Configuration Overview

Gordon uses a single TOML configuration file located at ~/.config/gordon/gordon.toml.

Configuration File Location

Location	Purpose
`~/.config/gordon/gordon.toml`	Default configuration file
Custom path via `--config` flag	`gordon serve --config /path/to/config.toml`

Minimal Configuration

[server]
port = 8080
registry_port = 5000
gordon_domain = "gordon.mydomain.com"

[routes]
"app.mydomain.com" = "myapp:latest"

Full Configuration Reference

For a complete list of all configuration options with their default values, see the Configuration Reference.

Note: This example shows production-style paths. Default paths use ~/.gordon/ for user installations.

# Server settings
[server]
port = 8080                              # HTTP proxy port (default: 80)
registry_port = 5000                     # Registry port (default: 5000)
gordon_domain = "gordon.mydomain.com"    # Required: Gordon domain (registry + API)
# data_dir = "~/.gordon"                 # Default for user installations

# Authentication (includes secrets backend)
[auth]
enabled = true                           # Enable registry authentication (default: true)
secrets_backend = "pass"                 # "pass", "sops", or "unsafe"
token_secret = "gordon/auth/token_secret"  # Required: JWT signing secret
token_expiry = "30d"                     # Duration (1y, 30d, 2w) or 0 for never
# Token-only authentication (password login was removed in v2.30.0)

# API rate limiting
[api.rate_limit]
enabled = true                           # Enable rate limiting (default: true)
global_rps = 500                         # Max requests/second globally
per_ip_rps = 50                          # Max requests/second per IP
burst = 100                              # Burst size
trusted_proxies = []                     # IPs/CIDRs trusted for X-Forwarded-For

# Deploy behavior
[deploy]
pull_policy = "if-tag-changed"           # always, if-not-present, if-tag-changed
readiness_mode = "auto"                  # auto, docker-health, delay
health_timeout = "90s"                   # Max wait for health-based readiness
readiness_delay = "5s"                   # Wait after running before ready
drain_mode = "auto"                      # auto, inflight, delay
drain_timeout = "30s"                    # Max wait for in-flight drain
drain_delay = "2s"                       # Wait after proxy invalidation before stopping the old container

# Logging
[logging]
level = "info"                           # trace, debug, info, warn, error
format = "console"                       # console or json

[logging.file]
enabled = true
path = "~/.gordon/logs/gordon.log"       # Default location
max_size = 100                           # MB before rotation
max_backups = 3                          # Old files to keep
max_age = 28                             # Days to keep

[logging.container_logs]
enabled = true
dir = "~/.gordon/logs/containers"        # Default location
max_size = 100
max_backups = 3
max_age = 28

# Telemetry (OpenTelemetry)
[telemetry]
enabled = true                           # Enable OTLP export (default: false)
endpoint = "http://localhost:5080/api/default"  # OTLP HTTP endpoint
auth_token = ""                          # Base64 user:password for Basic auth
traces = true                            # Export traces
metrics = true                           # Export metrics
logs = true                              # Bridge zerolog to OTLP logs
trace_sample_rate = 1.0                  # 0.0 = none, 1.0 = all

# Environment variables
[env]
dir = "~/.gordon/env"                    # Default location

# Volume settings
[volumes]
auto_create = true                       # Auto-create from Dockerfile VOLUME
prefix = "gordon"                        # Volume name prefix
preserve = true                          # Keep volumes on container removal

# Network isolation
[network_isolation]
enabled = true                           # Per-app isolated networks
network_prefix = "gordon"                # Network name prefix

# Auto-route
[auto_route]
enabled = false                          # Auto-create routes from image names

# Routes (required)
[routes]
"app.mydomain.com" = "myapp:latest"
"api.mydomain.com" = "myapi:v2.1.0"

# Network groups
[network_groups]
"backend" = ["app.mydomain.com", "api.mydomain.com"]

# Attachments
[attachments]
"app.mydomain.com" = ["postgres:latest", "redis:latest"]
"backend" = ["rabbitmq:latest"]

# Backups
[backups]
enabled = true
schedule = "daily"                        # "hourly", "daily", "weekly", "monthly"
storage_dir = "~/.gordon/backups"

