# PostgreSQL Proxy Configuration
# Maps external hostnames to internal backend servers

# Listen address and port
listen:
  address: "0.0.0.0"
  port: 5400

# TLS configuration
# If enabled is true but cert_file/key_file are not specified or not found,
# a self-signed certificate will be automatically generated for all external hostnames
tls:
  enabled: true
  # cert_file: "/path/to/cert.pem"  # Optional: path to certificate file
  # key_file: "/path/to/key.pem"    # Optional: path to private key file
  # Let's Encrypt configuration (automatic certificate management)
  letsencrypt:
    enabled: false  # Set to true to use Let's Encrypt
    email: "admin@secnex.io"  # Email for Let's Encrypt registration
    cache_dir: "./certs/letsencrypt"  # Directory to store certificates (default: ./certs/letsencrypt)
    staging: true  # Use Let's Encrypt staging environment for testing

debug: true

# Hostname mappings
# External hostname -> Internal hostname and port
mappings:
  - external: "mytestserver"
    internal: "localhost"
    port: 5432
  - external: "mytestserver2"
    internal: "localhost"
    port: 5431