Download your complete Lumos Gate config as portable JSON including servers, domains, WAF rules, and HAProxy templates. Works even on frozen accounts.

Config Export

Lumos Gate lets you export your complete configuration as a JSON file. This export includes your server list, domain configurations, WAF rules, and a basic HAProxy config template. It is designed for portability -- if you ever leave Lumos Gate, you have everything needed to set up your proxy infrastructure manually.

The export is accessible even when your account is frozen, so you can always download a backup of your configuration.

Complete Export Structure

The export is a single JSON file with the following top-level structure:

{
  "exported_at": "2026-02-20T14:30:00.000Z",
  "exported_by": "Lumos Gate (lumosgate.com)",
  "servers": [ ... ],
  "domains": [ ... ],
  "waf_rules": [ ... ],
  "haproxy_config_template": "# Basic HAProxy config generated by Lumos Gate\n...",
  "note": "This export contains your domain and server configuration. Advanced features like automatic SSL renewal, WAF rules, bot protection, DNS failover, and dashboard management are available with Lumos Gate."
}

Servers

Each server entry includes the name, IP address, and current status:

{
  "servers": [
    {
      "name": "shield-eu-1",
      "ip": "203.0.113.10",
      "status": "active"
    },
    {
      "name": "shield-us-1",
      "ip": "198.51.100.5",
      "status": "active"
    }
  ]
}

Possible status values: "active", "offline", "decommissioned".

Note: Server connection tokens are not included in the export for security. The ip field may be null if the server has never connected.

Domains

Each domain includes its origin servers, SSL status, WAF configuration, and status:

{
  "domains": [
    {
      "domain": "example.com",
      "origins": ["10.0.1.5:443", "10.0.1.6:443"],
      "ssl_enabled": true,
      "ssl_expires": "2026-06-15",
      "waf_enabled": true,
      "waf_level": "medium",
      "status": "active"
    },
    {
      "domain": "api.example.com",
      "origins": ["10.0.1.5:8080"],
      "ssl_enabled": true,
      "ssl_expires": "2026-06-15",
      "waf_enabled": false,
      "waf_level": "medium",
      "status": "active"
    }
  ]
}

Field details:

Field	Description
`domain`	The fully qualified domain name
`origins`	Array of origin servers as `host:port` strings
`ssl_enabled`	Whether SSL is enabled for this domain
`ssl_expires`	SSL certificate expiry date (YYYY-MM-DD format) or `null` if no certificate
`waf_enabled`	Whether WAF is active (`true` if `waf_level` is set)
`waf_level`	WAF sensitivity level: `"low"`, `"medium"`, or `"high"`
`status`	Domain status: `"active"`, `"pending"`, or `"error"`

WAF Rules

Exported WAF rules include IP blacklist entries and rate limiting rules:

{
  "waf_rules": [
    {
      "type": "ip_blacklist",
      "value": "198.51.100.0/24",
      "enabled": true
    },
    {
      "type": "ip_blacklist",
      "value": "203.0.113.50",
      "enabled": true
    },
    {
      "type": "rate_limit",
      "value": "100",
      "enabled": true
    }
  ]
}

Important: Bot protection rules and custom WAF rules are not included in the export. These are platform-specific Lua scripts generated by the agent and cannot be meaningfully exported as portable configuration. Only ip_blacklist and rate_limit rule types are exported.

HAProxy Config Template

The export includes a generated HAProxy configuration template based on your domains and origins. This is a starting template for manual setup -- it does not include advanced features like automatic SSL, WAF rules, bot protection, or DNS failover that the Lumos agent manages.

# Basic HAProxy config generated by Lumos Gate
# This is a starting template - advanced features like
# auto-SSL, WAF, bot protection, and failover require
# Lumos Gate management.

global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    option  forwardfor
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend http_front
    bind *:80
    use_backend be_example_com if { hdr(host) -i example.com }
    use_backend be_api_example_com if { hdr(host) -i api.example.com }
    default_backend be_default

backend be_default
    http-request deny deny_status 404

backend be_example_com
    option httpchk GET /
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Real-IP %[src]
    http-request set-header Host example.com
    server origin0 10.0.1.5:443 check
    server origin1 10.0.1.6:443 check

backend be_api_example_com
    option httpchk GET /
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Real-IP %[src]
    http-request set-header Host api.example.com
    server origin0 10.0.1.5:8080 check

The template generates:

A frontend on port 80 with host-based routing (hdr(host)) for each domain
A default backend that returns 404 for unknown hosts
One backend per domain with health checks, X-Forwarded-Proto, X-Real-IP, and Host headers
Domain names in backend names have dots replaced with underscores (e.g., be_example_com)

Warning: This template does not include HTTPS (port 443) bindings, SSL certificates, or any WAF/bot protection logic. If you are migrating away from Lumos Gate, you will need to add these manually. Consider using Certbot for SSL certificate management.

How to Export

From the Dashboard

Go to Settings -> Account
Click Export Configuration
The JSON file downloads automatically with the filename lumos-export-YYYY-MM-DD.json

Via API

Using an API key (Pro and Enterprise plans):

curl -X GET https://app.lumosgate.com/api/settings/export \
  -H "x-api-key: lmsk_your_key_here" \
  -o lumos-export.json

Using a session cookie (if authenticated via browser):

curl -X GET https://app.lumosgate.com/api/settings/export \
  -b "your-session-cookie" \
  -o lumos-export.json

The response includes a Content-Disposition: attachment header with a dated filename and Content-Type: application/json.

What Is Not Included

The following data is intentionally excluded from the export:

Data	Reason
Server connection tokens	Security -- tokens are SHA-256 hashed and cannot be recovered
Bot protection rules	Platform-specific Lua scripts, not portable
Custom WAF rules	Platform-specific Lua scripts, not portable
Analytics data	Volume too large for export; use the dashboard for analytics
Credit balance and transactions	Financial data; visible in the billing tab
Notification settings	Account-specific configuration
API keys	Security -- key hashes cannot be recovered

Use Cases

Periodic backup -- Download an export weekly or monthly as a safety net. If something goes wrong, you have a record of your configuration.
Migration -- If you decide to manage HAProxy directly, the export gives you a working template to start from.
Audit -- Review your current domain and server configuration in a structured format. Useful for compliance or documentation.
Disaster recovery -- If you lose dashboard access, the exported HAProxy template can be manually applied to your shield servers to keep traffic flowing.
Pre-deletion backup -- Always export before deleting your account. Once deleted, all data is gone permanently.

Tip: Store your export file securely. It contains your origin server IP addresses, which are the information Lumos Gate is designed to keep hidden.

Next Steps

Account Management -- Account settings and deletion process
Servers -- Server management in the dashboard
Domains -- Domain configuration details
WAF -- WAF rules and configuration
Architecture -- How Lumos Gate components work together

Config Export

On this page