Reverse Proxy Server
MIT License
This reverse proxy server is designed to forward incoming requests to internal services, while offering advanced features such as SSL termination, rate limiting, content optimization, and OpenAPI-based request/response validation.
The proxy supports secure connections through SSL, with configurable paths to the SSL key and certificate files. This allows for secure HTTPS communication between clients and the reverse proxy.
# Optional
ssl:
keyfile: /path/to/your/ssl/keyfile
certfile: /path/to/your/ssl/certfile
- path: /
# Optional
minify: [js, html, css, json, xml, svg]
# You can use 'all' instaed to enable all content-types
# Optional
gzip: true # Enable GZIP compression
- path: /
timeout: 5s # Custom timeout for backend responses (Default 30s)
max_size: 2048 # Max request size in bytes (Default 10MB)
Rate limiting can be applied to prevent abuse, restricting the number of requests an individual client (based on IP) can make within a specific time window. Multiple rate limit policies can be configured, such as:
- path: /
# Optional
ratelimits:
- ip-10/m # Limit to 10 requests per minute per IP
- ip-500/d # Limit to 500 requests per day per IP
The server integrates OpenAPI for validating incoming requests and outgoing responses against an OpenAPI specification document. This ensures that:
You can specify the OpenAPI file path in the configuration, and the server will use it to validate the requests and responses automatically.
- path: /
# Optional
openapi: /path/to/openapi.yaml # OpenAPI file for request/response validation
File serving is used when the directory
field is set.
The endpoint path is removed from the request path before the file lookup. For example a path of /static and request path of /static/file.txt and a directory /var/www will search the file in /var/www/file.txt and not /var/www/static/file.txt
- path: /static
directory: /var/www/
The Server support load balancing between a number of backend servers and allow you to choose the balancing policy.
- path: /static
backend:
balance_policy: 'round-robin'
servers:
- url: http://backend-server-1/
weight: 1
- url: http://backend-server-2/
weight: 2
round-robin
(affected by weights)random
(affected by weights)least-latency
(not affected by weights)The server supports automated health checks for backend services. You can configure periodic checks to monitor the health of your backend servers under each endpoint's configuration.
- path: /
checks:
- name: "Health Check" # Descriptive name for the check
cron: "* * * * *" # Cron expression for check frequency
# Supported cron macros:
# - @yearly (or @annually) - Run once a year
# - @monthly - Run once a month
# - @weekly - Run once a week
# - @daily - Run once a day
# - @hourly - Run once an hour
# - @minutely - Run once a minute
method: GET # HTTP method for the health check
url: "http://backend-server-1/up" # Health check endpoint
timeout: 5s # Timeout for health check requests
headers: # Optional custom headers
Host: domain.org
Authorization: "Bearer abc123"
Here’s a generic example of how you can configure the reverse proxy:
version: '0.0.1'
host: your-host
port: your-port
ssl:
keyfile: /path/to/your/ssl/keyfile
certfile: /path/to/your/ssl/certfile
services:
- domain: your-domain.com
endpoints:
- path: /your-endpoint # will be served for every request with path that start with /your-endpoint (Example: /your-endpoint/1)
# directory: /home/yoyo/ # For static files serving
# destination: http://your-backend-service/
backend:
balance_policy: 'round-robin' # Can be 'round-robin', 'random', or 'least-latency'
servers:
- url: http://backend-server-1/
weight: 1
- url: http://backend-server-2/
weight: 2
minify: [js, html, css, json, xml, svg]
# You can use 'all' instaed to enable all content-types
gzip: true # Enable GZIP compression
timeout: 5s # Custom timeout for backend responses (Default 30s)
max_size: 2048 # Max request size in bytes (Default 10MB)
ratelimits:
- ip-10/m # Limit to 10 requests per minute per IP
- ip-500/d # Limit to 500 requests per day per IP
openapi: /path/to/openapi.yaml # OpenAPI file for request/response validation
omit_headers: [Authorization, X-API-Key, X-Secret-Token] # Omit response headers
checks:
- name: "Health Check"
cron: "* * * * *" # == @minutely
# Support cron format and macros.
# Macros:
# - @yearly
# - @annually
# - @monthly
# - @weekly
# - @daily
# - @hourly
# - @minutely
method: GET # HTTP Method
url: "http://backend-server-1/up"
timeout: 5s
headers:
Host: domain.org
Authorization: "Bearer abc123"
# on_failure options will be added in the future
cache: true # Cache responses that has cache headers (Cache-Control and Expire)
This project is licensed under the MIT License.