# remove all comments
# make sure cert is issued both for the FQDN and the wildcard of that FQDN
http:
  pprof:
    port: 6060
    enabled: false
  address: 0.0.0.0:24248 # port for HTTP UI - use a port not used by anything else. For docker, leave 0.0.0.0 as-is
  session_ttl: 720h

tls:
  enabled: true
  server_name: "yourdomain.name" # TLS cert MUST have this as the CN or SAN
  force_https: false
  port_https: 0 # tell AGH not to serve the UI over HTTPS
  port_dns_over_tls: 853 # tell AGH to serve a DoT endpoint
  port_dns_over_quic: 0
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: true # because NPM will proxy HTTPS to HTTP
  certificate_chain: ""
  private_key: ""
  certificate_path: "/path/to/cert" # for DoT only
  private_key_path: "/path/to/key" # for DoT only
  strict_sni_check: false