FoxyFy Server โ Documentation
FoxyFy Server is configured through a JSON file. This file defines global parameters and per-host settings.
๐ Config File Location
- /etc/ffs/ffs.conf
Global Parameters
Parameter | Type | Example | Description |
|---|---|---|---|
license | string | "X123ABE4RF" | License key for FFS. |
http_port | int | 80 | Port for HTTP. |
https_port | int | 443 | Port for HTTPS (TLS). |
http3_port | int | 443 | Port for HTTPS (TLS). |
quic_safe | bool | true | Safe-mode for QUIC (enables compatibility if needed). |
php_mode | string | "unix" or "tcp" | How to connect to PHP-FPM. |
php_addr | string | "/run/php/php-fpm.sock" | PHP-FPM socket path or TCP address. |
mysql_addr | string | "/tmp/mysql.sock" | MySQL socket or TCP address. |
mysql_user | string | "root" | MySQL user for internal tasks. |
mysql_pwd | string | "root1984" | MySQL password. |
api_key | string | "ABC123XYZ789" | API key (10โ32 alphanumeric chars). Enables API. |
api_endpoint | string | "api" | Relative path (no "/") for API endpoint, e.g. /api. |
shield_enabled | bool | true | Enables bot shield feature. |
acme_enabled | bool | true | Enables built-in ACME certificate manager. |
Notes:
- If acme_enabled is true, FFS manages certs in /etc/ffs/certs/<host>/.
- If acme_enabled is false, FFS assumes external certificate management (Certbot/webroot).
- If api_key is invalid, API is disabled automatically.
๏ธ Hosts Configuration (aka virtual hosts)
Parameter | Type | Example | Description |
|---|---|---|---|
domain | string | "mydomain.com" | Domain name served by this vhost. |
path | string | "/var/www/mydomain.com" | Root directory of site. Created automatically if missing. |
https | bool | true | Enable HTTPS. Requires cert + key. |
cert | string | "/etc/ffs/certs/mydomain.com/fullchain.pem" | TLS certificate file path. |
key | string | "/etc/ffs/certs/mydomain.com/privkey.pem" | TLS private key file path. |
csp | string | "default-src 'self'" | Content-Security-Policy header. |
xfo | string | "SAMEORIGIN" | X-Frame-Options (DENY, SAMEORIGIN, or empty for allow). |
ref | string | "strict-origin-when-cross-origin" | Referrer-Policy. |
corp | string | "same-origin" | Cross-Origin-Resource-Policy. |
coop | string | "same-origin" | Cross-Origin-Opener-Policy. |
coep | string | "require-corp" | Cross-Origin-Embedder-Policy. |
Notes:
- If HTTPS is enabled but cert/key are missing, FFS rejects the config.
- On first run, FFS auto-creates index.html inside the vhost path as a success message.
Hot Reloading
- ffs.conf reloads when modified.
- TLS certificates reload automatically when updated.
Defaults & effective behavior
- Auto-creates vhost directories if missing.
- Compression: Enabled (br, gzip, zstd) โ no config needed.
- WebP conversion: Autoโdetected on boot (if cwebp is available).
- API: Enabled only if api_key is a 10โ32 char alphanumeric and api_endpoint is a relative path (no "/"). Served at /<api_endpoint>.
- Shield: When shield_enabled: true, bot shield hooks are activated.
- QUIC/HTTP3: Served on http3_port. quic_safe: true applies compatibility safeguards.
- Ensures ACME challenge folders exist if using webroot.
Example Config
{
"license": "",
"http_port": 80,
"https_port": 443,
"http3_port": 443,
"php_mode": "unix",
"php_addr": "/run/php/php-fpm-ffs.sock",
"shield_enabled": false,
"quic_safe": true,
"api_key": "myapikey1984",
"api_endpoint": "mycp",
"hosts": [
{
"domain": "mydomain.com",
"path": "/var/www/html/mydomain.com",
"https": true,
"cert": "/etc/ffs/certs/mydomain.com/fullchain.pem",
"key": "/etc/ffs/certs/mydomain.com/privkey.pem",
"csp": "default-src 'self'",
"xfo": "SAMEORIGIN",
"ref": "strict-origin-when-cross-origin",
"corp": "same-origin",
"coop": "same-origin",
"coep": "require-corp",
"corp": "cross-origin"
}
]
}