Skip to content

Commit a07ad8d

Browse files
rkline0xrkline0x
committed
1 parent de458dc commit a07ad8d

10 files changed

Lines changed: 690 additions & 2 deletions

File tree

comparison/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1509,7 +1509,7 @@ <h1 id="comparison">Comparison<a class="headerlink" href="#comparison" title="Pe
15091509
<tr>
15101510
<td>Per-user unique IP limits</td>
15111511
<td style="text-align: center;">No</td>
1512-
<td style="text-align: center;">No</td>
1512+
<td style="text-align: center;">Yes</td>
15131513
<td style="text-align: center;">No</td>
15141514
<td style="text-align: center;">Yes</td>
15151515
</tr>

docker/configuration/index.html

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1573,6 +1573,21 @@ <h2 id="environment-variables">Environment Variables<a class="headerlink" href="
15731573
<td>Per-secret connection limits</td>
15741574
</tr>
15751575
<tr>
1576+
<td><code>SECRET_QUOTA_1</code>...<code>SECRET_QUOTA_16</code></td>
1577+
<td></td>
1578+
<td>Per-secret byte quota (e.g. <code>10737418240</code> for 10 GB)</td>
1579+
</tr>
1580+
<tr>
1581+
<td><code>SECRET_MAX_IPS_1</code>...<code>SECRET_MAX_IPS_16</code></td>
1582+
<td></td>
1583+
<td>Per-secret unique IP limits</td>
1584+
</tr>
1585+
<tr>
1586+
<td><code>SECRET_EXPIRES_1</code>...<code>SECRET_EXPIRES_16</code></td>
1587+
<td></td>
1588+
<td>Per-secret expiration (TOML datetime or Unix timestamp)</td>
1589+
</tr>
1590+
<tr>
15761591
<td><code>PORT</code></td>
15771592
<td>443</td>
15781593
<td>Client connection port</td>

fa/docker/configuration/index.html

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1573,6 +1573,21 @@ <h2 id="environment-variables">Environment Variables<a class="headerlink" href="
15731573
<td>Per-secret connection limits</td>
15741574
</tr>
15751575
<tr>
1576+
<td><code>SECRET_QUOTA_1</code>...<code>SECRET_QUOTA_16</code></td>
1577+
<td></td>
1578+
<td>Per-secret byte quota (e.g. <code>10737418240</code> for 10 GB)</td>
1579+
</tr>
1580+
<tr>
1581+
<td><code>SECRET_MAX_IPS_1</code>...<code>SECRET_MAX_IPS_16</code></td>
1582+
<td></td>
1583+
<td>Per-secret unique IP limits</td>
1584+
</tr>
1585+
<tr>
1586+
<td><code>SECRET_EXPIRES_1</code>...<code>SECRET_EXPIRES_16</code></td>
1587+
<td></td>
1588+
<td>Per-secret expiration (TOML datetime or Unix timestamp)</td>
1589+
</tr>
1590+
<tr>
15761591
<td><code>PORT</code></td>
15771592
<td>443</td>
15781593
<td>Client connection port</td>

fa/features/secrets/index.html

Lines changed: 157 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1075,6 +1075,50 @@
10751075
</span>
10761076
</a>
10771077

1078+
</li>
1079+
1080+
<li class="md-nav__item">
1081+
<a href="#per-secret-quotas" class="md-nav__link">
1082+
<span class="md-ellipsis">
1083+
1084+
Per-Secret Quotas
1085+
1086+
</span>
1087+
</a>
1088+
1089+
</li>
1090+
1091+
<li class="md-nav__item">
1092+
<a href="#per-secret-unique-ip-limits" class="md-nav__link">
1093+
<span class="md-ellipsis">
1094+
1095+
Per-Secret Unique IP Limits
1096+
1097+
</span>
1098+
</a>
1099+
1100+
</li>
1101+
1102+
<li class="md-nav__item">
1103+
<a href="#secret-expiration" class="md-nav__link">
1104+
<span class="md-ellipsis">
1105+
1106+
Secret Expiration
1107+
1108+
</span>
1109+
</a>
1110+
1111+
</li>
1112+
1113+
<li class="md-nav__item">
1114+
<a href="#toml-config-example" class="md-nav__link">
1115+
<span class="md-ellipsis">
1116+
1117+
TOML Config Example
1118+
1119+
</span>
1120+
</a>
1121+
10781122
</li>
10791123

