Metrics exporter for Prometheus

Cargo.toml

@@ -4,14 +4,16 @@ version = "0.1.0"
 edition = "2021"
 
 [profile.release]
+opt-level = 3
 lto = true
 codegen-units = 1
-opt-level = 3
+panic = "abort"
-strip = "symbols"
+strip = true
 
 [dependencies]
 tokio = { version = "1.45.0", features = ["full"] }
-pingora = { version = "0.5.0", features = ["lb", "rustls"] } # openssl, rustls, boringssl
+#pingora = { version = "0.5.0", features = ["lb", "rustls"] } # openssl, rustls, boringssl
+pingora = { version = "0.5.0", features = ["lb", "openssl"] } # openssl, rustls, boringssl
 serde = { version = "1.0.219", features = ["derive"] }
 dashmap = "7.0.0-rc2"
 pingora-core = "0.5.0"
@@ -23,9 +25,9 @@ log = "0.4.27"
 futures = "0.3.31"
 notify = "8.0.0"
 axum = { version = "0.8.4" }
-#reqwest = { version = "0.12.15", features = ["json", "native-tls-alpn"] }
+reqwest = { version = "0.12.15", features = ["json", "native-tls-alpn"] }
 #reqwest = { version = "0.12.15", features = ["json", "rustls-tls"] }
-reqwest = { version = "0.12.15", default-features = false, features = ["rustls-tls", "json"] }
+#reqwest = { version = "0.12.15", default-features = false, features = ["rustls-tls", "json"] }
 
 serde_yaml = "0.9.34-deprecated"
 rand = "0.9.0"
@@ -36,6 +38,8 @@ sha2 = { version = "0.11.0-pre.5", default-features = false }
 base16ct = { version = "0.2.0", features = ["alloc"] }
 urlencoding = "2.1.3"
 arc-swap = "1.7.1"
-rustls = { version = "0.23.27", features = ["ring"] }
+#rustls = { version = "0.23.27", features = ["ring"] }
 mimalloc = { version = "0.1.46", default-features = false }
+prometheus = "0.14.0"
+lazy_static = "1.5.0"
 

METRICS.md

@@ -0,0 +1,116 @@
+# 📈 Gazan Prometheus Metrics Reference
+
+This document outlines Prometheus metrics for the [Gazan](https://github.com/sadoyan/gazan) reverse proxy.
+These metrics can be used for monitoring, alerting and performance analysis.
+
+Exposed to `http://config_address/metrics`
+
+By default `http://127.0.0.1:3000/metrics`
+
+---
+
+## 🛠️ Prometheus Metrics
+
+### 1. `gazan_requests_total`
+
+- **Type**: `Counter`
+- **Purpose**: Total amount requests served by Gazan.
+
+**PromQL example:**
+
+```promql
+rate(gazan_requests_total[5m])
+```
+
+---
+
+### 2. `gazan_errors_total`
+
+- **Type**: `Counter`
+- **Purpose**: Count of requests that resulted in an error.
+
+**PromQL example:**
+
+```promql
+rate(gazan_errors_total[5m])
+```
+
+---
+
+### 3. `gazan_responses_total{status="200"}`
+
+- **Type**: `CounterVec`
+- **Purpose**: Count of responses by HTTP status code.
+
+**PromQL example:**
+
+```promql
+rate(gazan_responses_total{status=~"5.."}[5m]) > 0
+```
+
+> Useful for alerting on 5xx errors.
+
+---
+
+### 4. `gazan_response_latency_seconds`
+
+- **Type**: `Histogram`
+- **Purpose**: Tracks the latency of responses in seconds.
+
+**Example bucket output:**
+
+```prometheus
+gazan_response_latency_seconds_bucket{le="0.01"}  15
+gazan_response_latency_seconds_bucket{le="0.1"}   120
+gazan_response_latency_seconds_bucket{le="0.25"}  245
+gazan_response_latency_seconds_bucket{le="0.5"}   500
+...
+gazan_response_latency_seconds_count  1023
+gazan_response_latency_seconds_sum    42.6
+```
+
+| Metric                  | Meaning                                                       |
+|-------------------------|---------------------------------------------------------------|
+| `bucket{le="0.1"} 120`  | 120 requests were ≤ 100ms                                     |
+| `bucket{le="0.25"} 245` | 245 requests were ≤ 250ms                                     |
+| `count`                 | Total number of observations (i.e., total responses measured) |
+| `sum`                   | Total time of all responses, in seconds                       |
+
+### 🔍 How to interpret:
+
+- `le` means “less than or equal to”.
+- `count` is total amount of observations.
+- `sum` is the total time (in seconds) of all responses.
+
+**PromQL examples:**
+
+🔹 **95th percentile latency**
+
+```promql
+histogram_quantile(0.95, rate(gazan_response_latency_seconds_bucket[5m]))
+
+```
+
+🔹 **Average latency**
+
+```promql
+rate(gazan_response_latency_seconds_sum[5m]) / rate(gazan_response_latency_seconds_count[5m])
+```
+
+---
+
+## ✅ Notes
+
+- Metrics are registered after the first served request.
