Configuration examples organized by category.
cargo run -p praxis -- -c examples/configs/traffic-management/basic-reverse-proxy.yaml
curl http://localhost:8080/Configs use local ports (3000, 3001, ...) for
upstreams. For quick experiments without a real backend,
use static_response (see
static-response.yaml)
or run Praxis with no config file for a built-in welcome
page.
| File | Description |
|---|---|
| basic-reverse-proxy.yaml | Minimal single-listener, single-cluster proxy |
| path-based-routing.yaml | Route by URL path prefix to separate clusters |
| hosts.yaml | Route by Host header; one listener, multiple domains |
| canary-routing.yaml | Weighted traffic split for canary deployments |
| circuit-breaker.yaml | Per-cluster circuit breaker with closed/open/half-open states |
| round-robin.yaml | Default strategy: even distribution across backends |
| weighted-load-balancing.yaml | Proportional traffic split via per-endpoint weights |
| least-connections.yaml | Route to backend with fewest in-flight requests |
| p2c.yaml | Power-of-two-choices: O(1) load-aware selection |
| session-affinity.yaml | consistent_hash to pin a user to one backend |
| health-checks.yaml | Active HTTP and TCP health check probes per cluster |
| timeout.yaml | 504 when upstream exceeds a latency SLA |
| rate-limiting.yaml | Token bucket rate limiter with per-IP and global modes |
| static-response.yaml | Fixed response without upstream |
| redirect.yaml | 3xx redirects with path/query template substitution |
| hostname-upstream.yaml | Resolve hostname upstream endpoints such as localhost:9000 |
| grpc-detection.yaml | Detect gRPC content-type and branch-route by variant |
| File | Description |
|---|---|
| mcp-static-catalog.yaml | MCP static catalog and broker; tools/call routing in a follow-up PR |
| stream-buffer.yaml | Stream-buffered body inspection before forwarding |
| compression.yaml | Gzip, brotli, and zstd response compression |
| multi-field-extraction.yaml | Extract multiple JSON fields into headers in one pass |
| conditional-field-extraction.yaml | Apply json_body_field only on matching request paths |
| field-extraction-access-control.yaml | Extract tenant_id from body for header-based routing |
| body-size-limit-with-extraction.yaml | Global body size ceiling with json_body_field extraction |
| multi-listener-body-pipeline.yaml | Three listeners with different body processing strategies |
| File | Description |
|---|---|
| csrf.yaml | CSRF protection via origin validation |
| forwarded-headers.yaml | X-Forwarded-For/Proto/Host with trusted proxies |
| guardrails.yaml | Reject requests matching header or body string/regex rules |
| ip-acl.yaml | Allow or deny by source IP/CIDR |
| downstream-read-timeout.yaml | Protect against slow client attacks with read timeouts |
| cors.yaml | CORS preflight handling with origin validation |
| File | Description |
|---|---|
| access-logging.yaml | Access log with sampling |
| logging.yaml | request_id + access_log: correlation IDs and structured logs |
| tcp-access-log.yaml | Structured JSON TCP connection logging |
| File | Description |
|---|---|
| header-manipulation.yaml | Add, overwrite, and remove request/response headers |
| path-rewriting.yaml | Strip prefix, add prefix, or regex replace on request paths |
| url-rewriting.yaml | Regex path transformation and query string manipulation |
| File | Description |
|---|---|
| tcp-proxy.yaml | L4 bidirectional TCP forwarding |
| tcp-timeouts.yaml | TCP proxy with idle and max duration timeouts |
| tcp-consistent-hash.yaml | TCP load balancing with consistent-hash client IP affinity |
| tcp-least-connections.yaml | TCP load balancing via least-connections strategy |
| tcp-round-robin.yaml | TCP round-robin load balancing across replicas |
| mixed-protocol.yaml | HTTP + TCP listeners on one server |
| tls-termination.yaml | HTTPS listener; plain HTTP to backends |
