Skip to content
HeliosDB HeliosProxy

HeliosProxy Configuration Reference

HeliosProxy Configuration Reference

Complete reference for all HeliosProxy configuration options. HeliosProxy uses TOML format for configuration files.

Usage

Terminal window
# Start with a configuration file
heliosdb-proxy --config /etc/heliosproxy/config.toml


# Start with command-line arguments
heliosdb-proxy \
  --listen 0.0.0.0:6432 \
  --admin 0.0.0.0:9090 \
  --primary db-primary:5432 \
  --standby db-standby-1:5432 \
  --standby db-standby-2:5432


# Override log level
heliosdb-proxy --config config.toml --log-level debug


# Enable JSON-structured logging
heliosdb-proxy --config config.toml --json-logs

Command-Line Arguments

ArgumentDefaultDescription
--config, -c(none)Path to TOML configuration file
--listen, -l0.0.0.0:5432Client listen address
--admin0.0.0.0:9090Admin API listen address
--primary(none)Primary node host:port
--standby(none)Standby node host:port (repeatable)
--trtrueEnable Transaction Replay
--log-levelinfoLog level: trace, debug, info, warn, error
--json-logsfalseEmit logs in JSON format

When --config is provided, the file takes precedence. Command-line node arguments (--primary, --standby) are used only when no configuration file is specified.

Top-Level Options

listen_address = "0.0.0.0:5432"
admin_address = "0.0.0.0:9090"
tr_enabled = true
tr_mode = "session"
write_timeout_secs = 30
KeyTypeDefaultDescription
listen_addressstring"0.0.0.0:5432"Address and port for PostgreSQL client connections.
admin_addressstring"0.0.0.0:9090"Address and port for the REST admin API.
tr_enabledbooltrueEnable Transaction Replay. Requires the ha-tr feature flag at build time.
tr_modestring"session"Transaction Replay mode. See table below.
write_timeout_secsu6430Maximum seconds to buffer write queries during failover before returning an error.

Transaction Replay Modes (tr_mode)

ModeDescription
noneTransaction Replay disabled. In-flight transactions are aborted on failover.
sessionRe-establish session state (SET parameters, prepared statements) on the new primary. Transactions are not replayed.
selectRestore session state and re-execute SELECT queries. Write transactions are not replayed.
transactionFull transaction replay. All journaled statements are re-executed on the new primary. Provides the strongest failover guarantee.

Pool Mode Configuration ([pool_mode])

Controls connection pooling behavior. Requires the pool-modes feature flag.

[pool_mode]
mode = "transaction"
max_pool_size = 100
min_idle = 10
idle_timeout_secs = 600
max_lifetime_secs = 3600
acquire_timeout_secs = 5
reset_query = "DISCARD ALL"
prepared_statement_mode = "track"
KeyTypeDefaultDescription
modestring"session"Pooling mode: session, transaction, or statement.
max_pool_sizeu32100Maximum backend connections per node.
min_idleu3210Minimum idle connections to maintain.
idle_timeout_secsu64600Close idle connections after this many seconds.
max_lifetime_secsu643600Close connections after this many seconds regardless of activity.
acquire_timeout_secsu645Maximum seconds to wait when acquiring a connection from the pool.
reset_querystring"DISCARD ALL"SQL executed when a connection is returned to the pool.
prepared_statement_modestring"disable"Prepared statement handling: disable, track, or named.

Pooling Modes

ModeConnection Returns To PoolBest For
sessionWhen the client disconnects. 1:1 client-to-backend mapping.Legacy applications, applications using prepared statements, long-running sessions.
transactionAfter COMMIT or ROLLBACK. Connections are shared across clients between transactions.Web applications, microservices, connection-starved environments.
statementAfter each individual statement. Maximum connection sharing.Simple query workloads, read-heavy applications with no multi-statement transactions.