+
+---
+✅ Summary of key metrics
+
+| Metric Name                           | Type       | What it Tells You         |
+|---------------------------------------|------------|---------------------------|
+| `gazan_requests_total`                | Counter    | Total requests served     |
+| `gazan_errors_total`                  | Counter    | Number of failed requests |
+| `gazan_responses_total{status="200"}` | CounterVec | Response status breakdown |
+| `gazan_response_latency_seconds`      | Histogram  | How fast responses are    |
+
+📘 *Last updated: May 2025*

README.md

@@ -123,18 +123,19 @@ A sample `upstreams.yaml` entry:
 
 ```yaml
 provider: "file"
-stickysessions: false
+sticky_sessions: false
-globals:
+to_https: false
-  headers:
+headers:
-    - "Access-Control-Allow-Origin:*"
+  - "Access-Control-Allow-Origin:*"
-    - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
+  - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
-    - "Access-Control-Max-Age:86400"
+  - "Access-Control-Max-Age:86400"
-  authorization:
+authorization:
-    - "jwt"
+  type: "jwt"
-    - "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
+  creds: "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
 myhost.mydomain.com:
   paths:
     "/":
+      to_https: false
       headers:
         - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
         - "X-Proxy-From:Hopaaaaaaaaaaaar"
@@ -142,6 +143,7 @@ myhost.mydomain.com:
         - "127.0.0.1:8000"
         - "127.0.0.2:8000"
     "/foo":
+      to_https: true
       headers:
         - "X-Another-Header:Hohohohoho"
       servers:
@@ -151,15 +153,17 @@ myhost.mydomain.com:
 
 **This means:**
 
-- Sticky sessions are disabled globally. This setting applies to all upstreams.
+- Sticky sessions are disabled globally. This setting applies to all upstreams. If enabled all requests will be 301 redirected to HTTPS.
+- HTTP to HTTPS redirect disabled globally, but can be overridden by `to_https` setting per upstream.
 - Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`.
+- Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Gazan.
 - Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`.
 - SSL/TLS for upstreams is detected automatically, no need to set any config parameter.
     - Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.
     - Self signed certificates are silently accepted.
 - Global headers (CORS for this case) will be injected to all upstreams
 - Additional headers will be injected into the request for `myhost.mydomain.com`.
-- You can choose any path, deep nested paths are supported, the best match is chosen.
+- You can choose any path, deep nested paths are supported, the best match chosen.
 - All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),
     - Firs parameter specifies the mechanism of authorisation `jwt`
     - Second is the secret key for validating `jwt` tokens

etc/upstreams.yaml

@@ -1,37 +1,34 @@
-# The file is under watch and hot reload , changes are applied immediately, no need to restart or reload
+# The file under watch and hot reload, changes are applied immediately, no need to restart or reload.
 provider: "file" # consul
-stickysessions: true
+sticky_sessions: false
-globals:
+to_ssl: false
-  headers: # Global headers, appended for all upstreams and all paths.
+headers:
-    - "Access-Control-Allow-Origin:*"
+  - "Access-Control-Allow-Origin:*"
-    - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
+  - "Access-Control-Allow-Methods:POST, GET, OPTIONS"
-    - "Access-Control-Max-Age:86400"
+  - "Access-Control-Max-Age:86400"
-    - "X-Custom-Header:Something Special"
+  - "X-Custom-Header:Something Special"
-#  authorization: #  Optional, only one of auth methods below can be active at a time
+authorization:
-#    - "basic"
+  type: "jwt"
-#    - "gazan:Gazanpass1234"
+  creds: "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
-#    - "apikey"
+#  type: "basic"
-#    - "5a28cc4c-ce10-4ff1-824e-743c38835f5c"
+#  creds: "user:Passw0rd"
-#    - "jwt"
+#  type: "apikey"
-#    - "910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774"
+#  creds: "5ecbf799-1343-4e94-a9b5-e278af5cd313-56b45249-1839-4008-a450-a60dc76d2bae"
-consul: # If the provider is consul. Otherwise ignored
+consul: # If the provider is consul. Otherwise, ignored.
   servers:
     - "http://master1:8500"
     - "http://192.168.22.1:8500"
-    - "http://master1.digitai.local:8500"
+    - "http://master1.foo.local:8500"
-  services: # proxy: The hostname to access proxy server, real : The real service name in Consul
+  services: # proxy: The hostname to access the proxy server, real : The real service name in Consul database.
