[server]
Daemon HTTP server settings — host, port, TLS, rate limits.
The [server] section controls the daemon's HTTP API and dashboard server. Only
relevant when running grith daemon.
[server]
| Key | Type | Default | Description |
|---|---|---|---|
| dashboard_dir | string | "dashboard/dist" | — |
| enabled | boolean | true | — |
| host | string | "127.0.0.1" | — |
| port | integer | 3141 | — |
[server.rate_limit]
| Key | Type | Default | Description |
|---|---|---|---|
| enabled | boolean | true | — |
| general_rps | integer | 100 | — |
| proxy_test_rps | integer | 20 | — |
| write_rps | integer | 10 | — |
TLS
By default the daemon binds to 127.0.0.1 only — there is no remote attack
surface. To expose the API beyond loopback, either configure native TLS:
[server]
host = "0.0.0.0"
[server.tls]
cert_path = "/etc/grith/cert.pem"
key_path = "/etc/grith/key.pem"
— or front the daemon with a reverse proxy that terminates TLS. The reverse-proxy path is usually simpler and more secure (centralised cert management, modern cipher suite policies, etc).
See Reverse proxy & TLS.
Rate limits
The rate limits apply per-source-IP. Defaults are conservative; tighten for shared deployments, loosen for high-traffic local use:
general_rps— most GET endpoints.write_rps— POST/PUT/DELETE on non-IPC routes.proxy_test_rps—/proxy/testspecifically. The dry-run endpoint is cheap, so the limit can be relatively generous, but it does run the full filter pipeline.
IPC endpoints (/ipc/*) are not rate-limited at this layer; they're already
loopback-restricted.
Dashboard
dashboard_dir points at the static dashboard bundle. The grith binary ships with
its dashboard at dashboard/dist. If you build a custom dashboard, point at
your bundle here.