Listeners
A listener binds to a network address and accepts incoming connections.
[[listeners]]
name = "http"
address = "0.0.0.0:8080"
filter_chain = []
Fields
| Field | Type | Required | Description |
|---|---|---|---|
name | string | yes | Unique name for logging and metrics |
address | string | yes | Bind address in host:port format |
filter_chain | array | yes | List of filter names (currently unused, reserved) |
tls | table | no | TLS configuration (see TLS) |
Multiple Listeners
You can define multiple listeners for different purposes:
[[listeners]]
name = "http"
address = "0.0.0.0:8080"
filter_chain = []
[[listeners]]
name = "https"
address = "0.0.0.0:8443"
filter_chain = []
[listeners.tls]
cert_path = "/etc/meridian/cert.pem"
key_path = "/etc/meridian/key.pem"
Each listener runs its own accept loop on a dedicated Tokio task. Connections from each listener are dispatched to the shared worker pool.
Security
Every listener enforces:
- 60-second header read timeout — defense against Slowloris attacks
- 256 max connections per source IP — prevents connection exhaustion
- 64KB max header size — rejects oversized headers
- Path normalization — collapses
//, resolves..before routing