     - proxy: "proxy-frontend-dev-frontend-srv"
       real: "frontend-dev-frontend-srv"
-  #    - proxy: "proxy-gateway-test-gateway-srv"
-  #      real: "gateway-test-gateway-srv"
-  #    - proxy: "proxy-backoffice-dev-backoffice-srv"
-  #      real: "backoffice-dev-backoffice-srv"
   token: "8e2db809-845b-45e1-8b47-2c8356a09da0-a4370955-18c2-4d6e-a8f8-ffcc0b47be81" # Consul server access token, If Consul auth is enabled
-upstreams: # If provider is files. Otherwise ignored
+upstreams:
-  myip.netangels.net: # Hostname, or header host to access the upstream
+  myip.mydomain.com:
-    paths: # URL path(s) for current upstream, closest match wins
+    paths:
       "/":
-        headers: # Custom headers, set only for this Host and Path
+        to_https: false
+        headers:
           - "X-Proxy-From:Gazan"
         servers: # List of upstreams HOST:PORT
           - "127.0.0.1:8000"
@@ -39,6 +36,7 @@ upstreams: # If provider is files. Otherwise ignored
           - "127.0.0.3:8000"
           - "127.0.0.4:8000"
       "/ping":
+        to_https: true
         headers:
           - "X-Some-Thing:Yaaaaaaaaaaaaaaa"
           - "X-Proxy-From:Gazan"
@@ -48,7 +46,7 @@ upstreams: # If provider is files. Otherwise ignored
       "/draw":
         servers:
           - "192.168.1.1:8000"
-  polo.netangels.net:
+  polo.mydomain.com:
     paths:
       "/":
         headers:
@@ -59,37 +57,4 @@ upstreams: # If provider is files. Otherwise ignored
           - "127.0.0.1:8000"
           - "127.0.0.2:8000"
           - "127.0.0.3:8000"
-          - "127.0.0.4:8000"
+          - "127.0.0.4:8000"
-  glop.netangels.net:
-    paths:
-      "/":
-        headers:
-          - "X-Hopar-From:Hopaaaaaaaaaaaar"
-        servers:
-          - "192.168.1.10:8000"
-          - "192.168.1.1:8000"
-  apt.netangels.net:
-    paths:
-      "/":
-        servers:
-          - "apt.netangels.net:443"
-  test.netangels.net:
-    paths:
-      "/":
-        servers:
-          - "myip.netangels.net:80"
-  127.0.0.1:
-    paths:
-      "/":
-        servers:
-          - "192.168.1.5:8080"
-  127.0.0.2:
-    paths:
-      "/":
-        servers:
-          - "10.0.55.171:3000"
-  localpost:
-    paths:
-      "/":
-        servers:
-          - "127.0.0.1:9000"

src/utils.rs

@@ -4,6 +4,7 @@ pub mod discovery;
 mod filewatch;
 pub mod healthcheck;
 pub mod jwt;
+pub mod metrics;
 pub mod parceyaml;
 pub mod structs;
 pub mod tools;

src/utils/consul.rs

@@ -109,7 +109,7 @@ async fn consul_request(url: String, whitelist: Option<Vec<ServiceMapping>>, tok
     Some(upstreams)
 }
 
-async fn get_by_http(url: String, token: Option<String>) -> Option<DashMap<String, (Vec<(String, u16, bool, bool)>, AtomicUsize)>> {
+async fn get_by_http(url: String, token: Option<String>) -> Option<DashMap<String, (Vec<(String, u16, bool, bool, bool)>, AtomicUsize)>> {
     let client = reqwest::Client::new();
     let mut headers = HeaderMap::new();
     if let Some(token) = token {
@@ -118,7 +118,7 @@ async fn get_by_http(url: String, token: Option<String>) -> Option<DashMap<Strin
     let to = Duration::from_secs(1);
     let u = client.get(url).timeout(to).send();
     let mut values = Vec::new();
-    let upstreams: DashMap<String, (Vec<(String, u16, bool, bool)>, AtomicUsize)> = DashMap::new();
+    let upstreams: DashMap<String, (Vec<(String, u16, bool, bool, bool)>, AtomicUsize)> = DashMap::new();
     match u.await {
         Ok(r) => {
             let jason = r.json::<Vec<Service>>().await;
@@ -127,7 +127,7 @@ async fn get_by_http(url: String, token: Option<String>) -> Option<DashMap<Strin
                     for service in whitelist {
                         let addr = service.tagged_addresses.get("lan_ipv4").unwrap().address.clone();
                         let prt = service.tagged_addresses.get("lan_ipv4").unwrap().port.clone();
-                        let to_add = (addr, prt, false, false);
+                        let to_add = (addr, prt, false, false, false);
                         values.push(to_add);
                     }
                 }

src/utils/healthcheck.rs

@@ -20,13 +20,13 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
                 for val in fclone.iter() {
                     let host = val.key();
                     let inner = DashMap::new();
-                    let mut _scheme: (String, u16, bool, bool) = ("".to_string(), 0, false, false);
+                    let mut _scheme: (String, u16, bool, bool, bool) = ("".to_string(), 0, false, false, false);
                     for path_entry in val.value().iter() {
                         // let inner = DashMap::new();
                         let path = path_entry.key();
                         let mut innervec= Vec::new();
                         for k in path_entry.value().0 .iter().enumerate() {
-                            let (ip, port, _ssl, _version) = k.1;
+                            let (ip, port, _ssl, _version, _redir) = k.1;
                             let mut _link = String::new();
                             let tls = detect_tls(ip, port).await;
                             let mut is_h2 = false;
