RelyREST Server Reference
RelyServerConfig
RelyServerConfig holds information of required configurations to run the Rely API server.
| Key | Value | Required | Description |
|---|---|---|---|
server | ServerConfig | false | Configurations for the HTTP server. |
telemetry | OTLPConfig | false | Configurations for OpenTelemetry exporters. |
definition | RelyDefinitionFileConfig | true | Configurations for resource definition files. |
RelyDefinitionFileConfig
RelyDefinitionFileConfig represents the configurations for definition files.
| Key | Value | Required | Description |
|---|---|---|---|
include | [string] | true | List of paths to be included for metadata introspection. |
exclude | [string] | false | List of paths to be excluded for metadata introspection. |
OTLPConfig
OTLPConfig contains configuration for OpenTelemetry exporter.
| Key | Value | Required | Description |
|---|---|---|---|
serviceName | string | false | OpenTelemetry service name. |
otlpEndpoint | string | false | OTLP receiver endpoint that is set as default for all types. |
otlpTracesEndpoint | string | false | OTLP receiver endpoint for traces exporter. |
otlpMetricsEndpoint | string | false | OTLP receiver endpoint for metrics exporter. |
otlpLogsEndpoint | string | false | OTLP receiver endpoint for logs exporter. |
otlpInsecure | boolean | false | Disable TLS for OpenTelemetry exporters. |
otlpTracesInsecure | boolean | false | Disable TLS for OpenTelemetry traces exporter. |
otlpMetricsInsecure | boolean | false | Disable TLS for OpenTelemetry metrics exporter. |
otlpLogsInsecure | boolean | false | Disable TLS for OpenTelemetry logs exporter. |
otlpProtocol | grpc / http/protobuf | false | OTLP receiver protocol for all exporters. Default is grpc. |
otlpTracesProtocol | grpc / http/protobuf | false | OTLP receiver protocol for traces. |
otlpMetricsProtocol | grpc / http/protobuf | false | OTLP receiver protocol for metrics. |
otlpLogsProtocol | grpc / http/protobuf | false | OTLP receiver protocol for logs. |
otlpCompression | none / gzip | false | Enable compression for OTLP exporters. Accept: none, gzip |
otlpTracesCompression | none / gzip | false | Enable compression for OTLP traces exporter. Accept: none, gzip |
otlpMetricsCompression | none / gzip | false | Enable compression for OTLP metrics exporter. Accept: none, gzip |
otlpLogsCompression | none / gzip | false | Enable compression for OTLP logs exporter. Accept: none, gzip |
metricsExporter | none / otlp / prometheus | false | Metrics export type. Accept: none, otlp, prometheus |
logsExporter | none / otlp | false | Logs export type. Accept: none, otlp |
prometheusPort | integer | false | Prometheus port for the Prometheus HTTP server. Use /metrics endpoint of the connector server if empty. |
disableGoMetrics | boolean | false | Disable internal Go and process metrics (prometheus exporter only). |
ServerConfig
ServerConfig holds information of required environment variables.
| Key | Value | Required | Description |
|---|---|---|---|
port | integer | false | The port where the server is listening to. |
logLevel | INFO / DEBUG / WARN / ERROR | false | Level of the logger. |
compressionLevel | integer | false | Default level which the server uses to compress response bodies. |
requestTimeout | string | false | The default timeout of every request. Return a 504 Gateway Timeout error to the client. |
readTimeout | string | false | The maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout. |
readHeaderTimeout | string | false | The amount of time allowed to read request headers. The connection's read deadline is reset after reading the headers and the Handler can decide what is considered too slow for the body. If zero, the value of ReadTimeout is used. If negative, or if zero and ReadTimeout is zero or negative, there is no timeout. |
writeTimeout | string | false | The maximum duration before timing out writes of the response. It is reset whenever a new request's header is read. Like ReadTimeout, it does not let Handlers make decisions on a per-request basis. A zero or negative value means there will be no timeout. |
idleTimeout | string | false | The maximum amount of time to wait for the next request when keep-alives are enabled. If zero, the value of ReadTimeout is used. If negative, or if zero and ReadTimeout is zero or negative, there is no timeout. |
maxHeaderKilobytes | integer | false | The maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body. If zero, DefaultMaxHeaderBytes is used. |
maxBodyKilobytes | integer | false | The maximum number of bytes the server will read parsing the request body. A zero or negative value means there will be no limit. |
tlsCertFile | string | false | The TLS certificate file to enable TLS connections. |
tlsKeyFile | string | false | The TLS key file to enable TLS connections. |
cors | CORSConfig | false | The configuration container to setup the CORS middleware. |
clientIp | ClientIPConfig | false | The configuration container to setup the client IP middleware. |
ClientIPConfig
The configuration container to setup the client IP middleware.
