diff --git a/README.md b/README.md index 3ed5218..74ecf81 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers - **Dynamic Config Reloads** — Upstreams can be updated live via API, no restart required. - **TLS Termination** — Built-in OpenSSL support. - **Automatic loading of certificates** — Automatically reads and loads certificates from a folder, without a restart. +- **Let’s Encrypt Certificates** — Automatic ordering and renewal of SSL/TLS certificates via the HTTP-01 challenge - **Upstreams TLS detection** — Aralez will automatically detect if upstreams uses secure connection. - **Built in rate limiter** — Limit requests to server, by setting up upper limit for requests per seconds, per virtualhost. - **Global rate limiter** — Set rate limit for all virtualhosts. @@ -52,7 +53,7 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers - 🔮 **Automatic GRPC Support:** Zero config, Requires `ssl` to proxy, gRPC handled seamlessly. - 🔮 **Upstreams Session Stickiness:** Enable/Disable Sticky sessions globally. - 🔐 **TLS Termination:** Fully supports TLS for upstreams and downstreams. -- 🛡️ **Built-in Authentication** Basic Auth, JWT, API key. +- 🛡️ **Built-in Authentication** Basic Auth, JWT, API key, Forward Auth. - 🧠 **Header Injection:** Global and per-route header configuration. - 🧪 **Health Checks:** Pluggable health check methods for upstreams. - 🛰️ **Remote Config Push:** Lightweight HTTP API to update configs from CI/CD or other systems. @@ -62,12 +63,20 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers ## 📁 File Structure ``` -. -├── main.yaml # Main configuration loaded at startup -├── upstreams.yaml # Watched config with upstream mappings -├── etc/ -│ ├── server.crt # TLS certificate (required if using TLS) -│ └── key.pem # TLS private key + +├── autoconfigs # Automatically create directory fo non human managed files +│ ├── acme_credentials.json # Credentials for loggind in to Let's Encrypt server. Automatically generated +│ └── domains.json # Auto generated file, contains list of domains for certificates +├── certificates +│ ├── yourdomain.com.crt +│ ├── yourdomain.com.key +│ ├── otherdomain.com.crt +│ └── otherdomain.com.key +├── conf.d +│ ├── yourdomain.yaml # Split configuration file for yourdomain.com +│ └── otherdomain.yaml # Split configuration file for otherdomain.com +├── main.yaml # Main configuration loaded at startup +└── upstreams.yaml # Watched config with upstream mappings ``` --- @@ -93,7 +102,7 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers | **config_tls_key_file** | etc/key.pem | Private Key file path. Mandatory if proxy_address_tls is set, else optional | | **proxy_address_http** | 0.0.0.0:6193 | Aralez HTTP bind address | | **proxy_address_tls** | 0.0.0.0:6194 | Aralez HTTPS bind address (Optional) | -| **proxy_certificates** | etc/certs/ | The directory containing certificate and key files. In a format {NAME}.crt, {NAME}.key. | +| **proxy_configs** | etc/ | The top directory of config files | | **upstreams_conf** | etc/upstreams.yaml | The location of upstreams file | | **log_level** | info | Log level , possible values : info, warn, error, debug, trace, off | | **hc_method** | HEAD | Healthcheck method (HEAD, GET, POST are supported) UPPERCASE | @@ -105,13 +114,13 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers ### 🌐 `upstreams.yaml` -- `provider`: `file` or `consul` +- `provider`: `file`, `consul` or `kubernetes` - File-based upstreams define: - Hostnames and routing paths - Backend servers (load-balanced) - Optional request headers, specific to this upstream - Global headers (e.g., CORS) apply to all proxied responses -- Optional authentication (Basic, API Key, JWT) +- Optional authentication (Basic, API Key, JWT, Forward) ---