@@ -52,13 +52,13 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
                             // }else {
                             //     _scheme = (ip.to_string(), *port, false);
                             // }
-                            _scheme = (ip.to_string(), *port, tls.0, is_h2);
+                            _scheme = (ip.to_string(), *port, tls.0, is_h2, *_redir);
                             // let link = format!("{}{}:{}{}", _pref, ip, port, path);
                             let resp = http_request(_link.as_str(), params.0, "").await;
                             match resp.0 {
                                 true => {
                                     if resp.1 {
-                                        _scheme = (ip.to_string(), *port, tls.0, true);
+                                        _scheme = (ip.to_string(), *port, tls.0, true,  *_redir);
                                     }
                                     innervec.push(_scheme.clone());
                                 }
@@ -75,7 +75,8 @@ pub async fn hc2(upslist: Arc<UpstreamsDashMap>, fullist: Arc<UpstreamsDashMap>,
                 if first_run == 1 {
                     info!("Performing initial hatchecks and upstreams ssl detection");
                     clone_idmap_into(&totest, &idlist);
-                    info!("Gazan is up and ready to serve requests");
+                    info!("Gazan is up and ready to serve requests, the upstreams list is:");
+                    print_upstreams(&totest)
                 }
 
                 first_run+=1;

src/utils/metrics.rs

@@ -0,0 +1,58 @@
+use prometheus::{register_histogram, register_int_counter, register_int_counter_vec, Histogram, IntCounter, IntCounterVec};
+use std::time::Duration;
+
+lazy_static::lazy_static! {
+    pub static ref REQUEST_COUNT: IntCounter = register_int_counter!(
+        "gazan_requests_total",
+        "Total number of requests handled by Gazan"
+    ).unwrap();
+      pub static ref RESPONSE_CODES: IntCounterVec = register_int_counter_vec!(
+        "gazan_responses_total",
+        "Responses grouped by status code",
+        &["status"]
+    ).unwrap();
+    pub static ref REQUEST_LATENCY:  Histogram = register_histogram!(
+        "gazan_request_latency_seconds",
+        "Request latency in seconds",
+        vec![0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1.0, 2.5, 5.0]
+    ).unwrap();
+    pub static ref RESPONSE_LATENCY: Histogram = register_histogram!(
+        "gazan_response_latency_seconds",
+        "Response latency in seconds",
+        vec![0.01, 0.05, 0.1, 0.25, 0.5, 1.0, 2.0, 5.0]
+    ).unwrap();
+    pub static ref REQUESTS_BY_METHOD: IntCounterVec = register_int_counter_vec!(
+        "gazan_requests_by_method_total",
+        "Number of requests by HTTP method",
+        &["method"]
+    ).unwrap();
+    pub static ref ERROR_COUNT: IntCounter = register_int_counter!(
+        "gazan_errors_total",
+        "Total number of errors"
+    ).unwrap();
+}
+
+pub fn calc_metrics(method: String, code: u16, latency: Duration) {
+    REQUEST_COUNT.inc();
+    let timer = REQUEST_LATENCY.start_timer();
+    timer.observe_duration();
+    RESPONSE_CODES.with_label_values(&[&code.to_string()]).inc();
+    REQUESTS_BY_METHOD.with_label_values(&[&method]).inc();
+    RESPONSE_LATENCY.observe(latency.as_secs_f64());
+}
+
+/*
+tokio::spawn(async move {
+    let mut interval = tokio::time::interval(std::time::Duration::from_secs(5));
+    loop {
+        interval.tick().await;
+
+        // read Pingora stats
+        let stats = pingora.get_stats();
+
+        // update Prometheus metrics accordingly
+        REQUEST_COUNT.set(stats.requests_total);
+        // ... etc
+    }
+});
+*/

src/utils/parceyaml.rs

@@ -13,7 +13,8 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
         consul: None,
         typecfg: "".to_string(),
         extraparams: Extraparams {
-            stickysessions: false,
+            sticky_sessions: false,
+            to_https: None,
             authentication: DashMap::new(),
         },
     };
@@ -46,25 +47,27 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
         Ok(parsed) => {
             let global_headers = DashMap::new();
             let mut hl = Vec::new();
-            if let Some(globals) = &parsed.globals {
+            if let Some(headers) = &parsed.headers {
-                for headers in globals.get("headers").iter().by_ref() {
+                for header in headers.iter() {
-                    for header in headers.iter() {
+                    if let Some((key, val)) = header.split_once(':') {
-                        if let Some((key, val)) = header.split_once(':') {
+                        hl.push((key.to_string(), val.to_string()));
-                            hl.push((key.to_string(), val.to_string()));
-                        }
                     }
                 }
                 global_headers.insert("/".to_string(), hl);
                 toreturn.headers.insert("GLOBAL_HEADERS".to_string(), global_headers);
-                toreturn.extraparams.stickysessions = parsed.stickysessions;
+
-                let cfg = DashMap::new();
