Skip to main content
Start the cordon proxy server. The proxy loads config, resolves secrets, and begins intercepting requests.

Usage

cordon start [OPTIONS]

Options

OptionDefaultDescription
--config, -ccordon.tomlPath to config file
--log-levelinfoLog level: trace, debug, info, warn, error

Examples

# Start with defaults
cordon start

# Start with a custom config file
cordon start --config /path/to/cordon.toml

# Start with debug logging
cordon start --log-level debug

Behavior

  1. Parses and validates the config file. Exits with an error if invalid. Relative ca_cert_path / ca_key_path values are resolved against the config file’s directory, so configs work correctly when the working directory differs (e.g., when running as a launchd/systemd service).
  2. Validates all HTTP route secrets from configured sources. If multiple secrets fail, all failures are reported at once so you can fix them in a single pass.
  3. Resolves PostgreSQL service credentials at startup (when services are configured).
  4. Generates or loads TLS certificates (if TLS is enabled).
  5. Binds the listener on the configured address. The health endpoint serves 200 from this point.
  6. Begins accepting connections. Response bodies are streamed through without buffering, so SSE and chunked transfer encoding responses (e.g., streaming AI API calls) work correctly.
The proxy runs in the foreground. Use Ctrl+C to stop, or run as a background service.