server:
  name: My Outline Server
  hostname: example.com

api:
  listen_addr: ":8081"
  secret: ""
  cert_file: ""

metrics:
  listen_addr: "127.0.0.1:8081"
  node_exporter_collectors:
    - cpu
    - meminfo
    - loadavg
    - uname
    - filesystem
    - diskstats
    - netdev

shadowsocks:
  enabled: true # set to false to disable Shadowsocks
  default_port: 0 # 0 = pick random unused port on first start
  # Supported: chacha20-ietf-poly1305, aes-256-gcm, aes-192-gcm, aes-128-gcm
  default_cipher: chacha20-ietf-poly1305
  nat_timeout: 5m
  replay_history: 10000
  # GeoIP databases: URL or local path. Defaults to GeoLite2 from github.com/P3TERX/GeoLite.mmdb.
  # Set to "none" to disable. URLs are downloaded and cached automatically.
  ip_country_db: "" # default: https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb
  ip_asn_db: ""     # default: https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-ASN.mmdb
  ip_db_cache_dir: "" # default: /var/lib/shroud/mmdb
  ip_db_auto_update: true # auto-update MMDB files daily from URLs

amneziawg:
  enabled: true
  listen_port: 443 # shared UDP port for AWG + HTTP/3
  tun_name: awg0
  address: "10.14.0.0/24" # server gets .1, peers get .2+
  mtu: 1420
  private_key: "" # auto-generated if empty
  dns: "1.1.1.1, 8.8.8.8"
  hostname: "" # AWG endpoint hostname; falls back to server.hostname when mux is enabled
  mux_enabled: true # null = auto (on when domain is set), true/false = force
  domain: "" # defaults to server.hostname; HTTP/3 cover disabled if empty
  # Obfuscation parameters (must match client config)
  jc: 4
  jmin: 64
  jmax: 256
  s1: 32
  s2: 28
  s3: 20
  s4: 25
  h1: "50000-100000"
  h2: "150000-200000"
  h3: "250000-300000"
  h4: "350000-400000"

vless:
  enabled: false
  listen_addr: ":443"        # REALITY listener address
  server_names:              # SNIs accepted by REALITY handshake
    - www.microsoft.com
  dest: "www.microsoft.com:443"  # decoy forward target for unauthenticated probes
  show: false                # debug REALITY handshakes

# ACME (Let's Encrypt) certificate settings.
# Used by AmneziaWG HTTP/3 cover server for DPI resistance.
acme:
  cert_cache: /var/lib/shroud/certs
  http_port: 80 # port for ACME HTTP-01 challenges

state_file: state.yaml