+                toreturn.extraparams.sticky_sessions = parsed.sticky_sessions;
-                if let Some(k) = globals.get("authorization") {
+                toreturn.extraparams.to_https = parsed.to_https;
-                    cfg.insert("authorization".to_string(), k.to_owned());
-                    toreturn.extraparams.authentication = cfg;
-                } else {
-                    toreturn.extraparams.authentication = DashMap::new();
-                }
             }
+            if let Some(auth) = &parsed.authorization {
+                let name = auth.get("type").unwrap().to_string();
+                let creds = auth.get("creds").unwrap().to_string();
+                let val: Vec<String> = vec![name, creds];
+                toreturn.extraparams.authentication.insert("authorization".to_string(), val);
+            } else {
+                toreturn.extraparams.authentication = DashMap::new();
+            }
+
             match parsed.provider.as_str() {
                 "file" => {
                     toreturn.typecfg = "file".to_string();
@@ -86,8 +89,9 @@ pub fn load_configuration(d: &str, kind: &str) -> Option<Configuration> {
                                 for server in path_config.servers {
                                     if let Some((ip, port_str)) = server.split_once(':') {
                                         if let Ok(port) = port_str.parse::<u16>() {
-                                            // server_list.push((ip.to_string(), port, path_config.ssl));
+                                            // let to_https = matches!(path_config.to_https, Some(true));
-                                            server_list.push((ip.to_string(), port, true, false));
+                                            let to_https = path_config.to_https.unwrap_or(false);
+                                            server_list.push((ip.to_string(), port, true, false, to_https));
                                         }
                                     }
                                 }
@@ -139,5 +143,12 @@ pub fn parce_main_config(path: &str) -> AppConfig {
             cfo.local_server = Option::from((ip.to_string(), port));
         }
     }
+    if let Some(tlsport_cfg) = cfo.proxy_address_tls.clone() {
+        if let Some((_, port_str)) = tlsport_cfg.split_once(':') {
+            if let Ok(port) = port_str.parse::<u16>() {
+                cfo.proxy_port_tls = Some(port);
+            }
+        }
+    };
     cfo
 }

src/utils/structs.rs

@@ -3,8 +3,9 @@ use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::sync::atomic::AtomicUsize;
 
-pub type UpstreamsDashMap = DashMap<String, DashMap<String, (Vec<(String, u16, bool, bool)>, AtomicUsize)>>;
+pub type InnerMap = (String, u16, bool, bool, bool);
-pub type UpstreamsIdMap = DashMap<String, (String, u16, bool, bool)>;
+pub type UpstreamsDashMap = DashMap<String, DashMap<String, (Vec<InnerMap>, AtomicUsize)>>;
+pub type UpstreamsIdMap = DashMap<String, InnerMap>;
 pub type Headers = DashMap<String, DashMap<String, Vec<(String, String)>>>;
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -15,7 +16,8 @@ pub struct ServiceMapping {
 
 #[derive(Clone, Debug)]
 pub struct Extraparams {
-    pub stickysessions: bool,
+    pub sticky_sessions: bool,
+    pub to_https: Option<bool>,
     pub authentication: DashMap<String, Vec<String>>,
 }
 
@@ -28,9 +30,12 @@ pub struct Consul {
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Config {
     pub provider: String,
-    pub stickysessions: bool,
+    pub sticky_sessions: bool,
+    pub to_https: Option<bool>,
     pub upstreams: Option<HashMap<String, HostConfig>>,
     pub globals: Option<HashMap<String, Vec<String>>>,
+    pub headers: Option<Vec<String>>,
+    pub authorization: Option<HashMap<String, String>>,
     pub consul: Option<Consul>,
 }
 
@@ -42,6 +47,7 @@ pub struct HostConfig {
 #[derive(Debug, Serialize, Deserialize)]
 pub struct PathConfig {
     pub servers: Vec<String>,
+    pub to_https: Option<bool>,
     pub headers: Option<Vec<String>>,
 }
 #[derive(Debug)]
@@ -63,6 +69,7 @@ pub struct AppConfig {
     pub proxy_address_http: String,
     pub master_key: String,
     pub proxy_address_tls: Option<String>,
+    pub proxy_port_tls: Option<u16>,
     pub tls_certificate: Option<String>,
     pub tls_key_file: Option<String>,
     pub local_server: Option<(String, u16)>,

src/utils/tools.rs

@@ -16,8 +16,8 @@ pub fn print_upstreams(upstreams: &UpstreamsDashMap) {
             let path = path_entry.key();
             println!(" Path: {}", path);
 
-            for (ip, port, ssl, vers) in path_entry.value().0.clone() {
+            for (ip, port, ssl, vers, to_https) in path_entry.value().0.clone() {
-                println!("    ===> IP: {}, Port: {}, SSL: {}, H2: {}", ip, port, ssl, vers);
+                println!("    ===> IP: {}, Port: {}, SSL: {}, H2: {}, To HTTPS: {}", ip, port, ssl, vers, to_https);
             }
         }
     }
@@ -139,7 +139,7 @@ pub fn clone_idmap_into(original: &UpstreamsDashMap, cloned: &UpstreamsIdMap) {
                 let hash = hasher.finalize();
