mirror of
https://github.com/sadoyan/aralez.git
synced 2026-05-30 03:44:06 +08:00
chore: readme tweaks & fmt
This commit is contained in:
hrachdev
88
README.md
88
README.md
@@ -2,7 +2,7 @@
|
||||
|
||||
---
|
||||
|
||||
# Aralez (Արալեզ),
|
||||
# Aralez (Արալեզ)
|
||||
|
||||
### **Reverse proxy built on top of Cloudflare's Pingora**
|
||||
|
||||
@@ -27,16 +27,16 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers
|
||||
- **Upstreams TLS detection** — Aralez will automatically detect if upstreams uses secure connection.
|
||||
- **Built in rate limiter** — Globar or route limit requests to upstreams.
|
||||
- **Authentication** — Supports Basic Auth, API tokens, and JWT verification.
|
||||
- **Basic Auth**
|
||||
- **API Key** via `x-api-key` header
|
||||
- **JWT Auth**, with tokens issued by Aralez itself via `/jwt` API
|
||||
- **Forward Auth**, Sends requests to an authentication server.
|
||||
- **Basic Auth**
|
||||
- **API Key** via `x-api-key` header
|
||||
- **JWT Auth**, with tokens issued by Aralez itself via `/jwt` API
|
||||
- **Forward Auth**, Sends requests to an authentication server.
|
||||
- **Load Balancing** Round-robin, health checks, optional sticky sessions.
|
||||
- **Built in file server** — Build in minimalistic file server for serving static files, should be added as upstreams for public access.
|
||||
- **Upstream Providers:**
|
||||
- `file` Upstreams are declared in config file.
|
||||
- `consul` Upstreams are dynamically updated from Hashicorp Consul.
|
||||
- `kubernetes` Upstreams are dynamically updated from kubernetes api server.
|
||||
- `file` Upstreams are declared in config file.
|
||||
- `consul` Upstreams are dynamically updated from Hashicorp Consul.
|
||||
- `kubernetes` Upstreams are dynamically updated from kubernetes api server.
|
||||
- **Automatic WebSocket Support:** WS connection upgrades are handled automatically.
|
||||
- **Automatic gRPC Support:** gRPC detected and handled automatically.
|
||||
- **Header Injection:** Global and per-route server/client headers injection.
|
||||
@@ -94,7 +94,7 @@ File names:
|
||||
| `aralez-x86_64-compat-glibc.gz` | Dynamic Linux x86_64 binary, compatible with old pre Haswell CPUs |
|
||||
| `aralez-aarch64-musl.gz` | Static Linux ARM64 binary, without any system dependency |
|
||||
| `aralez-aarch64-glibc.gz` | Dynamic Linux ARM64 binary, with minimal system dependencies |
|
||||
| `sadoyan/aralez` | Docker image on Debian 13 slim (https://hub.docker.com/r/sadoyan/aralez) |
|
||||
| `sadoyan/aralez` | Docker image on Debian 13 slim (<https://hub.docker.com/r/sadoyan/aralez>) |
|
||||
|
||||
**Via docker**
|
||||
|
||||
@@ -124,7 +124,7 @@ For getting the best performance on newer hardware use `aralez-x86_64-*.gz`.
|
||||
./aralez -c path/to/main.yaml
|
||||
```
|
||||
|
||||
## 🔌 Systemd integration
|
||||
## Systemd integration
|
||||
|
||||
```bash
|
||||
cat > /etc/systemd/system/aralez.service <<EOF
|
||||
@@ -193,23 +193,23 @@ myhost.mydomain.com:
|
||||
- All upstreams will receive custom headers : `X-Forwarded-Proto:https` and `X-Forwarded-Port:443`
|
||||
- Additionally, myhost.mydomain.com with path `/` will receive custom headers : `X-Another-Header:Hohohohoho` and `X-Something-Else:Foobar`
|
||||
- Requests to each hosted domains will be limited to 10 requests per second per virtualhost.
|
||||
- Requests limits are calculated per requester ip plus requested virtualhost.
|
||||
- If the requester exceeds the limit it will receive `429 Too Many Requests` error.
|
||||
- Optional. Rate limiter will be disabled if the parameter is entirely removed from config.
|
||||
- Requests limits are calculated per requester ip plus requested virtualhost.
|
||||
- If the requester exceeds the limit it will receive `429 Too Many Requests` error.
|
||||
- Optional. Rate limiter will be disabled if the parameter is entirely removed from config.
|
||||
- Requests to `myhost.mydomain.com/` will be limited to 20 requests per second.
|
||||
- Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`.
|
||||
- Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Aralez.
|
||||
- Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`.
|
||||
- Requests to `myhost.mydomain.com/.well-known/acme-challenge` will be proxied to `127.0.0.1:8001`, but healthcheks are disabled.
|
||||
- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
|
||||
- Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.
|
||||
- Self-signed certificates are silently accepted.
|
||||
- Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.
|
||||
- Self-signed certificates are silently accepted.
|
||||
- Global headers (CORS for this case) will be injected to all upstreams.
|
||||
- Additional headers will be injected into the request for `myhost.mydomain.com`.
|
||||
- You can choose any path, deep nested paths are supported, the best match chosen.
