Server settings

This page describes the basic structure of a server .mgc configuration file, the purpose of its key sections, and the parameters of the general block.

Note

Each .mgc file usually describes one server or one service type. This makes maintenance, troubleshooting, and moving configurations between environments much easier.

---

General configuration structure

The configuration is split into logical blocks:

• general — global server parameters (address, port, mode, cryptography)
• app — application-level server behavior settings
• web — web service parameters
• net — network service parameters

general

Core listening parameters, operating mode, and cryptographic settings.

app

Application behavior and parameters that depend on the server type.

web

Web routing, reverse proxy, and related service settings.

net

Network service settings and low-level traffic processing.

How to read the configuration

The general block defines the server’s network and cryptographic parameters.
The app block defines application behavior, such as web, net, and other service-specific variants.

Tip

It is best to start reading a file from general: this immediately shows where the server listens and which mode it operates in.

---

The general block

The general block contains parameters that define the basic behavior of a server instance: listening address, port, transport mode, and TLS parameters.

Example

general: [
    address: "127.0.0.1"
    port: 443
    mode: "https"
    php_fpm_address: "127.0.0.1:9000"
    crypto_provider: "awslcrs"
    protocol_version: ["tls12", "tls13"]
]

Typical usage scenarios

• HTTPS reverse proxy — mode: "https" + crypto_provider
• TCP proxy — mode: "tcp"
• UDP service (DNS, VoIP, etc.) — mode: "udp"
• Local development server — address: "127.0.0.1" + a non-standard port

HTTPS reverse proxy

Use mode: "https" and specify crypto_provider and protocol_version to control TLS behavior.

Local development

For local startup, it is convenient to use 127.0.0.1 and a separate port such as 4433.

general block fields

Field	Type	Description	Example
address	string	IP address for listening for incoming connections	127.0.0.1
port	number	Server port	443, 4433
mode	string	Server operating mode (http, https, tcp, udp)	“https”
php_fpm_address	string	PHP-FPM address for handling PHP requests	127.0.0.1:9000
crypto_provider	string	TLS cryptographic backend implementation	”awslcrs”
protocol_version	string[]	List of allowed TLS versions	[“tls12”, “tls13”]

mode field values

http

Plain HTTP without TLS encryption.

Suitable for:

• internal networks
• local development
• operation behind an external TLS terminator

https

HTTP over TLS.

Requires configuration of:

• crypto_provider
• protocol_version (recommended)

tcp

Direct raw TCP mode without an HTTP layer.

Suitable for:

• TCP proxy
• non-standard binary protocols

udp

Direct raw UDP mode.

Suitable for:

• DNS
• VoIP
• telemetry and other UDP services

crypto_provider field values

• awslcrs — AWS crypto library (based on BoringSSL/OpenSSL)
• ring — rustls-based backend
• magma — GOST cryptosystem
• grasshopper — GOST R 34.12-2015
• openssl — OpenSSL

Caution

Some providers and protocol combinations may require compatibility checks against your environment, certificates, and security policies. Test compatibility before deploying to production.

protocol_version field values

Supported values, for example:

• tls12
• tls13

Recommended set for modern configurations:

protocol_version: ["tls12", "tls13"]

Tip

If compatibility with older clients is not required, start with the minimum set of protocols you need and expand only when necessary.

---

Recommended order for filling out general

1. Set address and port.
2. Choose mode according to the service type.
3. For https, set crypto_provider.
4. Configure protocol_version.
5. Add php_fpm_address if needed for PHP scenarios.

Minimal example for local HTTPS development

general: [
    address: "127.0.0.1"
    port: 4433
    mode: "https"
    crypto_provider: "openssl"
    protocol_version: ["tls12", "tls13"]
]