                 let hex_hash = base16ct::lower::encode_string(&hash);
                 let hh = hex_hash[0..50].to_string();
-                cloned.insert(id, (hh.clone(), 0000, false, false));
+                cloned.insert(id, (hh.clone(), 0000, false, false, false));
                 cloned.insert(hh, x.to_owned());
             }
             new_inner_map.insert(path.clone(), new_vec);

src/web/bgservice.rs

@@ -56,7 +56,8 @@ impl BackgroundService for LB {
                             clone_dashmap_into(&ss.upstreams, &self.ump_upst);
                             let current = self.extraparams.load_full();
                             let mut new = (*current).clone();
-                            new.stickysessions = ss.extraparams.stickysessions;
+                            new.sticky_sessions = ss.extraparams.sticky_sessions;
+                            new.to_https = ss.extraparams.to_https;
                             new.authentication = ss.extraparams.authentication.clone();
                             self.extraparams.store(Arc::new(new));
                             self.headers.clear();
@@ -79,8 +80,8 @@ impl BackgroundService for LB {
                                     }
                                 }
                             }
-                            info!("Upstreams list is changed, updating to:");
+                            // info!("Upstreams list is changed, updating to:");
-                            print_upstreams(&self.ump_full);
+                            // print_upstreams(&self.ump_full);
                         }
                         None => {}
                     }

src/web/gethosts.rs

@@ -1,15 +1,16 @@
+use crate::utils::structs::InnerMap;
 use crate::web::proxyhttp::LB;
 use async_trait::async_trait;
 use std::sync::atomic::Ordering;
 
 #[async_trait]
 pub trait GetHost {
-    fn get_host(&self, peer: &str, path: &str, backend_id: Option<&str>) -> Option<(String, u16, bool, bool)>;
+    fn get_host(&self, peer: &str, path: &str, backend_id: Option<&str>) -> Option<InnerMap>;
     fn get_header(&self, peer: &str, path: &str) -> Option<Vec<(String, String)>>;
 }
 #[async_trait]
 impl GetHost for LB {
-    fn get_host(&self, peer: &str, path: &str, backend_id: Option<&str>) -> Option<(String, u16, bool, bool)> {
+    fn get_host(&self, peer: &str, path: &str, backend_id: Option<&str>) -> Option<InnerMap> {
         if let Some(b) = backend_id {
             if let Some(bb) = self.ump_byid.get(b) {
                 // println!("BIB :===> {:?}", Some(bb.value()));
@@ -19,7 +20,7 @@ impl GetHost for LB {
 
         let host_entry = self.ump_upst.get(peer)?;
         let mut current_path = path.to_string();
-        let mut best_match: Option<(String, u16, bool, bool)> = None;
+        let mut best_match: Option<InnerMap> = None;
         loop {
             if let Some(entry) = host_entry.get(&current_path) {
                 let (servers, index) = entry.value();

src/web/proxyhttp.rs

@@ -1,16 +1,17 @@
 use crate::utils::auth::authenticate;
+use crate::utils::metrics::*;
 use crate::utils::structs::{AppConfig, Extraparams, Headers, UpstreamsDashMap, UpstreamsIdMap};
 use crate::web::gethosts::GetHost;
 use arc_swap::ArcSwap;
 use async_trait::async_trait;
 use log::{debug, warn};
-use pingora::http::RequestHeader;
+use pingora::http::{RequestHeader, ResponseHeader, StatusCode};
 use pingora::prelude::*;
 use pingora_core::listeners::ALPN;
 use pingora_core::prelude::HttpPeer;
-use pingora_http::ResponseHeader;
 use pingora_proxy::{ProxyHttp, Session};
 use std::sync::Arc;
+use tokio::time::Instant;
 
 pub struct LB {
     pub ump_upst: Arc<UpstreamsDashMap>,
@@ -23,6 +24,9 @@ pub struct LB {
 
 pub struct Context {
     backend_id: String,
+    to_https: bool,
+    redirect_to: String,
+    start_time: Instant,
 }
 
 #[async_trait]
@@ -31,7 +35,12 @@ impl ProxyHttp for LB {
     // fn new_ctx(&self) -> Self::CTX {}
     type CTX = Context;
     fn new_ctx(&self) -> Self::CTX {
-        Context { backend_id: String::new() }
+        Context {
+            backend_id: String::new(),
+            to_https: false,
+            redirect_to: String::new(),
+            start_time: Instant::now(),
+        }
     }
     async fn request_filter(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<bool> {
         if let Some(auth) = self.extraparams.load().authentication.get("authorization") {
@@ -42,21 +51,16 @@ impl ProxyHttp for LB {
                 return Ok(true);
             }
         };
-        // if session.req_header().uri.path().starts_with("/denied") {
-        //     let _ = session.respond_error(403).await;
-        //     warn!("Forbidden: {:?}, {}", session.client_addr(), session.req_header().uri.path().to_string());
-        //     return Ok(true);
-        // };
         Ok(false)
     }
-    async fn upstream_peer(&self, session: &mut Session, _ctx: &mut Self::CTX) -> Result<Box<HttpPeer>> {
+    async fn upstream_peer(&self, session: &mut Session, ctx: &mut Self::CTX) -> Result<Box<HttpPeer>> {
         let host_name = return_header_host(&session);
-
         match host_name {
             Some(hostname) => {