|
||||
- All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),
|
||||
- Firs parameter specifies the mechanism of authorisation `jwt`
|
||||
- Second is the secret key for validating `jwt` tokens
|
||||
- Firs parameter specifies the mechanism of authorisation `jwt`
|
||||
- Second is the secret key for validating `jwt` tokens
|
||||
|
||||
---
|
||||
|
||||
@@ -249,10 +249,10 @@ curl -XPOST --data-binary @./etc/upstreams.txt 127.0.0.1:3000/conf?key=${MASTERK
|
||||
- `apikey` : Authentication via `x-api-key` header, which should match the value in config.
|
||||
- `jwt`: JWT authentication implemented via `araleztoken=` url parameter. `/some/url?araleztoken=TOKEN`
|
||||
- `jwt`: JWT authentication implemented via `Authorization: Bearer <token>` header.
|
||||
- To obtain JWT a token, you should send **generate** request to built in api server's `/jwt` endpoint.
|
||||
- `master_key`: should match configured `masterkey` in `main.yaml` and `upstreams.yaml`.
|
||||
- `owner` : Just a placeholder, can be anything.
|
||||
- `valid` : Time in minutes during which the generated token will be valid.
|
||||
- To obtain JWT a token, you should send **generate** request to built in api server's `/jwt` endpoint.
|
||||
- `master_key`: should match configured `masterkey` in `main.yaml` and `upstreams.yaml`.
|
||||
- `owner` : Just a placeholder, can be anything.
|
||||
- `valid` : Time in minutes during which the generated token will be valid.
|
||||
|
||||
**Example JWT token generation request**
|
||||
|
||||
@@ -369,7 +369,7 @@ curl -u username:password -H 'Host: myip.mydomain.com' http://127.0.0.1:6193/
|
||||
- "192.168.211.212:8000"
|
||||
```
|
||||
|
||||
## 💡 Results reflect synthetic performance under optimal conditions.
|
||||
## 💡 Results reflect synthetic performance under optimal conditions
|
||||
|
||||
- CPU : Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz
|
||||
- 300 : simultaneous connections
|
||||
@@ -378,16 +378,16 @@ curl -u username:password -H 'Host: myip.mydomain.com' http://127.0.0.1:6193/
|
||||
|
||||
```
|
||||
Summary:
|
||||
Success rate: 100.00%
|
||||
Total: 600.0027 secs
|
||||
Slowest: 0.2138 secs
|
||||
Fastest: 0.0002 secs
|
||||
Average: 0.0023 secs
|
||||
Requests/sec: 129777.3838
|
||||
Success rate: 100.00%
|
||||
Total: 600.0027 secs
|
||||
Slowest: 0.2138 secs
|
||||
Fastest: 0.0002 secs
|
||||
Average: 0.0023 secs
|
||||
Requests/sec: 129777.3838
|
||||
|
||||
Total data: 0 B
|
||||
Size/request: 0 B
|
||||
Size/sec: 0 B
|
||||
Total data: 0 B
|
||||
Size/request: 0 B
|
||||
Size/sec: 0 B
|
||||
|
||||
Response time histogram:
|
||||
0.000 [1] |
|
||||
@@ -415,8 +415,8 @@ Response time distribution:
|
||||
|
||||
|
||||
Details (average, fastest, slowest):
|
||||
DNS+dialup: 0.0161 secs, 0.0002 secs, 0.0316 secs
|
||||
DNS-lookup: 0.0000 secs, 0.0000 secs, 0.0000 secs
|
||||
DNS+dialup: 0.0161 secs, 0.0002 secs, 0.0316 secs
|
||||
DNS-lookup: 0.0000 secs, 0.0000 secs, 0.0000 secs
|
||||
|
||||
Status code distribution:
|
||||
[200] 77866624 responses
|
||||
@@ -434,16 +434,16 @@ Error distribution:
|
||||
|
||||
```
|
||||
Summary:
|
||||
Success rate: 100.00%
|
||||
Total: 600.0021 secs
|
||||
Slowest: 0.2182 secs
|
||||
Fastest: 0.0002 secs
|
||||
Average: 0.0024 secs
|
||||
Requests/sec: 123870.5820
|
||||
Success rate: 100.00%
|
||||
Total: 600.0021 secs
|
||||
Slowest: 0.2182 secs
|
||||
Fastest: 0.0002 secs
|
||||
Average: 0.0024 secs
|
||||
Requests/sec: 123870.5820
|
||||
|
||||
Total data: 0 B
|
||||
Size/request: 0 B
|
||||
Size/sec: 0 B
|
||||
Total data: 0 B
|
||||
Size/request: 0 B
|
||||
Size/sec: 0 B
|
||||
|
||||
Response time histogram:
|
||||
0.000 [1] |
|
||||
@@ -471,8 +471,8 @@ Response time distribution:
|
||||
|
||||
|
||||
Details (average, fastest, slowest):
|
||||
DNS+dialup: 0.0066 secs, 0.0002 secs, 0.0210 secs
|
||||
DNS-lookup: 0.0000 secs, 0.0000 secs, 0.0000 secs
|
||||
DNS+dialup: 0.0066 secs, 0.0002 secs, 0.0210 secs
|
||||
DNS-lookup: 0.0000 secs, 0.0000 secs, 0.0000 secs
|
||||
|
||||
Status code distribution:
|
||||
[200] 74322377 responses
|
||||
|
||||
Reference in New Issue
Block a user