| tls-cipher-suites.yaml | Restrict accepted TLS cipher suites per listener |
| tls-sni-routing.yaml | Route TLS connections by SNI hostname without termination |
| tcp-tls-mtls.yaml | TCP proxy with mutual TLS |
| tcp-tls-termination.yaml | TCP proxy with TLS termination |
| tls-http-reencrypt.yaml | TLS termination with re-encryption to upstream |
| tls-mtls-both.yaml | mTLS on both listener and upstream |
| tls-mtls-listener.yaml | mTLS on listener (require client cert) |
| tls-mtls-listener-request.yaml | mTLS on listener (request client cert) |
| tls-mtls-upstream.yaml | mTLS to upstream (client cert) |
| tls-multi-cert.yaml | SNI-based multi-certificate selection |
| tls-verify-disabled.yaml | Upstream TLS with verification disabled |
| tls-version-constraint.yaml | Minimum TLS version constraint |
| upstream-ca-file.yaml | Global upstream CA file reference |
| upstream-tls.yaml | Plain HTTP listener; TLS to upstream with SNI |
| websocket.yaml | Transparent WebSocket upgrade proxying over HTTP |
| File | Description |
|---|---|
| default.yaml | Built-in default config (static JSON on /) |
| composed-chains.yaml | Multiple named chains composed per listener |
| conditional-filters.yaml | when/unless conditions on request and response phase |
| branch-chains.yaml | All branch chain scenarios in one config (six patterns) |
| failure-mode.yaml | Failure mode behavior (open continues, closed rejects on error) |
| File | Description |
|---|---|
| a2a-classifier-routing.yaml | Route A2A requests by method, family, task ID, and streaming detection |
| a2a-task-routing.yaml | Local A2A task ownership routing from JSON responses |
| ai-inference-body-based-routing.yaml | Route LLM requests by model field in JSON body |
| credential-injection.yaml | Inject per-cluster API credentials and strip client tokens |
| json-rpc-routing.yaml | Route JSON-RPC 2.0 requests by method for MCP and A2A protocols |
| mcp-classifier-routing.yaml | Route MCP requests by body-derived method and tool name |
| model-to-header-routing.yaml | Route by model field in JSON body via X-Model header |
| prompt-enrichment.yaml | Inject system messages into chat completion requests |
| full-flow.yaml | Full Responses API gateway flow |
| format-routing.yaml | Route by AI API format (Responses vs Chat Completions) |
| responses-routing.yaml | Route Responses API by mode (stateless vs stateful) |
| request-validate.yaml | Validate Responses API requests and reject invalid parameter combinations |
| response-store.yaml | Persist non-streaming Responses API responses to SQLite |
| File | Description |
|---|---|
| unconditional-branch.yaml | Always-fire branch for injecting side-effect chains |
| conditional-terminal.yaml | Short-circuit the pipeline with a static response on result match |
| conditional-skip-to.yaml | Skip filters by jumping to a named rejoin point on result match |
| multiple-branches.yaml | Multiple branches on one filter with first-match-wins evaluation |
| named-chain-ref.yaml | Reference a top-level chain by name instead of inline definition |
| nested-branches.yaml | Multi-level decision tree with branches inside branches |
| reentrance.yaml | Loop back to a named filter with max_iterations cap |
| cross-chain-flat.yaml | Branch across concatenated chains via flat pipeline name index |
| File | Description |
|---|---|
| production-gateway.yaml | Full production setup with composed chains |
| multi-listener.yaml | Multiple listeners sharing a filter chain |
| hot-reload.yaml | Dynamic config reload without restart |
| admin-interface.yaml | Admin interface with health endpoints |
| container-default.yaml | Default containerized deployment with public binding |
| max-connections.yaml | Per-listener connection limit with 503 rejection |
| log-overrides.yaml | Per-module log level tuning via runtime config |