USP Server Configuration File

The USP Server configuration file, located at /opt/udmg/etc/usp-server.hcl, defines the minimal parameters required for a USP Server instance to start and operate. Its detailed behavior and configuration are managed through the USP Manager.

USP Server is the component responsible for handling inbound and outbound connections, enforcing rules, and securely transferring data across the proxy boundary.

This file uses HCL (HashiCorp Configuration Language) to express structured settings such as Listeners, Routes, Nodes, authentication methods, and logging options.

What is HCL?

The USP Server configuration file is written in HCL (HashiCorp Configuration Language), a human-friendly syntax for structured configuration.

Key points about HCL:

Blocks group related settings inside curly braces ({}). For example, the api block contains all API-related options.
Arguments are key-value pairs defined within blocks. Each argument has a name (the key) and a value.
Argument names are unique within their block and describe the purpose of the setting.

Dot Notation

Throughout this documentation we use dot notation to reference nested arguments.

This notation is used only in the documentation for clarity. In the actual HCL file, arguments are defined within their respective blocks, not as dot-separated keys.

Dot notation examples
api {
  port =        # Referenced as: api.port
  
  secure {
    enable =    # Referenced as: api.secure.enable
  }
}

Arguments by Block

This section lists all configurable arguments available in usp-server.hcl. Arguments are grouped by configuration block (including the root level). For every argument, the table shows its name, description, type, and default value—helping you quickly understand what it controls and how to set it.

info

All HCL arguments described on this page use dot notation to reference their full path from the root of the configuration file.

Root Level

Defines the top-level attributes of the USP Server.

HCL Argument Name	Description	Value Type	Default Value
`name`	Name of the Proxy Server instance.	`string`

`web`

Configures the embedded HTTP(S) services used by USP Server for:

Configuration updates (the control plane endpoint that USP Manager uses to configure and monitor the Proxy Server), and
Operational endpoints (health check and metrics).

HCL Argument Name	Description	Value Type	Default Value
`web.read_timeout`	Web read timeout. Allowed time units: `s` for seconds (e.g., `"30s"`) `m` for minutes (e.g., `"2m"`)	`string`	`"5s"`
`web.write_timeout`	Web write timeout. Allowed time units: `s` for seconds (e.g., `"30s"`) `m` for minutes (e.g., `"2m"`)	`string`	`"10s"`
`web.idle_timeout`	Web idle timeout. Allowed time units: `s` for seconds (e.g., `"30s"`) `m` for minutes (e.g., `"2m"`)	`string`	`"120s"`
`web.shutdown_timeout`	Web shutdown timeout. Allowed time units: `s` for seconds (e.g., `"30s"`) `m` for minutes (e.g., `"2m"`)	`string`	`"20s"`
`web.cors_allowed_origins`	Allowed origins for CORS.	`[]string`	`["*"]`
`web.config_host`	Host where the Proxy Server listens for configuration requests.	`string`	`"0.0.0.0:8900"`
`web.api_host`	Host where the Proxy Server exposes health check and metrics endpoints.	`string`	`"0.0.0.0:8901"`
`web.tls.cert`	Path to the USP Server's TLS Certificate for mTLS config API authentication.	`string`
`web.tls.key`	Path to the USP Server's TLS Private Key for mTLS config API authentication.	`string`
`web.tls.ca`	Path to the USP Server's TLS CA(s) for mTLS config API authentication.	`string`

`icap`

The icap block configures global parameters for the Internet Content Adaptation Protocol (ICAP) integration.

HCL Argument Name	Description	Value Type	Default Value
`icap.timeout`	Defines how long the USP Server will wait for a response from the ICAP server during scan operations.	`string`	`"30s"`

`log`

The log block configures USP Server logging output, verbosity level, and log rotation settings.

HCL Argument Name	Description	Value Type	Default Value
`log.level`	Controls the verbosity of logs. Options (every option contains the messages from the ones below it): `TRACE`: The most detailed logging level, used to record fine-grained information about internal operations (e.g, database queries). `DEBUG`: Detailed internal information for troubleshooting. `INFO`: General operational messages. `WARN`: Unexpected errors that are not critical. `ERROR`: Critical errors. tip Use `INFO` for normal operation and `DEBUG` when troubleshooting.	`string`	`"INFO"`
`log.path`	The path to the log file. If no value is set, logs are written to standard output.	`string`	`""` (standard output)
`log.max_size`	Rotates logs when the log file grows beyond a threshold measured (in MB).	`number`	`0` (disabled)
`log.max_backups`	Defines how many rotated log files must be kept. Once the number is exceeded, the older log file gets deleted when a new log rotation takes effect.	`number`	`0` (disabled)
`log.max_age`	Rotates logs that are older than a specified number of days. Each Component checks the age of each log file every time a log message is written, and when the configured threshold is reached, it archives the current log as the original log file plus the time at which the log was rotated (name-timestamp.extension). For example: if `manager.log` is the original log file and a rotation happens at 3:00pm on May 10th 2025, the archived file would be named: `manager-2025-05-10-T15-00-00.000.log`.	`number`	`0` (disabled)

What is HCL?​

Dot Notation​

Arguments by Block​

Root Level​

web​

icap​

log​