mirror of
https://github.com/sadoyan/aralez.git
synced 2026-04-29 22:38:36 +08:00
README.md
This commit is contained in:
Ara Sadoyan
133
README.md
Normal file
133
README.md
Normal file
@@ -0,0 +1,133 @@
|
||||
# Gazan, Reverse proxy, service mesh based on Cloudflare's Pingora
|
||||
|
||||
Built on Rust, on top of **Cloudflare’s battle-tested Pingora engine**, **Gazan** delivers world-class performance, security, and scalability — right out of the box.
|
||||
|
||||
**Pingora** powers millions of requests per second at Cloudflare’s edge, and now you can harness its core in your own infrastructure. This project brings that power into a lean and flexible reverse proxy with dynamic upstream configuration and
|
||||
automatic websocket support.
|
||||
|
||||
---
|
||||
|
||||
## 🌍 Highlights
|
||||
|
||||
- ⚙️ **Upstream Providers:** Supports `file`-based static upstreams, dynamic service discovery via `Consul`, and upcoming `Kubernetes` integration
|
||||
- 🔁 **Hot Reloading:** Modify upstreams on the fly via `upstreams.yaml` — no restart needed
|
||||
- 🔮 **Automatic WebSocket Support:** No special config required — connection upgrades are handled seamlessly
|
||||
- 🔐 **TLS Termination:** Fully supports TLS for incoming and upstream traffic
|
||||
- 🛡️ **Built-in Auth Support:** (Basic and API Key ready)
|
||||
- 🧠 **CORS & Header Injection:** Global and per-route header configuration
|
||||
- 🧪 **Health Checks:** Pluggable health check methods for upstreams
|
||||
- 🛰️ **Remote Config Push:** Lightweight HTTP API to update configs from CI/CD or other systems
|
||||
|
||||
---
|
||||
|
||||
## 📁 File Structure
|
||||
|
||||
```
|
||||
.
|
||||
├── main.yaml # Main configuration loaded at startup
|
||||
├── upstreams.yaml # Watched config with upstream mappings
|
||||
├── etc/
|
||||
│ ├── server.crt # TLS certificate (required if using TLS)
|
||||
│ └── key.pem # TLS private key
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🛠 Configuration Overview
|
||||
|
||||
### 🔧 `main.yaml`
|
||||
|
||||
- `proxy_address_http`: `0.0.0.0:6193` (HTTP listener)
|
||||
- `proxy_address_tls`: `0.0.0.0:6194` (TLS listener, optional)
|
||||
- `config_address`: `0.0.0.0:3000` (HTTP API for remote config push)
|
||||
- `upstreams_conf`: `etc/upstreams.yaml` (location of upstreams config)
|
||||
- `log_level`: `info` (verbosity of logs)
|
||||
- `hc_method`: `HEAD`, `hc_interval`: `2s` (upstream health checks)
|
||||
- Other defaults: thread count, keep-alive pool size, etc.
|
||||
|
||||
### 🌐 `upstreams.yaml`
|
||||
|
||||
- `provider`: `file` or `consul`
|
||||
- File-based upstreams define:
|
||||
- Hostnames and routing paths
|
||||
- Backend servers (load-balanced)
|
||||
- Optional request headers
|
||||
- Optional TLS for upstreams
|
||||
- Global headers (e.g., CORS) apply to all proxied responses
|
||||
- Optional authentication (Basic, API Key) — currently commented for example
|
||||
|
||||
---
|
||||
|
||||
## 🔌 Running the Proxy
|
||||
|
||||
```bash
|
||||
./gazan -c path/to/main.yaml
|
||||
```
|
||||
|
||||
Replace `APP_BINARY` with your compiled binary.
|
||||
|
||||
---
|
||||
|
||||
## 💡 Example
|
||||
|
||||
A sample `upstreams.yaml` entry:
|
||||
|
||||
```yaml
|
||||
myhost.mydomain.com:
|
||||
paths:
|
||||
"/":
|
||||
ssl: false
|
||||
headers:
|
||||
- "X-Some-Thing:Yaaaaaaaaaaaaaaa"
|
||||
- "X-Proxy-From:Hopaaaaaaaaaaaar"
|
||||
servers:
|
||||
- "127.0.0.1:8000"
|
||||
- "127.0.0.2:8000"
|
||||
```
|
||||
|
||||
This means:
|
||||
|
||||
- Requests to `myhost.mydomain.com/` will be load balanced to those servers.
|
||||
- You can choose any path, deep nested paths are supported, the best match will be chosen
|
||||
- Additional headers will be injected into the request.
|
||||
- TLS is disabled for upstreams (but can be enabled).
|
||||
|
||||
---
|
||||
|
||||
## 🔄 Hot Reload
|
||||
|
||||
- Changes to `upstreams.yaml` are applied immediately.