10801124
</ul>
@@ -1497,6 +1541,50 @@
14971541
</span>
14981542
</a>
14991543

1544+
</li>
1545+
1546+
<li class="md-nav__item">
1547+
<a href="#per-secret-quotas" class="md-nav__link">
1548+
<span class="md-ellipsis">
1549+
1550+
Per-Secret Quotas
1551+
1552+
</span>
1553+
</a>
1554+
1555+
</li>
1556+
1557+
<li class="md-nav__item">
1558+
<a href="#per-secret-unique-ip-limits" class="md-nav__link">
1559+
<span class="md-ellipsis">
1560+
1561+
Per-Secret Unique IP Limits
1562+
1563+
</span>
1564+
</a>
1565+
1566+
</li>
1567+
1568+
<li class="md-nav__item">
1569+
<a href="#secret-expiration" class="md-nav__link">
1570+
<span class="md-ellipsis">
1571+
1572+
Secret Expiration
1573+
1574+
</span>
1575+
</a>
1576+
1577+
</li>
1578+
1579+
<li class="md-nav__item">
1580+
<a href="#toml-config-example" class="md-nav__link">
1581+
<span class="md-ellipsis">
1582+
1583+
TOML Config Example
1584+
1585+
</span>
1586+
</a>
1587+
15001588
</li>
15011589

