pkg-proxy/config.example.yaml

# Proxy server configuration
# Copy to config.yaml and modify as needed

# Server listen address
listen: ":8080"

# Public URL where this proxy is accessible
# Used for rewriting package metadata URLs
base_url: "http://localhost:8080"

# Artifact storage configuration
storage:
  # Storage backend URL
  # Supported schemes:
  #   - file:///path/to/dir - Local filesystem (default)
  #   - s3://bucket-name - Amazon S3
  #   - s3://bucket?endpoint=http://localhost:9000 - S3-compatible (MinIO)
  #
  # For S3, configure credentials via environment variables:
  #   AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION
  url: ""

  # Local filesystem path (used when url is empty)
  # Deprecated: Use url with file:// scheme instead
  path: "./cache/artifacts"

  # Maximum cache size (e.g., "10GB", "500MB")
  # When exceeded, least recently used artifacts are evicted
  # Empty or "0" means unlimited
  max_size: ""

  # Redirect cached artifact downloads to presigned storage URLs (HTTP 302)
  # instead of streaming through the proxy. Only effective for S3 and Azure.
  # Leave disabled if clients reach the proxy through an authenticating gateway,
  # since presigned URLs bypass it.
  direct_serve: false

  # How long presigned URLs remain valid (e.g. "5m", "1h"). Default: "15m".
  direct_serve_ttl: "15m"

  # Public base URL to substitute into presigned URLs. Set this when the
  # proxy reaches storage at an internal address (127.0.0.1, a Docker
  # service name) but clients must use a public hostname. Only scheme and
  # host are used; the signed path and query are preserved. For S3/MinIO
  # the reverse proxy at this address must forward requests with the
  # internal Host header or the SigV4 signature will not validate.
  # direct_serve_base_url: "https://minio.example.com"

# Database configuration
database:
  # Database driver: "sqlite" (default) or "postgres"
  driver: "sqlite"

  # SQLite database file path (used when driver is "sqlite")
  path: "./cache/proxy.db"

  # PostgreSQL connection URL (used when driver is "postgres")
  # Example: "postgres://user:password@localhost:5432/proxy?sslmode=disable"
  url: ""

# Logging configuration
log:
  # Minimum log level: "debug", "info", "warn", "error"
  level: "info"

  # Log format: "text" or "json"
  format: "text"

# Ecosystem support - routes and upstream repositories
#
# This section is optional, since 'include_default' in each section
# defaults to 'true' and the route map will be populated with all of
# the default routes if no configuration is provided.
ecosystem:
  cargo:
    include_default: true
    # the default route for crates.io
    # route:
    #   - path: /cargo
    #     upstream:
    #       - name: crates.io
    #         index: https://index.crates.io
    #         crates: https://static.crates.io/crates
  composer:
    include_default: true
    # the default route for packagist.org
    # route:
    #   - path: /composer
    #     upstream:
    #       - name: packagist.org
    #         upstream: https://packagist.org
    #         repository: https://repo.packagist.org
  conan:
    include_default: true
    # the default route for conan.io
    # route:
    #   - path: /conan
    #     upstream:
    #       - name: conan.io
    #         upstream: https://center.conan.io
  conda:
    include_default: true
    # the default route for anaconda.org
    # route:
    #   - path: /conda
    #     upstream:
    #       - name: anaconda.org
    #         upstream: https://conda.anaconda.org
  cran:
    include_default: true
    # the default route for r-project.org
    # route:
    #   - path: /cran
    #     upstream:
    #       - name: r-project.org
    #         upstream: https://cloud.r-project.org
  debian:
    include_default: true
    # the default route for debian.org
    # route:
    #   - path: /debian
    #     upstream:
    #       - name: debian.org
    #         upstream: http://deb.debian.org/debian
  gem:
    include_default: true
    # the default route for rubygems.org
    # route:
    #   - path: /gem
    #     upstream:
    #       - name: rubygems.org
    #         upstream: https://rubygems.org
  go:
    include_default: true
    # the default route for golang.org
    # route:
    #   - path: /go
    #     upstream:
    #       - name: golang.org
    #         upstream: https://proxy.golang.org
  hex:
    include_default: true
    # the default route for hex.pm
    # route:
    #   - path: /hex
    #     upstream:
    #       - name: hex.pm
    #         upstream: https://repo.hex.pm
  maven:
    include_default: true
    # the default route for maven.org
    # route:
    #   - path: /maven
    #     upstream:
    #       - name: maven.org
    #         upstream: https://repo1.maven.org/maven2
  npm:
    include_default: true
    # the default route for npmjs.org
    # route:
    #   - path: /npm
    #     upstream:
    #       - name: npmjs.org
    #         upstream: https://registry.npmjs.org
  nuget:
    include_default: true
    # the default route for nuget.org
    # route:
    #   - path: /nuget
    #     upstream:
    #       - name: nuget.org
    #         upstream: https://api.nuget.org
  oci:
    include_default: true
    # the default route for docker.io
    # route:
    #   - path: /v2
    #     upstream:
    #       - name: docker.io
    #         registry: https://registry-1.docker.io
    #         auth: https://auth.docker.io
  pub:
    include_default: true
    # the default route for pub.dev
    # route:
    #   - path: /pub
    #     upstream:
    #       - name: pub.dev
    #         upstream: https://pub.dev
  pypi:
    include_default: true
    # the default route for pypi.org
    # route:
    #   - path: /pypi
    #     upstream:
    #       - name: pypi.org
    #         index: https://pypi.org
    #         files_host: files.pythonhosted.org
  rpm:
    include_default: true
    # the default route for fedoraproject.org
    # route:
    #   - path: /rpm
    #     upstream:
    #       - name: fedoraproject.org
    #         upstream: https://dl.fedoraproject.org/pub/fedora/linux

# Upstream registry URLs and authentication
upstream:
  # npm registry URL
  npm: "https://registry.npmjs.org"

  # Cargo sparse index URL
  cargo: "https://index.crates.io"

  # Cargo crate download URL
  cargo_download: "https://static.crates.io/crates"

  # Authentication for upstream registries
  # Keys are URL prefixes matched against request URLs.
  # Values can reference environment variables using ${VAR_NAME} syntax.
  #
  # Supported auth types:
  #   - bearer: Authorization header with Bearer token
  #   - basic: Authorization header with Basic auth (username:password)
  #   - header: Custom header name and value
  auth:
    # Example: npm with bearer token
    # "https://registry.npmjs.org":
    #   type: bearer
    #   token: "${NPM_TOKEN}"

    # Example: GitHub npm registry
    # "https://npm.pkg.github.com":
    #   type: bearer
    #   token: "${GITHUB_TOKEN}"

    # Example: PyPI with basic auth
    # "https://pypi.org":
    #   type: basic
    #   username: "__token__"
    #   password: "${PYPI_TOKEN}"

    # Example: Custom header for private registry
    # "https://maven.mycompany.com":
    #   type: header
    #   header_name: "X-Auth-Token"
    #   header_value: "${MAVEN_TOKEN}"

# Version cooldown configuration
# Hides package versions published too recently, giving the community time
# to spot malicious releases before they're pulled into projects.
# Supported durations: "7d" (days), "48h" (hours), "30m" (minutes), "0" (disabled)
cooldown:
  # Global default cooldown for all ecosystems
  # default: "3d"

  # Per-ecosystem overrides
  # ecosystems:
  #   npm: "7d"
  #   cargo: "0"

  # Per-package overrides (keyed by PURL)
  # packages:
  #   "pkg:npm/lodash": "0"
  #   "pkg:npm/@babel/core": "14d"