|
||||
- No need to restart the proxy — just save the file.
|
||||
|
||||
---
|
||||
|
||||
## 🔐 TLS Support
|
||||
|
||||
To enable TLS for Proxy server: Currently only OpenSSL is supported, working on Boringssl and Rustls
|
||||
|
||||
1. Set `proxy_address_tls` in `main.yaml`
|
||||
2. Provide `tls_certificate` and `tls_key_file`
|
||||
|
||||
---
|
||||
|
||||
## 📡 Remote Config API
|
||||
|
||||
You can push new `upstreams.yaml` over HTTP to `config_address` (`:3000` by default). Useful for CI/CD automation or remote config updates.
|
||||
|
||||
```bash
|
||||
curl -XPOST --data-binary @./etc/upstreams.txt 127.0.0.1:3000/conf
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 📃 License
|
||||
|
||||
The product is distributed under [Apache License Version 2.0](https://www.apache.org/licenses/LICENSE-2.0)
|
||||
|
||||
---
|
||||
|
||||
## 🧠 Notes
|
||||
|
||||
- Uses Pingora under the hood for efficiency and flexibility.
|
||||
- Designed for edge proxying, internal routing, or hybrid cloud scenarios.
|
||||
- WebSocket upgrade support is fully automatic.
|
||||
@@ -1,17 +1,18 @@
|
||||
version: 1
|
||||
threads: 8
|
||||
#idle_timeout: 1000
|
||||
upstream_keepalive_pool_size: 100
|
||||
pid_file: /tmp/load_balancer.pid
|
||||
error_log: /tmp/load_balancer_err.log
|
||||
upgrade_sock: /tmp/load_balancer.sock
|
||||
config_address: 0.0.0.0:3000
|
||||
proxy_address_http: 0.0.0.0:6193
|
||||
# Default configuration file for Pingora, read only once at startup
|
||||
version: 1 # Pingora default setting
|
||||
threads: 8 # Pingora default setting
|
||||
#idle_timeout: 1000 # Pingora default setting
|
||||
upstream_keepalive_pool_size: 100 # Pingora default setting
|
||||
pid_file: /tmp/load_balancer.pid # Pingora default setting
|
||||
error_log: /tmp/load_balancer_err.log # Pingora default setting
|
||||
upgrade_sock: /tmp/load_balancer.sock # Pingora default setting
|
||||
config_address: 0.0.0.0:3000 # HTTP API address for pushing upstreams.yaml from remote location
|
||||
proxy_address_http: 0.0.0.0:6193 # Pingora default setting
|
||||
proxy_address_tls: 0.0.0.0:6194 # Optional
|
||||
tls_certificate: etc/server.crt # Mandatory if proxy_address_tls is set
|
||||
tls_key_file: etc/key.pem # Mandatory if proxy_address_tls is set
|
||||
upstreams_conf: etc/upstreams.yaml
|
||||
upstreams_conf: etc/upstreams.yaml # the location of upstreams file
|
||||
log_level: info # info, warn, error, debug, trace, off
|
||||
hc_method: HEAD
|
||||
hc_interval: 2
|
||||
hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported)
|
||||
hc_interval: 2 #Intervak for Healthcheck in seconds
|
||||
|
||||
|
||||
@@ -1,15 +1,16 @@
|
||||
provider: "file"
|
||||
# The file is under watch and hot reload , changes are applied immediately, no need to restart of reload app
|
||||
provider: "file" # consul
|
||||
globals:
|
||||
headers:
|
||||
- "Access-Control-Allow-Origin:*"
|
||||
- "Access-Control-Allow-Methods:POST, GET, OPTIONS"
|
||||
- "Access-Control-Max-Age:86400"
|
||||
# authorization:
|
||||
# authorization: # if enabled
|
||||
# - "basic"
|
||||
# - "zangag:Anhnazand1234"
|
||||
# - "apikey"
|
||||
# - "qweasdqweadhbk"
|
||||
consul:
|
||||
consul: # read only if provider is consul
|
||||
servers:
|
||||
- "http://master1:8500"
|
||||
- "http://192.168.22.1:8500"
|
||||
@@ -22,7 +23,7 @@ consul:
|
||||
- proxy: "proxy-backoffice-dev-backoffice-srv"
|
||||
real: "backoffice-dev-backoffice-srv"
|
||||
token: "8e2db809-845b-45e1-8b47-2c8356a09da0-a4370955-18c2-4d6e-a8f8-ffcc0b47be81"
|
||||
upstreams:
|
||||
upstreams: # read only if provider is files
|
||||
myip.netangels.net:
|
||||
paths:
|
||||
"/":
|
||||
|
||||
Reference in New Issue
Block a user