Prepared Statement Modes

ModeBehavior
disablePrepared statements are not tracked. Safest for transaction and statement pooling modes.
trackThe proxy tracks PREPARE/DEALLOCATE and recreates prepared statements when a client is assigned a new backend connection.
namedUses PostgreSQL protocol-level named statements. Compatible with session pooling mode.

Connection Pool Configuration ([pool])

Basic connection pool settings. These apply to the core connection pool regardless of pooling mode.

[pool]
min_connections = 2
max_connections = 100
idle_timeout_secs = 300
max_lifetime_secs = 1800
acquire_timeout_secs = 30
test_on_acquire = true
KeyTypeDefaultDescription
min_connectionsusize2Minimum connections maintained per backend node.
max_connectionsusize100Maximum connections per backend node.
idle_timeout_secsu64300Close connections idle longer than this value.
max_lifetime_secsu641800Maximum lifetime of a connection before it is closed and replaced.
acquire_timeout_secsu6430Maximum time to wait for a connection from the pool.
test_on_acquirebooltrueExecute a health check query before handing a connection to a client.

Load Balancer Configuration ([load_balancer])

Controls how queries are distributed across backend nodes.

[load_balancer]
read_strategy = "round_robin"
read_write_split = true
latency_threshold_ms = 100
KeyTypeDefaultDescription
read_strategystring"round_robin"Strategy for distributing read queries. See table below.
read_write_splitbooltrueWhen enabled, write queries route to the primary and read queries route to standby/replica nodes.
latency_threshold_msu64100Nodes with latency above this threshold are considered unhealthy for routing purposes.

Routing Strategies

StrategyDescription
round_robinRotate through available nodes in order, distributing queries equally.
weighted_round_robinRotate through nodes proportionally to their configured weight values.
least_connectionsRoute each query to the node with the fewest active connections.
latency_basedRoute each query to the node with the lowest observed latency.
randomSelect a node at random for each query.

Health Check Configuration ([health])

Backend node health monitoring settings.

[health]
check_interval_secs = 5
check_timeout_secs = 3
failure_threshold = 3
success_threshold = 2
check_query = "SELECT 1"
KeyTypeDefaultDescription
check_interval_secsu645Interval between health check probes.
check_timeout_secsu643Maximum time to wait for a health check response.
failure_thresholdu323Number of consecutive failures before marking a node unhealthy.
success_thresholdu322Number of consecutive successes before marking an unhealthy node as healthy again.
check_querystring"SELECT 1"SQL query used for health checks.

Node Configuration ([[nodes]])

Define one or more backend nodes. Each [[nodes]] entry is a separate backend.

[[nodes]]
host = "db-primary.internal"
port = 5432
http_port = 8080
role = "primary"
weight = 100
enabled = true
name = "primary-1"


[[nodes]]
host = "db-standby-1.internal"
port = 5432
http_port = 8080
role = "standby"
weight = 100
enabled = true
name = "standby-1"


[[nodes]]
host = "db-replica-1.internal"
port = 5432
http_port = 8080
role = "replica"
weight = 50
enabled = true
name = "replica-1"
KeyTypeDefaultRequiredDescription
hoststringYesBackend hostname or IP address.
portu16YesPostgreSQL protocol port.
http_portu168080NoHTTP API port on the backend node. Used for SQL API forwarding (TWR).
rolestringYesNode role: primary, standby, or replica.
weightu32100NoLoad balancing weight. Higher values receive proportionally more traffic.
enabledbooltrueNoWhether this node is available for routing. Can be toggled at runtime via the Admin API.
namestring(none)NoHuman-readable name used in logs, metrics, and Admin API responses.

Node Roles

RoleDescription
primaryThe read/write node. All write queries and transaction-control statements are routed here. At least one primary is required.
standbyA synchronous or asynchronous standby. Eligible for promotion during failover. Receives read traffic when read_write_split is enabled.
replicaA read-only replica. Not eligible for promotion. Receives read traffic only.

TLS Configuration ([tls])

Optional TLS termination for client connections to the proxy.

