Configuration

Hugin stores its configuration at ~/.hugin/config.toml. Generate a default config with:

hugin init

View the resolved configuration (defaults merged with your overrides):

hugin config show

This page covers the most common knobs. For the full schema (HTTP/2 host overrides, response modification, DNS, backups, logging, MCP, assistant, update channels, etc.), see the Configuration Reference.

🔗Proxy

[proxy]
listen_addr = "127.0.0.1:8080"     # Proxy listen address
api_addr = "127.0.0.1:8081"        # API / MCP server address
upstream_proxy = "socks5://127.0.0.1:9050"  # Route traffic through Tor, Burp, etc.
invisible_proxy = false             # Transparent proxy mode (no browser config needed)
additional_ports = [8443]           # Extra ports on 127.0.0.1 (legacy)
additional_listeners = ["0.0.0.0:8082"]  # Multi-interface listeners (mobile/remote)

🔗CA Certificate

[ca]
cert_path = "~/.hugin/Hugin-Proxy-CA.pem"
key_path = "~/.hugin/Hugin-Proxy-CA-key.pem"
cache_size = 1000                   # Per-host certificate cache size

🔗Storage

[storage]
db_path = "~/.hugin/hugin.db"
max_body_size = 10485760            # Max response body stored per flow (10 MB)

🔗Scope

[scope]
include_hosts = ["*.example.com"]   # Only capture matching hosts (empty = all)
exclude_hosts = ["*.analytics.com"] # Never capture matching hosts

Scope can also be configured in the Scopes view within the desktop UI.

🔗HTTP/2

[http2]
enabled = true
alpn_protocols = ["h2", "http/1.1"]
enable_server_push = true
max_concurrent_streams = 100

Force HTTP/1.1 for specific hosts:

[[http2.host_overrides]]
pattern = "legacy.example.com"
http_version = "ForceHttp11"

🔗Oastify (Out-of-Band Detection)

[oastify]
enabled = false
base_url = "https://oastify.eu"
domain = "oastify.eu"               # Optional — derived from base_url host if omitted
api_token = "your-token"
session = "default"                 # Default session name for payload tracking
poll_interval_ms = 5000             # Min 100
session_ttl_hours = 24              # 1–168

🔗API Authentication

[api]
auth_enabled = false
auth_username = "admin"
auth_password = "changeme"
auth_token = "bearer-token-here"

Enable authentication when exposing the API beyond localhost (e.g., with hugin serve).

🔗Telemetry

[telemetry]
enabled = false                                          # Opt-in anonymous usage telemetry
endpoint = "https://telemetry.hugin.nu/v1/events"
flush_interval_secs = 300                                # Min 10
max_batch_size = 100                                     # 1–10000
tags = { team = "infra" }                                # Extra labels on every batch

Toggle from the CLI:

hugin config telemetry on
hugin config telemetry off

🔗Custom Data Directory

To run Hugin from a non-default location (e.g., per-project sandboxes, multi-user servers), set the HUGIN_HOME environment variable to an absolute path:

HUGIN_HOME=/srv/hugin/projectA hugin start

All paths above resolve relative to that directory.