# s5p example configuration
# Copy to config/s5p.yaml and edit to taste.

listen: 127.0.0.1:1080
timeout: 10
retries: 3            # max attempts per connection (proxy_source only)
log_level: info
# max_connections: 256  # max concurrent client connections (backpressure)
# pool_size: 0          # pre-warmed TCP connections to first hop (0 = disabled)
# pool_max_idle: 30     # max idle time (seconds) for pooled connections
# api_listen: 127.0.0.1:1081  # control API (disabled by default)

# Proxy chain -- connections tunnel through each hop in order.
# Supported protocols: socks5://, socks4://, http://
#
# Example: Tor first hop, then a public proxy
chain:
  - socks5://127.0.0.1:9050          # Tor
  # - socks5://user:pass@proxy:1080  # post-Tor SOCKS5 proxy
  # - socks4://proxy:1080            # post-Tor SOCKS4/4a proxy
  # - http://user:pass@proxy:8080    # post-Tor HTTP CONNECT proxy

# Named proxy pools -- each pool has its own sources, health tests,
# and state file. Listeners reference pools by name via the "pool:" key.
#
# proxy_pools:
#   clean:                            # MITM-free proxies
#     sources:
#       - url: http://10.200.1.250:8081/proxies/all
#         mitm: false                 # filter: mitm=0 query param
#     allowed_protos: [socks5]        # only accept socks5 from sources
#     state_file: /data/pool-clean.json
#     refresh: 300
#     test_interval: 120
#     test_timeout: 8
#     max_fails: 3
#   mitm:                             # MITM-capable proxies
#     sources:
#       - url: http://10.200.1.250:8081/proxies/all
#         mitm: true                  # filter: mitm=1 query param
#     state_file: /data/pool-mitm.json
#     refresh: 300
#     test_interval: 120
#     test_timeout: 8
#     max_fails: 3

# Single proxy pool (legacy, still supported -- becomes pool "default"):
# proxy_pool:
#   sources:
#     - url: http://10.200.1.250:8081/proxies
#       proto: socks5        # optional: filter by protocol
#       country: US          # optional: filter by country
#       limit: 1000          # optional: max proxies to fetch
#       mitm: false          # optional: filter by MITM status (true/false)
#     - file: /etc/s5p/proxies.txt  # text file, one proxy URL per line
#   refresh: 300             # re-fetch sources interval (seconds)
#   test_interval: 120       # health test cycle interval (seconds)
#   test_targets:                    # TLS handshake targets (round-robin)
#     - www.google.com
#     - www.cloudflare.com
#     - www.amazon.com
#   test_timeout: 15         # per-test timeout (seconds)
#   test_concurrency: 25     # max parallel tests (auto-scales to ~10% of pool)
#   max_fails: 3             # consecutive fails before eviction
#   state_file: ""           # empty = ~/.cache/s5p/pool.json
#   report_url: ""           # POST dead proxies here (optional)

# Tor control port -- enables NEWNYM signaling (new circuit on demand).
# Requires Tor's ControlPort enabled (torrc: ControlPort 9051).
# tor:
#   control_host: 127.0.0.1
#   control_port: 9051
#   password: ""                   # HashedControlPassword in torrc
#   cookie_file: ""                # CookieAuthentication file path
#   newnym_interval: 0             # periodic NEWNYM (seconds, 0 = manual only)

# Multi-Tor round-robin -- distribute traffic across multiple Tor nodes.
# When present, the first hop in each listener's chain is replaced at
# connection time by round-robin selection from this list.
# tor_nodes:
#   - socks5://10.200.1.1:9050
#   - socks5://10.200.1.254:9050
#   - socks5://10.200.1.250:9050
#   - socks5://10.200.1.13:9050

# Multi-listener mode -- each listener gets its own address, chain,
# and optional pool assignment. The "pool" keyword in a chain appends
# a random alive proxy from the named pool (or "default" if unnamed).
# Multiple "pool" entries = multiple pool hops (deeper chaining).
#
# Per-hop pool references: use "pool:name" to draw from a specific pool
# at that hop position. Bare "pool" uses the listener's "pool:" default.
# This lets a single listener mix pools in one chain.
#
# Multi-candidate hops: use a YAML list to randomly pick from a set of
# pools at each hop. On each connection, one pool is chosen per hop.
#
# listeners:
#   - listen: 0.0.0.0:1080
#     pool: clean                        # default for bare "pool"
#     auth:                              # SOCKS5 username/password (RFC 1929)
#       alice: s3cret                    # username: password
#       bob: hunter2
#     bypass:                            # skip chain for these destinations
#       - 127.0.0.0/8                    # loopback
#       - 10.0.0.0/8                     # RFC 1918
#       - 192.168.0.0/16                 # RFC 1918
#       - 172.16.0.0/12                  # RFC 1918
#       - fc00::/7                       # IPv6 ULA
#       - localhost                      # exact hostname
#       - .local                         # domain suffix
#     chain:
#       - socks5://127.0.0.1:9050
#       - [pool:clean, pool:mitm]        # random choice per connection
#       - [pool:clean, pool:mitm]        # independent random choice
#
#   - listen: 0.0.0.0:1081
#     pool: clean
#     retries: 5                         # override global retries for this listener
#     chain:
#       - socks5://127.0.0.1:9050
#       - pool                           # bare: uses default "clean"
#       - pool
#
#   - listen: 0.0.0.0:1082
#     chain:
#       - socks5://127.0.0.1:9050       # Tor only (no pool hops)
#
#   - listen: 0.0.0.0:1083
#     pool: clean
#     chain:
#       - socks5://127.0.0.1:9050
#       - pool                           # bare "pool" = clean
#       - pool:mitm                      # explicit = mitm
#
# When using "listeners:", the top-level "listen" and "chain" keys are ignored.
# If "listeners:" is absent, the old format is used (single listener).

# Legacy proxy source (still supported, auto-converts to proxy_pool):
# proxy_source:
#   url: http://10.200.1.250:8081/proxies
#   proto: socks5
#   limit: 1000
#   refresh: 300