diff --git a/src/app.rs b/src/app.rs
index 04272b2..d09a69e 100644
--- a/src/app.rs
+++ b/src/app.rs
@@ -33,6 +33,7 @@ impl ProxyApp {
         }
     }
 
+    // just only support IPv4
     async fn lookup_ipv4(&self, hostname: &str) -> Option<String> {
         let ips = self.tokio_async_resolver.ipv4_lookup(hostname).await;
         log::debug!("lookup {} --> {:#?}", hostname, ips);
@@ -59,13 +60,12 @@ impl ProxyApp {
     fn print_headers(buffer: &mut String, headers: &HeaderMap<HeaderValue>) {
         let header_len = headers.len();
         headers.iter().enumerate().for_each(|(i, (n, v))| {
-            buffer.push_str(
-                &format!("{}: {}{}",
-                         n.as_str(),
-                         v.to_str().unwrap_or("ERROR!BAD-VALUE!"),
-                         if i < header_len - 1 { "\n" } else { "" }
-                )
-            );
+            buffer.push_str(&format!(
+                "{}: {}{}",
+                n.as_str(),
+                v.to_str().unwrap_or("ERROR!BAD-VALUE!"),
+                if i < header_len - 1 { "\n" } else { "" }
+            ));
         });
     }
 }
diff --git a/src/cert.rs b/src/cert.rs
index 44b5fb4..336a678 100644
--- a/src/cert.rs
+++ b/src/cert.rs
@@ -34,6 +34,7 @@ pub fn issue_certificate(intermediate_certificate: &Certificate, domain: &str) -
 }
 
 fn parse_pkcs8(pem: &str) -> String {
+    // KeyPair only support PKCS#8 private key with public key, though public key is optional
     {
         use p256::{pkcs8::{DecodePrivateKey, EncodePrivateKey, LineEnding}, SecretKey};
         let secret_key = SecretKey::from_pkcs8_pem(pem);
diff --git a/src/main.rs b/src/main.rs
index f84e2c1..bee1e77 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -6,7 +6,7 @@ use pingora::{
 use pretty_env_logger::env_logger::Builder;
 use structopt::StructOpt;
 
-use crate::config::ProxyConfig;
+use crate::config::{ProxyConfig, ProxyGroup};
 use crate::service::HostConfig;
 
 mod app;
@@ -25,44 +25,7 @@ pub fn main() {
         panic!("Load proxy_config.json failed: {}", e);
     });
 
-    let mut services: Vec<Box<dyn Service>> = vec![];
-    for group in &proxy_config.groups {
-        let listen_address = format!("0.0.0.0:{}", group.port);
-        let mut host_configs = vec![];
-        if let Some(proxy_map) = &group.proxy_map {
-            for (hostname, proxy_item) in proxy_map {
-                host_configs.push(HostConfig {
-                    proxy_addr: proxy_item.address.clone(),
-                    proxy_tls: proxy_item.tls.unwrap_or(false),
-                    proxy_hostname: proxy_item.sni.clone().unwrap_or_else(|| hostname.clone()),
-                });
-            }
-        }
-        let lookup_tls = group.lookup_dns.unwrap_or(false);
-        log::info!("Listen at: {}, tls: {}, lookup_tls: {}", listen_address, group.tls.is_some(), lookup_tls);
-        match &group.tls {
-            None => {
-                let proxy_service_tcp = service::proxy_service_tcp(
-                    &my_server.configuration,
-                    &listen_address,
-                    lookup_tls,
-                    host_configs,
-                );
-                services.push(Box::new(proxy_service_tcp));
-            }
-            Some(proxy_tls) => {
-                let proxy_service_ssl = service::proxy_service_tls(
-                    &my_server.configuration,
-                    &listen_address,
-                    lookup_tls,
-                    &proxy_tls,
-                    host_configs,
-                );
-                services.push(Box::new(proxy_service_ssl));
-            }
-        }
-    }
-
+    let mut services = build_services(&my_server, &proxy_config);
     if let Some(true) = proxy_config.prometheus {
         let mut prometheus_service_http = ListeningService::prometheus_http_service();
         prometheus_service_http.add_tcp("127.0.0.1:6150");
@@ -78,9 +41,49 @@ fn init_logger() {
     let mut builder = Builder::new();
     builder.filter_level(LevelFilter::Info);
     let _ = builder.try_init();
+}
 
-    // if std::env::var("RUST_LOG").is_err() {
-    //     std::env::set_var("RUST_LOG", "pingora_reverse_proxy=debug");
-    // }
-    // pretty_env_logger::init_timed();
+fn build_services(server: &Server, proxy_config: &ProxyConfig) -> Vec<Box<dyn Service>> {
+    let mut services: Vec<Box<dyn Service>> = vec![];
+    for group in &proxy_config.groups {
+        let listen_address = format!("0.0.0.0:{}", group.port);
+        let host_configs = build_host_configs(group);
+        let lookup_tls = group.lookup_dns.unwrap_or(false);
+        log::info!("Listen at: {}, tls: {}, lookup_tls: {}", listen_address, group.tls.is_some(), lookup_tls);
+
+        match &group.tls {
+            None => {
+                services.push(Box::new(service::proxy_service_tcp(
+                    &server.configuration,
+                    &listen_address,
+                    lookup_tls,
+                    host_configs,
+                )));
+            }
+            Some(proxy_tls) => {
+                services.push(Box::new(service::proxy_service_tls(
+                    &server.configuration,
+                    &listen_address,
+                    lookup_tls,
+                    &proxy_tls,
+                    host_configs,
+                )));
+            }
+        }
+    }
+    services
+}
+
+fn build_host_configs(group: &ProxyGroup) -> Vec<HostConfig> {
+    let mut host_configs = vec![];
+    if let Some(proxy_map) = &group.proxy_map {
+        for (hostname, proxy_item) in proxy_map {
+            host_configs.push(HostConfig {
+                proxy_addr: proxy_item.address.clone(),
+                proxy_tls: proxy_item.tls.unwrap_or(false),
+                proxy_hostname: proxy_item.sni.clone().unwrap_or_else(|| hostname.clone()),
+            });
+        }
+    }
+    host_configs
 }
\ No newline at end of file