listener:
  host: # [string; required; default: '0.0.0.0'] Host. Address to bind the listener to
  port: # [number; required; default: 4200] Port. Port number for the listener
  ipWhitelistRegex: # [string; default: '/.*/'; regexp: true] IP allowlist regex. Regex matching IP addresses that are allowed to establish a connection
  maxActiveCxn: # [number; minimum: 0; default: 0] Active connection limit. Maximum number of active connections allowed from Worker Nodes. Use 0 for unlimited
  tls: # [object] TLS settings (server side). TLS configuration for the listener
    disabled: # [boolean; default: true] Disabled. Whether TLS is disabled
    certificateName: # [string] Certificate. The name of the predefined certificate
    privKeyPath: # [string; required if TLS enabled] Private key path. Path on server containing the private key to use. PEM format. Can reference $ENV_VARS
    certPath: # [string; required if TLS enabled] Certificate path. Path on server containing certificates to use. PEM format. Can reference $ENV_VARS
    caPath: # [string] CA certificate path. Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS
    passphrase: # [string] Passphrase. Passphrase to use to decrypt private key
    requestCert: # [boolean; default: false] Authenticate client (mutual auth). Require clients to present their certificates. Used to perform client authentication using SSL certs
    rejectUnauthorized: # [boolean; default: true; required if requestCert: true] Validate client certificates. Reject certificates not authorized by a CA in the CA certificate path or by another trusted CA
    commonNameRegex: # [string; default: '/.*/'; regexp: true; required if requestCert: true] Common name. Regex matching allowable common names in peer certificates' subject attribute
    minVersion: # [string] Minimum TLS version. Allowed values: 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
    maxVersion: # [string] Maximum TLS version. Allowed values: 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'