[tls]
enabled = true
cert_path = "/etc/heliosproxy/server.crt"
key_path = "/etc/heliosproxy/server.key"
ca_path = "/etc/heliosproxy/ca.crt"
require_client_cert = false
KeyTypeDefaultDescription
enabledboolfalseEnable TLS for client-facing connections.
cert_pathstring(required if enabled)Path to the PEM-encoded server certificate.
key_pathstring(required if enabled)Path to the PEM-encoded private key.
ca_pathstring(optional)Path to the CA certificate for client certificate verification.
require_client_certboolfalseRequire clients to present a valid certificate signed by the CA.

Query Cache Configuration ([cache])

Requires the query-cache feature flag.

[cache]
enabled = true
max_memory_mb = 512
default_ttl_secs = 60
KeyTypeDefaultDescription
enabledboolfalseEnable the query result cache.
max_memory_mbu64512Maximum memory for cached query results.
default_ttl_secsu6460Default time-to-live for cached entries.

Lag-Aware Routing Configuration ([routing])

Requires the lag-routing feature flag.

[routing]
max_replica_lag_ms = 100
lag_check_interval_secs = 1
KeyTypeDefaultDescription
max_replica_lag_msu64100Maximum acceptable replication lag in milliseconds. Replicas exceeding this are excluded from read routing.
lag_check_interval_secsu641How often to poll replica lag metrics.

Rate Limiting Configuration ([rate_limit])

Requires the rate-limiting feature flag.

[rate_limit]
queries_per_second = 1000
burst_size = 100
per_user = true
KeyTypeDefaultDescription
queries_per_secondu641000Maximum sustained query rate.
burst_sizeu64100Maximum burst size above the sustained rate.
per_userbooltrueApply limits per connecting user rather than globally.

Circuit Breaker Configuration ([circuit_breaker])

Requires the circuit-breaker feature flag.

[circuit_breaker]
failure_threshold = 5
recovery_timeout_secs = 30
KeyTypeDefaultDescription
failure_thresholdu325Number of consecutive failures before opening the circuit.
recovery_timeout_secsu6430Time to wait before attempting a recovery probe (half-open state).

Query Analytics Configuration ([analytics])

Requires the query-analytics feature flag.

[analytics]
enabled = true
slow_query_threshold_ms = 100
KeyTypeDefaultDescription
enabledboolfalseEnable query analytics and fingerprinting.
slow_query_threshold_msu64100Queries exceeding this duration are logged to the slow query log.

Multi-Tenancy Configuration ([[tenants]])

Requires the multi-tenancy feature flag.

[[tenants]]
id = "tenant_a"
max_connections = 50
rate_limit = 500
databases = ["tenant_a_db"]


[[tenants]]
id = "tenant_b"
max_connections = 25
rate_limit = 200
databases = ["tenant_b_db"]
KeyTypeDefaultDescription
idstring(required)Unique tenant identifier.
max_connectionsu32(required)Maximum backend connections for this tenant.
rate_limitu64(required)Maximum queries per second for this tenant.
databasesarray(required)List of database names this tenant is authorized to access.

WASM Plugin Configuration ([[plugins]])

Requires the wasm-plugins feature flag.

[[plugins]]
name = "audit_logger"
path = "/plugins/audit.wasm"
config = { log_level = "info" }
KeyTypeDefaultDescription
namestring(required)Plugin name for logging and metrics.
pathstring(required)Path to the compiled .wasm module.
configtable{}Plugin-specific configuration passed to the WASM module at initialization.

GraphQL Gateway Configuration ([graphql])

Requires the graphql-gateway feature flag.

[graphql]
enabled = true
endpoint = "/graphql"
introspection = true
KeyTypeDefaultDescription
enabledboolfalseEnable the GraphQL endpoint on the admin port.
endpointstring"/graphql"URL path for the GraphQL endpoint.
introspectionbooltrueAllow GraphQL introspection queries.

