Configuration
RelayCore reads configuration from ~/.relay-core/config.toml (or via --config flag).
Full Configuration Reference
[proxy]
# Listen address and port
port = 8080
bind_address = "0.0.0.0"
# Optional upstream proxy
upstream_proxy = "http://parent-proxy:8080"
# Transparent proxy (requires root)
transparent = false
# MITM
mitm_enabled = true
mitm_ca_path = "~/.relay-core/ca.crt"
mitm_ca_key_path = "~/.relay-core/ca.key"
[storage]
# SQLite database path
sqlite_path = "~/.relay-core/flows.db"
# Max flows to keep in memory
max_flows = 10000
# Flow TTL in hours
flow_ttl_hours = 24
# Enable audit logging
audit_enabled = true
audit_path = "~/.relay-core/audit.db"
[logging]
# Log level: debug, info, warn, error
level = "info"
# Log to file
log_file = "~/.relay-core/relay-core.log"
# Enable access log
access_log = true
[mcp]
# Enable MCP server
enabled = true
# MCP listen port
port = 25519
# Allowed tools (empty = all)
allowed_tools = []
[scripting]
# Enable Deno scripting
enabled = true
# Deno cache directory
deno_dir = "~/.relay-core/deno"
# Auto-reload scripts on change
auto_reload = true
[tls]
# Skip TLS verification (for debugging)
insecure_skip_verify = false
# Cert cache size
cert_cache_size = 100
# TLS versions
min_tls_version = "1.2"
max_tls_version = "1.3"
[limits]
# Max request body size (bytes)
max_request_body = 10485760 # 10MB
# Max response body size (bytes)
max_response_body = 10485760 # 10MB
# Connection timeout (ms)
connect_timeout = 30000
# Read timeout (ms)
read_timeout = 60000
[ui]
# Enable built-in web UI
enabled = true
# UI bind address
ui_host = "127.0.0.1"
# UI port
ui_port = 8080Environment Variables
Environment variables take precedence over config file:
RELAY_CORE_CONFIG # Config file path
RELAY_CORE_PORT # proxy.port
RELAY_CORE_BIND # proxy.bind_address
RELAY_CORE_LOG_LEVEL # logging.level
RELAY_CORE_DATA_DIR # Data directory (~/.relay-core)
RELAY_CORE_MCP_PORT # mcp.portCLI Overrides
CLI flags override both env vars and config:
relay-core-cli run --port 9090 --log-level debugProduction Considerations
- Set
bind_address = "127.0.0.1"for local-only access - Use a reverse proxy (nginx) for TLS termination
- Enable log rotation for
log_file - Monitor
max_flowsbased on available memory