                 // session.req_header_mut().headers.insert("X-Host-Name", host.to_string().parse().unwrap());
                 let mut backend_id = None;
-                if self.extraparams.load().stickysessions {
+
+                if self.extraparams.load().sticky_sessions {
                     if let Some(cookies) = session.req_header().headers.get("cookie") {
                         if let Ok(cookie_str) = cookies.to_str() {
                             for cookie in cookie_str.split(';') {
@@ -73,7 +77,7 @@ impl ProxyHttp for LB {
                 let ddr = self.get_host(hostname, hostname, backend_id);
 
                 match ddr {
-                    Some((address, port, ssl, is_h2)) => {
+                    Some((address, port, ssl, is_h2, to_https)) => {
                         let mut peer = Box::new(HttpPeer::new((address.clone(), port.clone()), ssl, String::new()));
                         // if session.is_http2() {
                         if is_h2 {
@@ -84,8 +88,23 @@ impl ProxyHttp for LB {
                             peer.options.verify_cert = false;
                             peer.options.verify_hostname = false;
                         }
-                        // println!("    ==> {} ==> {} => {} => {:?}", hostname, address.as_str(), peer.options.alpn, is_h2);
+                        // println!("{}, {}, alpn {}, h2 {:?}, to_https {}", hostname, address.as_str(), peer.options.alpn, is_h2, _to_https);
-                        _ctx.backend_id = format!("{}:{}:{}", address.clone(), port.clone(), ssl);
+                        if self.extraparams.load().to_https.unwrap_or(false) || to_https {
+                            if let Some(stream) = session.stream() {
+                                if stream.get_ssl().is_none() {
+                                    if let Some(addr) = session.server_addr() {
+                                        if let Some((host, _)) = addr.to_string().split_once(':') {
+                                            let uri = session.req_header().uri.path_and_query().map_or("/", |pq| pq.as_str());
+                                            let port = self.config.proxy_port_tls.unwrap_or(443);
+                                            ctx.to_https = true;
+                                            ctx.redirect_to = format!("https://{}:{}{}", host, port, uri);
+                                        }
+                                    }
+                                }
+                            }
+                        }
+
+                        ctx.backend_id = format!("{}:{}:{}", address.clone(), port.clone(), ssl);
                         Ok(peer)
                     }
                     None => {
@@ -101,9 +120,8 @@ impl ProxyHttp for LB {
         }
     }
 
-    async fn upstream_request_filter(&self, _session: &mut Session, _upstream_request: &mut RequestHeader, _ctx: &mut Self::CTX) -> Result<()> {
+    async fn upstream_request_filter(&self, session: &mut Session, _upstream_request: &mut RequestHeader, _ctx: &mut Self::CTX) -> Result<()> {
-        let clientip = _session.client_addr();
+        match session.client_addr() {
-        match clientip {
             Some(ip) => {
                 let inet = ip.as_inet();
                 match inet {
@@ -122,20 +140,23 @@ impl ProxyHttp for LB {
         Ok(())
     }
 
-    async fn response_filter(&self, _session: &mut Session, _upstream_response: &mut ResponseHeader, _ctx: &mut Self::CTX) -> Result<()> {
+    async fn response_filter(&self, session: &mut Session, _upstream_response: &mut ResponseHeader, ctx: &mut Self::CTX) -> Result<()> {
         // _upstream_response.insert_header("X-Proxied-From", "Fooooooooooooooo").unwrap();
-        if self.extraparams.load().stickysessions {
+        if self.extraparams.load().sticky_sessions {
-            let backend_id = _ctx.backend_id.clone();
+            let backend_id = ctx.backend_id.clone();
             if let Some(bid) = self.ump_byid.get(&backend_id) {
-                // let _ = _upstream_response.insert_header("set-cookie", format!("backend {}", bid.0));
                 let _ = _upstream_response.insert_header("set-cookie", format!("backend_id={}; Path=/; Max-Age=600; HttpOnly; SameSite=Lax", bid.0));
             }
         }
-
+        if ctx.to_https {
-        let host_name = return_header_host(&_session);
+            let mut redirect_response = ResponseHeader::build(StatusCode::MOVED_PERMANENTLY, None)?;
-        match host_name {
+            redirect_response.insert_header("Location", ctx.redirect_to.clone())?;
+            redirect_response.insert_header("Content-Length", "0")?;
+            session.write_response_header(Box::new(redirect_response), false).await?;
+        }
+        match return_header_host(&session) {
             Some(host) => {
-                let path = _session.req_header().uri.path();
+                let path = session.req_header().uri.path();
                 let host_header = host;
                 let split_header = host_header.split_once(':');
                 match split_header {
@@ -165,6 +186,11 @@ impl ProxyHttp for LB {