Schema Routing Configuration ([[schema_routes]])

Requires the schema-routing feature flag.

[[schema_routes]]
tables = ["events", "logs"]
target = "analytics_replica"


[[schema_routes]]
tables = ["orders", "payments"]
target = "primary"
KeyTypeDefaultDescription
tablesarray(required)List of table names to match.
targetstring(required)Name of the target node (matches the name field in [[nodes]]).

Distributed Cache Configuration ([distribcache])

Requires the distribcache feature flag.

[distribcache]
enabled = true
l1_size_mb = 64
l2_size_mb = 512
l3_nodes = ["cache1:6379", "cache2:6379"]


[distribcache.ai]
embedding_prefetch = true
conversation_ttl_secs = 3600
KeyTypeDefaultDescription
enabledboolfalseEnable distributed caching.
l1_size_mbu6464Size of the L1 (in-process) hot cache.
l2_size_mbu64512Size of the L2 (shared memory) warm cache.
l3_nodesarray[]Addresses of external Redis-compatible nodes for L3 distributed cache.
distribcache.ai.embedding_prefetchboolfalseEnable embedding prefetch for RAG pipelines.
distribcache.ai.conversation_ttl_secsu643600TTL for cached conversation context in agentic workloads.

Environment Variable Overrides

Any configuration value can be overridden with an environment variable. The naming convention is HELIOS_PROXY_ followed by the uppercase, underscore-separated key path.

Terminal window
HELIOS_PROXY_LISTEN_ADDRESS=0.0.0.0:6432
HELIOS_PROXY_ADMIN_ADDRESS=0.0.0.0:9090
HELIOS_PROXY_POOL_MODE=transaction
HELIOS_PROXY_MAX_POOL_SIZE=200
HELIOS_PROXY_WRITE_TIMEOUT_SECS=60

Environment variables take highest precedence, followed by the configuration file, followed by built-in defaults.

Configuration Validation

The proxy validates the configuration at startup and refuses to start if any rule is violated:

  1. At least one node must be configured.
  2. Exactly one node with role primary must be present and enabled.
  3. max_connections must be greater than or equal to min_connections.
  4. All required fields must be present and have valid values.
  5. Listen address and admin address must be valid socket addresses.

Invalid configurations produce a descriptive error message and a non-zero exit code.

Complete Example

See config/ in the project root for ready-to-use configuration examples.

# HeliosProxy - Full Configuration Example
# See docs/configuration.md for a description of every key.


listen_address = "0.0.0.0:6432"
admin_address = "0.0.0.0:9090"
tr_enabled = true
tr_mode = "session"
write_timeout_secs = 30


[pool_mode]
mode = "transaction"
max_pool_size = 100
min_idle = 10
idle_timeout_secs = 600
max_lifetime_secs = 3600
acquire_timeout_secs = 5
reset_query = "DISCARD ALL"
prepared_statement_mode = "track"


[pool]
min_connections = 5
max_connections = 100
idle_timeout_secs = 300
max_lifetime_secs = 1800
acquire_timeout_secs = 30
test_on_acquire = true


[load_balancer]
read_strategy = "least_connections"
read_write_split = true
latency_threshold_ms = 50


[health]
check_interval_secs = 5
check_timeout_secs = 3
failure_threshold = 3
success_threshold = 2
check_query = "SELECT 1"


[[nodes]]
host = "db-primary.internal"
port = 5432
http_port = 8080
role = "primary"
weight = 100
enabled = true
name = "primary"


[[nodes]]
host = "db-standby-1.internal"
port = 5432
http_port = 8080
role = "standby"
weight = 100
enabled = true
name = "standby-1"


[[nodes]]
host = "db-replica-1.internal"
port = 5432
http_port = 8080
role = "replica"
weight = 50
enabled = true
name = "replica-1"


[tls]
enabled = false
# cert_path = "/etc/heliosproxy/server.crt"
# key_path = "/etc/heliosproxy/server.key"

See Also