Skip to main content
Mole inspecting configuration

Configuration Reference

Control every aspect of your agent through a single YAML file. Start with the minimal config and add sections as you need them.

Quick Reference

I want to...Section
Set agent name and loggingAgent
Accept incoming connectionsListeners
Connect to other agentsPeers
Create a SOCKS5 proxySOCKS5
Route traffic to destinationsExit
Set up port forwardingForward
Enable UDP relayUDP
Enable ICMP pingICMP
Enable remote shellShell
Enable file transferFile Transfer
Configure HTTP APIHTTP
Tune route propagationRouting
Encrypt mesh topologyManagement
Set up TLS certificatesTLS Certificates
Use secrets from environmentEnvironment Variables

Configuration File

Muti Metroo uses YAML configuration files. The default location is ./config.yaml, but you can specify a different path:

muti-metroo run -c /path/to/config.yaml

Minimal Configuration

The simplest working configuration:

agent:
  data_dir: "./data"

listeners:
  - transport: quic
    address: ":4433"

socks5:
  enabled: true
  address: "127.0.0.1:1080"

exit:
  enabled: true
  routes:
    - "0.0.0.0/0"

http:
  enabled: true
  address: ":8080"

TLS certificates are auto-generated at startup. See TLS Certificates for custom certificate setup.

Full Example

See configs/example.yaml for a fully commented configuration file with all options.

Configuration Sections

Core

SectionPurposeDocumentation
agentAgent identity, loggingAgent
tlsGlobal TLS settingsTLS Certificates
listenersAccept peer connectionsListeners
peersConnect to other agentsPeers

Ingress

SectionPurposeDocumentation
socks5SOCKS5 proxySOCKS5
forward.listenersPort forward listenersForward

Exit

SectionPurposeDocumentation
exitCIDR and domain routesExit
forward.endpointsPort forward endpointsForward
udpUDP relayUDP
icmpICMP pingICMP

Remote Access

SectionPurposeDocumentation
shellRemote command executionShell
file_transferFile upload/downloadFile Transfer

HTTP API

SectionPurposeDocumentation
httpHealth, dashboard, APIsHTTP

Tuning

SectionPurposeDocumentation
routingRoute advertisementRouting
connectionsKeepalive, reconnectionRouting
limitsStream limits, buffersRouting

Security

SectionPurposeDocumentation
managementTopology encryptionManagement
protocolOPSEC identifiersTLS Certificates

Environment Variables

All configuration values support environment variable substitution:

agent:
  data_dir: "${DATA_DIR:-./data}"
  log_level: "${LOG_LEVEL:-info}"

socks5:
  auth:
    users:
      - username: "${SOCKS_USER}"
        password_hash: "${SOCKS_PASS_HASH}"

Syntax:

  • ${VAR} - Use environment variable (error if not set)
  • ${VAR:-default} - Use default if variable not set

See Environment Variables for more details.

Validation

Configuration is validated on startup. Common errors:

ERROR  Invalid configuration: socks5.address: invalid address format
ERROR  Invalid configuration: listeners[0].tls.cert: file not found
ERROR  Invalid configuration: peers[0].id: invalid agent ID format

Reloading

Configuration cannot be reloaded without restart. To apply changes:

# Stop agent (Ctrl+C or SIGTERM)
# Edit config.yaml
# Start agent
muti-metroo run -c ./config.yaml

Best Practices

  1. Use environment variables for secrets (passwords, keys)
  2. Keep configs in version control (without secrets)
  3. Use display_name for easier dashboard identification
  4. Start minimal and add features as needed
  5. Test configuration before production deployment

Embedded Configuration

For single-file deployments, configuration can be embedded in the binary:

# When running embedded binary without arguments
default_action: run    # Auto-start agent
# default_action: help # Show help (default)

The setup wizard can create embedded binaries:

muti-metroo setup
# Choose "Embed in binary" for configuration delivery

See Embedded Configuration for details.

Next Steps