[backups.retention]
hourly = 24
daily = 7
weekly = 4
monthly = 12

# Images
[images.prune]
enabled = false
schedule = "daily"
keep_last = 3

Configuration Sections

Section	Description	Documentation
`[server]`	Core server settings	Server
`[auth]`	Authentication and secrets backend	Auth
`[api.rate_limit]`	Rate limiting configuration	Rate Limiting
`[deploy]`	Deployment behavior	Deploy
`[logging]`	Logging configuration	Logging
`[telemetry]`	OpenTelemetry observability export	Telemetry
`[env]`	Environment variable settings	Environment
`[volumes]`	Volume management	Volumes
`[network_isolation]`	Network isolation settings	Network Isolation
`[auto_route]`	Automatic route creation	Auto Route
`[routes]`	Domain to image mapping	Routes
`[external_routes]`	Non-containerized service proxying	External Routes
`[network_groups]`	Shared service networks	Network Groups
`[attachments]`	Service dependencies	Attachments
`[backups]`	Database backups	Backups
`[images.prune]`	Scheduled image cleanup	Images

Default Values

Setting	Default
`server.port`	`80`
`server.registry_port`	`5000`
`server.data_dir`	`~/.gordon`
`auth.enabled`	`true`
`auth.secrets_backend`	`"unsafe"`
`auth.token_expiry`	`"30d"`
`api.rate_limit.enabled`	`true`
`api.rate_limit.global_rps`	`500`
`api.rate_limit.per_ip_rps`	`50`
`api.rate_limit.burst`	`100`
`api.rate_limit.trusted_proxies`	`[]`
`deploy.pull_policy`	`"if-tag-changed"`
`deploy.readiness_mode`	`"auto"`
`deploy.health_timeout`	`"90s"`
`deploy.readiness_delay`	`"5s"`
`deploy.drain_mode`	`"auto"`
`deploy.drain_timeout`	`"30s"`
`deploy.drain_delay`	`"2s"`
`logging.level`	`"info"`
`logging.format`	`"console"`
`logging.file.enabled`	`false`
`logging.file.max_size`	`100`
`logging.file.max_backups`	`3`
`logging.file.max_age`	`28`
`logging.container_logs.enabled`	`true`
`volumes.auto_create`	`true`
`volumes.prefix`	`"gordon"`
`volumes.preserve`	`true`
`network_isolation.enabled`	`true`
`auto_route.enabled`	`false`
`backups.enabled`	`false`
`backups.schedule`	`"daily"` (`"hourly"`, `"daily"`, `"weekly"`, `"monthly"`)
`images.prune.enabled`	`false`
`images.prune.schedule`	`"daily"`
`images.prune.keep_last`	`3`
`telemetry.enabled`	`false`
`telemetry.endpoint`	`""`
`telemetry.auth_token`	`""`
`telemetry.traces`	`true`
`telemetry.metrics`	`true`
`telemetry.logs`	`true`
`telemetry.trace_sample_rate`	`1.0`

When auth.enabled=false, Gordon runs in local-only mode: /admin/* is disabled and /v2/* is loopback-only.

Hot Reload

Gordon watches the configuration file and reloads automatically when changes are detected. You can also trigger a manual reload:

gordon reload

The following settings require a restart to take effect:

server.port
server.registry_port
server.data_dir
auth settings
deploy.pull_policy
deploy.readiness_mode
deploy.health_timeout
deploy.readiness_delay
deploy.drain_mode
deploy.drain_timeout
deploy.drain_delay

Environment Variable Override

Configuration values can be overridden with environment variables:

GORDON_SERVER_PORT=8080 gordon serve
GORDON_LOGGING_LEVEL=debug gordon serve

Pattern: GORDON_SECTION_KEY (uppercase, underscores instead of dots)