82 configurations you can copy and run. Each one demonstrates a real use case.
Showing 82 examples
Minimal single-listener, single-cluster proxy
Route by URL path prefix to separate clusters
Route by Host header; one listener, multiple domains
Weighted traffic split for canary deployments
Per-cluster circuit breaker with closed/open/half-open states
Default strategy: even distribution across backends
Proportional traffic split via per-endpoint weights
Route to backend with fewest in-flight requests
consistent_hash to pin a user to one backend
Active HTTP and TCP health check probes per cluster
504 when upstream exceeds a latency SLA
Token bucket rate limiter with per-IP and global modes
Fixed response without upstream
3xx redirects with path/query template substitution
Resolve hostname upstream endpoints such as localhost:9000
Route LLM requests by model field in JSON body
Route JSON-RPC 2.0 requests by method for MCP and A2A protocols
Route MCP requests by body-derived method and tool name
Stream-buffered body inspection before forwarding
Gzip, brotli, and zstd response compression
Extract multiple JSON fields into headers in one pass
Apply json_body_field only on matching request paths
Extract tenant_id from body for header-based routing
Global body size ceiling with json_body_field extraction
Three listeners with different body processing strategies
CSRF protection via origin validation
X-Forwarded-For/Proto/Host with trusted proxies
Reject requests matching header or body string/regex rules
Allow or deny by source IP/CIDR
Protect against slow client attacks with read timeouts
CORS preflight handling with origin validation
Access log with sampling
request_id + access_log: correlation IDs and structured logs
Structured JSON TCP connection logging
Add, overwrite, and remove request/response headers
Strip prefix, add prefix, or regex replace on request paths
Regex path transformation and query string manipulation
L4 bidirectional TCP forwarding
TCP proxy with idle and max duration timeouts
TCP load balancing with consistent-hash client IP affinity
TCP load balancing via least-connections strategy
TCP round-robin load balancing across replicas
HTTP + TCP listeners on one server
HTTPS listener; plain HTTP to backends
Restrict accepted TLS cipher suites per listener
Route TLS connections by SNI hostname without termination
TCP proxy with mutual TLS
TCP proxy with TLS termination
TLS termination with re-encryption to upstream
mTLS on both listener and upstream
mTLS on listener (require client cert)
mTLS on listener (request client cert)
mTLS to upstream (client cert)
SNI-based multi-certificate selection
Upstream TLS with verification disabled
Minimum TLS version constraint
Global upstream CA file reference
Plain HTTP listener; TLS to upstream with SNI
Transparent WebSocket upgrade proxying over HTTP
Built-in default config (static JSON on /)
Multiple named chains composed per listener
when/unless conditions on request and response phase
All branch chain scenarios in one config (six patterns)
Failure mode behavior (open continues, closed rejects on error)
Inject per-cluster API credentials and strip client tokens
Route by model field in JSON body via X-Model header
Inject system messages into chat completion requests
Always-fire branch for injecting side-effect chains
Short-circuit the pipeline with a static response on result match
Skip filters by jumping to a named rejoin point on result match
Multiple branches on one filter with first-match-wins evaluation
Reference a top-level chain by name instead of inline definition
Multi-level decision tree with branches inside branches
Loop back to a named filter with max_iterations cap
Branch across concatenated chains via flat pipeline name index
Full production setup with composed chains
Multiple listeners sharing a filter chain
Dynamic config reload without restart
Admin interface with health endpoints
Default containerized deployment with public binding
Per-listener connection limit with 503 rejection
Per-module log level tuning via runtime config