version: 1
log: debug

servers:
  first_server:
    listen:
      - "0.0.0.0:8443"
      - "[::]:8443"
    tls: true # Enable TLS features like SNI filtering
    sni:
      api.example.org: example-api
      www.example.org: proxy
      *.example.org: wildcard-proxy   # Matches any subdomain of example.org
      *.dev.example.org: dev-proxy    # More specific: matches v2.dev.example.org, etc.
      *.local: local-upstream         # Unknown suffix - allowed (no PSL restriction)
    default: ban

  second-server:
    listen: [ "127.0.0.1:8080" ]
    default: echo

upstream:
  proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
  example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443
  wildcard-proxy: "tcp://wildcard.example.org:443"
  dev-proxy: "tcp://dev.example.org:443"
  local-upstream: "tcp://localhost:8080"