: no limit, **alias**: tcp_conn_speed_limit | tcp_conn_limit
+
+.. versionchanged:: 1.4.0 changed name to tcp_sock_speed_limit
+
+udp_sock_speed_limit
+---------------------
+
+**optional**, **type**: :ref:`udp socket speed limit <conf_value_udp_sock_speed_limit>`
+
+Set speed limit for each udp socket.
+
+**default**: no limit, **alias**: udp_relay_speed_limit | udp_relay_limit
+
+.. versionchanged:: 1.4.0 changed name to udp_sock_speed_limit
+
+tcp_remote_keepalive
+--------------------
+
+**optional**, **type**: :ref:`tcp keepalive <conf_value_tcp_keepalive>`
+
+Set tcp keepalive for the remote tcp socket.
+
+The tcp keepalive set in user config will only be taken into account in Direct type escapers.
+
+**default**: no keepalive set
+
+tcp_remote_misc_opts
+--------------------
+
+**optional**, **type**: :ref:`tcp misc sock opts <conf_value_tcp_misc_sock_opts>`
+
+Set misc tcp socket options for the remote tcp socket.
+
+The user level TOS and Mark config will overwrite the one set at escaper level.
+Other fields will be limited to the smaller ones.
+
+**default**: not set
+
+udp_remote_misc_opts
+--------------------
+
+**optional**, **type**: :ref:`udp misc sock opts <conf_value_udp_misc_sock_opts>`
+
+Set misc udp socket options for the remote udp socket.
+
+The user level TOS and Mark config will overwrite the one set at escaper level.
+Other fields will be limited to the smaller ones.
+
+**default**: not set
+
+tcp_client_misc_opts
+--------------------
+
+**optional**, **type**: :ref:`tcp misc sock opts <conf_value_tcp_misc_sock_opts>`
+
+Set misc tcp socket options for the client tcp socket before task connecting stage.
+
+The user level TOS and Mark config will overwrite the one set at escaper level.
+Other fields will be limited to the smaller ones.
+
+**default**: not set
+
+udp_client_misc_opts
+--------------------
+
+**optional**, **type**: :ref:`udp misc sock opts <conf_value_udp_misc_sock_opts>`
+
+Set misc udp socket options for the client udp socket.
+
+The user level TOS and Mark config will overwrite the one set at server level.
+Other fields will be limited to the smaller ones.
+
+**default**: not set
+
+http_upstream_keepalive
+-----------------------
+
+**optional**, **type**: :ref:`http keepalive <conf_value_http_keepalive>`
+
+Set http keepalive config at user level.
+
+**default**: set with default value
+
+tcp_conn_rate_limit
+-------------------
+
+**optional**, **type**: :ref:`rate limit quota <conf_value_rate_limit_quota>`
+
+Set rate limit on client side new connections.
+
+The same connection used for different users will be counted for each of them.
+
+**default**: no limit, **alias**: tcp_conn_limit_quota
+
+.. versionadded:: 1.4.0
+
+request_rate_limit
+------------------
+
+**optional**, **type**: :ref:`rate limit quota <conf_value_rate_limit_quota>`
+
+Set rate limit on request.
+
+**default**: no limit, **alias**: request_limit_quota
+
+request_max_alive
+-----------------
+
+**optional**, **type**: usize, **alias**: request_alive_max
+
+Set max alive requests at user level.
+
+Even if not set, the max alive requests should not be more than usize::MAX.
+
+**default**: no limit
+
+resolve_strategy
+----------------
+
+**optional**, **type**: :ref:`resolve strategy <conf_value_resolve_strategy>`
+
+Set an user custom resolve strategy, within the range of the one set on the escaper.
+Not all escapers support this, see the documentation for each escaper for more info.
+
+**default**: not custom resolve strategy is set
+
+resolve_redirection
+-------------------
+
+**optional**, **type**: :ref:`resolve redirection <conf_value_resolve_redirection>`
+
+Set the dns redirection rules at user level.
+
+**default**: not set
+
+log_rate_limit
+--------------
+
+**optional**, **type**: :ref:`rate limit quota <conf_value_rate_limit_quota>`
+
+Set rate limit on log request.
+
+**default**: no limit, **alias**: log_limit_quota
+
+.. _config_user_log_uri_max_chars:
+
+log_uri_max_chars
+-----------------
+
+**optional**, **type**: usize
+
+Set the max number of characters of uri should be logged in logs.
+
+If set, this will override the one set in server level.
+
+If not set, the one in server level will take effect.
+
+The password in uri will be replaced by *xyz* before logging.
+
+**default**: not set
+
+task_idle_max_count
+-------------------
+
+**optional**, **type**: i32
+
+The task will be closed if the idle check return IDLE the times as this value.
+
+This will overwrite the one set at server side,
+see :ref:`server task_idle_max_count <conf_server_common_task_idle_max_count>`.
+
+The idle check interval can only set at server side,
+see :ref:`server task_idle_check_duration <conf_server_common_task_idle_check_duration>`.
+
+**default**: 1
+
+socks_use_udp_associate
+-----------------------
+
+**optional**, **type**: bool
+
+Set if we should use socks udp associate instead of the simplified udp connect method.
+
+**default**: false
+
+.. versionadded:: 1.3.0
+
+audit
+-----
+
+**optional**, **type**: :ref:`user audit <configuration_user_group_user_audit>`
+
+Set audit config for this user.
+
+**default**: set with default values
+
+.. versionadded:: 1.7.0
+
+explicit_sites
+--------------
+
+**optional**, **type**: seq of :ref:`user site <configuration_user_group_user_site>`
+
+Set explicit sites for this user.
+
+.. versionadded:: 1.3.4