One of the following values:
| Value | Description |
|---|---|
| ServerClientIPFromHeaderConfig | Configuration for client IP resolution from headers. Only safe with headers your proxy unconditionally OVERWRITES on every request. |
| ServerClientIPFromRemoteAddressConfig | Configuration for client IP resolution from the remote address of the incoming request — the IP address of whoever opened the connection to this server. Use this strategy when this server is directly connected to the public internet with NO reverse proxy in front of it. Behind a reverse proxy, RemoteAddr is the proxy's IP, not the client's — use ClientIPFromHeader or ClientIPFromXFF instead |
| ServerClientIPFromXForwardForConfig | Configuration for client IP resolution from X-Forwarded-For header with trusted IP prefixes, walking the chain right-to-left and skipping any IP that falls within one of the given trusted CIDR prefixes. |
| ServerClientIPFromXForwardForTrustedProxiesConfig | Configuration for client IP resolution from X-Forwarded-For header given the exact number of trusted reverse proxies between this server and the public internet. It returns the IP at position len(xff) - numTrustedProxies in the merged X-Forwarded-For list — the IP added by the outermost of your trusted proxies, the only IP in the chain that none of your proxies have allowed an attacker to forge. |
ServerClientIPFromXForwardForTrustedProxiesConfig
Configuration for client IP resolution from X-Forwarded-For header given the exact number of trusted reverse proxies between this server and the public internet. It returns the IP at position len(xff) - numTrustedProxies in the merged X-Forwarded-For list — the IP added by the outermost of your trusted proxies, the only IP in the chain that none of your proxies have allowed an attacker to forge.
| Key | Value | Required | Description |
|---|---|---|---|
type | x_forwarded_for_trusted_proxies | true | Type of the strategy that the client IP should be parsed from. |
numTrustedProxies | integer | true | The exact number of trusted reverse proxies between this server and the public internet. |
ServerClientIPFromXForwardForConfig
Configuration for client IP resolution from X-Forwarded-For header with trusted IP prefixes, walking the chain right-to-left and skipping any IP that falls within one of the given trusted CIDR prefixes.
| Key | Value | Required | Description |
|---|---|---|---|
type | x_forwarded_for | true | Type of the strategy that the client IP should be parsed from. |
trustedIpPrefixes | [string] | true | List of CIDR prefixes to be trusted when parsing the client IP from the X-Forwarded-For header. |
ServerClientIPFromRemoteAddressConfig
Configuration for client IP resolution from the remote address of the incoming request — the IP address of whoever opened the connection to this server. Use this strategy when this server is directly connected to the public internet with NO reverse proxy in front of it. Behind a reverse proxy, RemoteAddr is the proxy's IP, not the client's — use ClientIPFromHeader or ClientIPFromXFF instead
| Key | Value | Required | Description |
|---|---|---|---|
type | remote_addr | true | Type of the strategy that the client IP should be parsed from. |
ServerClientIPFromHeaderConfig
Configuration for client IP resolution from headers. Only safe with headers your proxy unconditionally OVERWRITES on every request.
| Key | Value | Required | Description |
|---|---|---|---|
type | header | true | Type of the strategy that the client IP should be parsed from. |
headers | [string] | true | List of headers to be looked up |
CORSConfig
CORSConfig represents configurations of CORS.
| Key | Value | Required | Description |
|---|---|---|---|
allowedOrigins | [string] | false | AllowedOrigins is a list of origins a cross-domain request can be executed from. If the special "" value is present in the list, all origins will be allowed. An origin may contain a wildcard () to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penalty. Only one wildcard can be used per origin. CORS is disabled if empty. |
allowedMethods | [string] | false | AllowedMethods is a list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (HEAD, GET and POST). |
allowedHeaders | [string] | false | AllowedHeaders is list of non simple headers the client is allowed to use with cross-domain requests. If the special "*" value is present in the list, all headers will be allowed. Default value is [] but "Origin" is always appended to the list. |
exposedHeaders | [string] | false | ExposedHeaders indicates which headers are safe to expose to the API of a CORS API specification |
maxAge | integer | false | MaxAge indicates how long (in seconds) the results of a preflight request can be cached |
allowCredentials | boolean | false | AllowCredentials indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. |
optionsPassthrough | boolean | false | OptionsPassthrough instructs preflight to let other potential next handlers to process the OPTIONS method. Turn this on if your application handles OPTIONS. |