User documentation
  1. What is redirection.io?
  2. Starter's guide
  3. What are organizations and projects?
  4. Invite new collaborators
  5. User account and preferences
  6. Using traffic logs
  7. Create a rule
  8. Triggers and markers reference
  9. Actions reference
  10. How to bulk-import or export redirection rules?
  11. Managing instances
  12. Project notifications
  13. Project segmentation
  14. How much does it cost?
  15. Can I use redirection.io for free?
  16. About us
Developer documentation
  1. TL;DR; Fast track
  2. Available integrations
  3. nginx module
  4. Apache module
  5. Upsun integration
  6. Clever Cloud integration
  7. Cloudflare Workers integration
  8. Fastly Compute@Edge integration
  9. Vercel Middleware Integration
  10. Using redirection.io with Docker
  11. How fast is it?
  12. Public API
Agent documentation
  1. Installing the agent
  2. Upgrading the agent
  3. Agent command line options
  4. The agent as a reverse proxy
  5. Agent configuration reference
  6. Minimal configuration
  7. Listening for requests
  8. Forwarding requests to the backend
  9. Virtualhosts
  10. Trusted proxies
  11. GeoIP database
  12. Response compression
  13. Performance tweaks
  14. Access logs
  15. Persisting data in a s3 bucket
  16. Monitoring the agent
  17. Using the agent behind a HTTPS proxy
  18. Agent configuration examples
Managed instances
  1. What are managed instances?
  2. Add a domain to your project
  3. Managed instances limits and quota
  4. Frequently asked questions
Crawler
  1. What is the redirection.io crawler?
  2. Start a crawl
  3. Schedule a crawl
  4. Analyzing the results of a crawl
  5. The crawls list
  6. Crawl credits and pricing
  7. Crawl Errors
  8. Crawler metrics reference
  9. Crawler columns reference
Knowledge base
  1. Create your first redirections
  2. redirection.io rules cookbook
  3. Setting up a redirection server on Azure Cloud
  4. Structured data and Rich Snippets
  5. What is a URL redirection?
  6. Why use URL redirections and how to setup
Legacy versions
  1. Agent 1.x configuration reference
  2. Agent 2.x configuration reference
  3. Legacy integrations
  4. Legacy Cloudflare Workers integration
Changelogs
  1. redirectionio-agent
  2. libnginx-mod-redirectionio
  3. libapache2-mod-redirectionio

Listening for requests

The redirection.io agent includes a built-in reverse proxy, which allows you to forward the incoming requests to one or more backend servers.

The reverse proxy supports the http1, http2 and http3 protocols, and it can be configured to listen for incoming requests on any port using the listen directive.

For example, the following configuration will make the agent listen for incoming HTTP requests on port 80:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

Listening for HTTPS requests

The reverse proxy supports SSL termination, which means that it can handle HTTPS requests and forward them to the backend using HTTP(s). This is useful if you want to secure your website with SSL certificates, without having to configure SSL on your backend servers.

Listening for https requests can be enabled by configuring the "listen" directive with one listener for the tls protocol. For example:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tls://0.0.0.0:443'
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

You will usually want to listen for both http and https requests. In this case, you can configure two listeners, one for the http protocol and one for the tls protocol:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
        - 'tls://0.0.0.0:443'
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

The agent also supports HTTP3, often refered as QUIC. To enable HTTP3 support, you can also configure a listener for the quic protocol:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
        - 'tls://0.0.0.0:443'
        - 'quic://0.0.0.0:443'
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

SSL certificates management

The agent supports two modes for SSL configuration:

  • using Let's Encrypt (or any other ACME provider) to automatically generate and renew SSL certificates for your domains
  • using your own SSL certificates, for which you can specify the paths to the certificate and private key files in the agent configuration

ACME certificates

The "letsencrypt" mode is very convenient if you don't want to worry about managing your SSL certificates. The agent will automatically generate and renew the certificates for you, as long as your domains are correctly configured to point to the agent - under the hood, redirection.io uses the HTTP-01 challenge.

If you only use the "letsencrypt" mode, you will need to wait for the certificates to be generated before your website can be accessed over HTTPS. This usually takes a few minutes, but it can take longer if there are issues with the domain configuration or if you have a large number of domains. Once the certificates are generated, the agent will automatically switch to using them for HTTPS requests, and it will store them in the storage configured under the instance.persist configuration key, for future use.

Here is a configuration example for the "letsencrypt" (acme) mode:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
        - 'tls://0.0.0.0:443'
    certificate:
        acme:
            contacts:
                - myemail@example.com
            directory_url: 'https://acme-v02.api.letsencrypt.org/directory'
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

The directory_url option allows you to specify which ACME provider you want to use. As an example, you can use Let's Encrypt production or staging URLs:

Local file certificates

The "file" mode is useful if you already have your SSL certificates ready, or if you want to use self-signed certificates for testing purposes. In this case, you can specify the paths to the certificate and private key files in the agent configuration. Here is a configuration example for the "file" mode:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
        - 'tls://0.0.0.0:443'
    certificate:
        file:
            key: /path/to/cert.key
            certificates:
                - /path/to/chain.pem
                - /path/to/cert.pem
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key

ACME and local files certificates at the same time

Both modes ("acme" and "file") can be combined - in this case, the agent will use the "file" mode certificates at startup time, and will automatically switch to the "acme" mode certificates once they are generated. This allows you to have SSL support from the very beginning, even if you don't have your certificates ready yet:

View in configuration explorer 
instance:
    name: 'Example instance'
reverse_proxy:
    listen:
        - 'tcp://0.0.0.0:80'
        - 'tls://0.0.0.0:443'
    certificate:
        acme:
            contacts:
                - myemail@example.com
            directory_url: 'https://acme-v02.api.letsencrypt.org/directory'
        file:
            key: /path/to/cert.key
            certificates:
                - /path/to/chain.pem
                - /path/to/cert.pem
    forward:
        address: 'backend:8080'
    agent:
        project_key: my-project-key
This page has been updated on Mar 30, 2026
Can't find your answer?