15021590
</ul>
@@ -1595,6 +1683,75 @@ <h2 id="per-secret-connection-limits">Per-Secret Connection Limits<a class="head
15951683
<li><strong>Stats:</strong> <code>secret_family_limit 1000</code>, <code>secret_family_rejected 42</code></li>
15961684
<li><strong>Prometheus:</strong> <code>teleproxy_secret_connection_limit{secret="family"} 1000</code>, <code>teleproxy_secret_connections_rejected_total{secret="family"} 42</code></li>
15971685
</ul>
1686+
<h2 id="per-secret-quotas">Per-Secret Quotas<a class="headerlink" href="#per-secret-quotas" title="Permanent link">&para;</a></h2>
1687+
<p>Cap total bytes transferred (received + sent) per secret. Once exhausted, active connections are closed and new connections are rejected.</p>
1688+
<p>TOML config:</p>
1689+
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a><span class="k">[[secret]]</span>
1690+
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;cafe...ab&quot;</span>
1691+
<a id="__codelineno-9-3" name="__codelineno-9-3" href="#__codelineno-9-3"></a><span class="n">label</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;guest&quot;</span>
1692+
<a id="__codelineno-9-4" name="__codelineno-9-4" href="#__codelineno-9-4"></a><span class="n">quota</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;10G&quot;</span><span class="w"> </span><span class="c1"># accepts: bytes (int), or &quot;500M&quot;, &quot;10G&quot;, &quot;1T&quot;</span>
1693+
</code></pre></div>
1694+
<p>Docker:</p>
1695+
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a><span class="nv">SECRET_QUOTA_1</span><span class="o">=</span><span class="m">10737418240</span><span class="w"> </span><span class="c1"># 10 GB in bytes</span>
1696+
</code></pre></div>
1697+
<p>Quota is cumulative since startup — it does not reset on SIGHUP config reload. Restart the proxy to reset usage.</p>
1698+
<p>Metrics:</p>
1699+
<ul>
1700+
<li><strong>Stats:</strong> <code>secret_guest_quota 10737418240</code>, <code>secret_guest_bytes_total 5368709120</code>, <code>secret_guest_rejected_quota 3</code></li>
1701+
<li><strong>Prometheus:</strong> <code>teleproxy_secret_quota_bytes{secret="guest"} 10737418240</code>, <code>teleproxy_secret_bytes_total{secret="guest"} 5368709120</code></li>
1702+
</ul>
1703+
<h2 id="per-secret-unique-ip-limits">Per-Secret Unique IP Limits<a class="headerlink" href="#per-secret-unique-ip-limits" title="Permanent link">&para;</a></h2>
1704+
<p>Cap how many distinct client IPs can use a secret simultaneously. Additional connections from an already-connected IP are allowed.</p>
1705+
<p>TOML config:</p>
1706+
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="k">[[secret]]</span>
1707+
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;cafe...ab&quot;</span>
1708+
<a id="__codelineno-11-3" name="__codelineno-11-3" href="#__codelineno-11-3"></a><span class="n">label</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;guest&quot;</span>
1709+
<a id="__codelineno-11-4" name="__codelineno-11-4" href="#__codelineno-11-4"></a><span class="n">max_ips</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">5</span>
1710+
</code></pre></div>
1711+
<p>Docker:</p>
1712+
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a><span class="nv">SECRET_MAX_IPS_1</span><span class="o">=</span><span class="m">5</span>
1713+
</code></pre></div>
1714+
<p>Metrics:</p>
1715+
<ul>
1716+
<li><strong>Stats:</strong> <code>secret_guest_max_ips 5</code>, <code>secret_guest_unique_ips 3</code>, <code>secret_guest_rejected_ips 0</code></li>
1717+
<li><strong>Prometheus:</strong> <code>teleproxy_secret_max_ips{secret="guest"} 5</code>, <code>teleproxy_secret_unique_ips{secret="guest"} 3</code></li>
1718+
</ul>
1719+
<h2 id="secret-expiration">Secret Expiration<a class="headerlink" href="#secret-expiration" title="Permanent link">&para;</a></h2>
1720+
<p>Auto-disable a secret after a timestamp. New connections are rejected; existing connections continue until they close naturally.</p>
1721+
<p>TOML config:</p>
1722+
<div class="highlight"><pre><span></span><code><a id="__codelineno-13-1" name="__codelineno-13-1" href="#__codelineno-13-1"></a><span class="k">[[secret]]</span>
1723+
<a id="__codelineno-13-2" name="__codelineno-13-2" href="#__codelineno-13-2"></a><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;cafe...ab&quot;</span>
1724+
<a id="__codelineno-13-3" name="__codelineno-13-3" href="#__codelineno-13-3"></a><span class="n">label</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;temp&quot;</span>
1725+
<a id="__codelineno-13-4" name="__codelineno-13-4" href="#__codelineno-13-4"></a><span class="n">expires</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ld">2025-06-30T23:59:59Z</span><span class="w"> </span><span class="c1"># TOML datetime (UTC)</span>
1726+
<a id="__codelineno-13-5" name="__codelineno-13-5" href="#__codelineno-13-5"></a><span class="c1"># or: expires = 1751327999 # Unix timestamp</span>
1727+
</code></pre></div>
1728+
<p>Docker:</p>
1729+
<div class="highlight"><pre><span></span><code><a id="__codelineno-14-1" name="__codelineno-14-1" href="#__codelineno-14-1"></a><span class="nv">SECRET_EXPIRES_1</span><span class="o">=</span><span class="m">2025</span>-06-30T23:59:59Z
1730+
<a id="__codelineno-14-2" name="__codelineno-14-2" href="#__codelineno-14-2"></a><span class="c1"># or: SECRET_EXPIRES_1=1751327999</span>
1731+
</code></pre></div>
1732+
<p>Metrics:</p>
1733+
<ul>
1734+
<li><strong>Stats:</strong> <code>secret_temp_expires 1751327999</code>, <code>secret_temp_rejected_expired 12</code></li>
1735+
<li><strong>Prometheus:</strong> <code>teleproxy_secret_expires_timestamp{secret="temp"} 1751327999</code></li>
1736+
</ul>
1737+
<h2 id="toml-config-example">TOML Config Example<a class="headerlink" href="#toml-config-example" title="Permanent link">&para;</a></h2>
1738+
<p>All per-secret features combined:</p>
1739+
<div class="highlight"><pre><span></span><code><a id="__codelineno-15-1" name="__codelineno-15-1" href="#__codelineno-15-1"></a><span class="k">[[secret]]</span>
1740+
<a id="__codelineno-15-2" name="__codelineno-15-2" href="#__codelineno-15-2"></a><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;cafe01234567890abcafe01234567890a&quot;</span>
1741+
<a id="__codelineno-15-3" name="__codelineno-15-3" href="#__codelineno-15-3"></a><span class="n">label</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;family&quot;</span>
1742+
<a id="__codelineno-15-4" name="__codelineno-15-4" href="#__codelineno-15-4"></a><span class="n">limit</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">100</span>
1743+
<a id="__codelineno-15-5" name="__codelineno-15-5" href="#__codelineno-15-5"></a><span class="n">quota</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;50G&quot;</span>
1744+
<a id="__codelineno-15-6" name="__codelineno-15-6" href="#__codelineno-15-6"></a><span class="n">max_ips</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">10</span>
1745+
<a id="__codelineno-15-7" name="__codelineno-15-7" href="#__codelineno-15-7"></a><span class="n">expires</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ld">2026-12-31T23:59:59Z</span>
1746+
<a id="__codelineno-15-8" name="__codelineno-15-8" href="#__codelineno-15-8"></a>
1747+
<a id="__codelineno-15-9" name="__codelineno-15-9" href="#__codelineno-15-9"></a><span class="k">[[secret]]</span>
1748+
<a id="__codelineno-15-10" name="__codelineno-15-10" href="#__codelineno-15-10"></a><span class="n">key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;dead01234567890abcead01234567890a&quot;</span>
1749+
<a id="__codelineno-15-11" name="__codelineno-15-11" href="#__codelineno-15-11"></a><span class="n">label</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;guest&quot;</span>
1750+
<a id="__codelineno-15-12" name="__codelineno-15-12" href="#__codelineno-15-12"></a><span class="n">limit</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">50</span>
1751+
<a id="__codelineno-15-13" name="__codelineno-15-13" href="#__codelineno-15-13"></a><span class="n">quota</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">&quot;5G&quot;</span>
1752+
<a id="__codelineno-15-14" name="__codelineno-15-14" href="#__codelineno-15-14"></a><span class="n">max_ips</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">3</span>
1753+
<a id="__codelineno-15-15" name="__codelineno-15-15" href="#__codelineno-15-15"></a><span class="n">expires</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ld">2025-06-30T00:00:00Z</span>
1754+
</code></pre></div>
15981755

15991756

16001757

0 commit comments

Comments
 (0)