     async fn logging(&self, session: &mut Session, _e: Option<&pingora::Error>, ctx: &mut Self::CTX) {
         let response_code = session.response_written().map_or(0, |resp| resp.status.as_u16());
         debug!("{}, response code: {response_code}", self.request_summary(session, ctx));
+
+        let method = session.req_header().method.to_string();
+        let status = session.response_written().map(|resp| resp.status.as_u16()).unwrap_or(0);
+        let latency = ctx.start_time.elapsed();
+        calc_metrics(method, status, latency);
     }
 }
 

src/web/start.rs

@@ -1,3 +1,4 @@
+// use rustls::crypto::ring::default_provider;
 use crate::utils::structs::Extraparams;
 use crate::web::proxyhttp::LB;
 use arc_swap::ArcSwap;
@@ -5,12 +6,11 @@ use dashmap::DashMap;
 use log::info;
 use pingora_core::prelude::{background_service, Opt};
 use pingora_core::server::Server;
-use rustls::crypto::ring::default_provider;
 use std::env;
 use std::sync::Arc;
 
 pub fn run() {
-    default_provider().install_default().expect("Failed to install rustls crypto provider");
+    // default_provider().install_default().expect("Failed to install rustls crypto provider");
     let parameters = Some(Opt::parse_args()).unwrap();
     let file = parameters.conf.clone().unwrap();
     let maincfg = crate::utils::parceyaml::parce_main_config(file.as_str());
@@ -23,7 +23,8 @@ pub fn run() {
     let im_config = Arc::new(DashMap::new());
     let hh_config = Arc::new(DashMap::new());
     let ec_config = Arc::new(ArcSwap::from_pointee(Extraparams {
-        stickysessions: false,
+        sticky_sessions: false,
+        to_https: None,
         authentication: DashMap::new(),
     }));
 
@@ -50,16 +51,18 @@ pub fn run() {
     // env_logger::init();
 
     let log_level = cfg.log_level.clone();
-    match log_level.as_str() {
+    unsafe {
-        "info" => env::set_var("RUST_LOG", "info"),
+        match log_level.as_str() {
-        "error" => env::set_var("RUST_LOG", "error"),
+            "info" => env::set_var("RUST_LOG", "info"),
-        "warn" => env::set_var("RUST_LOG", "warn"),
+            "error" => env::set_var("RUST_LOG", "error"),
-        "debug" => env::set_var("RUST_LOG", "debug"),
+            "warn" => env::set_var("RUST_LOG", "warn"),
-        "trace" => env::set_var("RUST_LOG", "trace"),
+            "debug" => env::set_var("RUST_LOG", "debug"),
-        "off" => env::set_var("RUST_LOG", "off"),
+            "trace" => env::set_var("RUST_LOG", "trace"),
-        _ => {
+            "off" => env::set_var("RUST_LOG", "off"),
-            println!("Error reading log level, defaulting to: INFO");
+            _ => {
-            env::set_var("RUST_LOG", "info")
+                println!("Error reading log level, defaulting to: INFO");
+                env::set_var("RUST_LOG", "info")
+            }
         }
     }
     env_logger::builder()
@@ -89,8 +92,5 @@ pub fn run() {
     proxy.add_tcp(bind_address_http.as_str());
     server.add_service(proxy);
     server.add_service(bg_srvc);
-    // let mut prometheus_service_http = Service::prometheus_http_service();
-    // prometheus_service_http.add_tcp("0.0.0.0:1234");
-    // server.add_service(prometheus_service_http);
     server.run_forever();
 }

src/web/webserver.rs

@@ -9,13 +9,14 @@ use futures::channel::mpsc::Sender;
 use futures::SinkExt;
 use jsonwebtoken::{encode, EncodingKey, Header};
 use log::{error, info, warn};
+use prometheus::{gather, Encoder, TextEncoder};
 use serde::{Deserialize, Serialize};
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 use tokio::net::TcpListener;
 
 #[derive(Deserialize)]
 struct InputKey {
-    masterkey: String,
+    master_key: String,
     owner: String,
     valid: u64,
 }
@@ -26,8 +27,8 @@ struct OutToken {
 }
 
 #[allow(unused_mut)]
-pub async fn run_server(bindaddress: String, masterkey: String, mut toreturn: Sender<Configuration>) {
+pub async fn run_server(bindaddress: String, master_key: String, mut to_return: Sender<Configuration>) {
-    let mut tr = toreturn.clone();
+    let mut tr = to_return.clone();
     let app = Router::new()
         .route("/{*wildcard}", get(senderror))
         .route("/{*wildcard}", post(senderror))
@@ -35,7 +36,8 @@ pub async fn run_server(bindaddress: String, masterkey: String, mut toreturn: Se
         .route("/{*wildcard}", head(senderror))
         .route("/{*wildcard}", delete(senderror))
         .route("/jwt", post(jwt_gen))
-        .with_state(masterkey.clone())
+        .route("/metrics", get(metrics))
+        .with_state(master_key.clone())
         .route(
             "/conf",
             post(|up: String| async move {
@@ -64,12 +66,12 @@ async fn senderror() -> impl IntoResponse {
     Response::builder().status(StatusCode::BAD_GATEWAY).body(Body::from("No live upstream found!\n")).unwrap()
 }
 
-async fn jwt_gen(State(masterkey): State<String>, Json(payload): Json<InputKey>) -> (StatusCode, Json<OutToken>) {
+async fn jwt_gen(State(master_key): State<String>, Json(payload): Json<InputKey>) -> (StatusCode, Json<OutToken>) {
-    if payload.masterkey == masterkey {
+    if payload.master_key == master_key {
         let now = SystemTime::now() + Duration::from_secs(payload.valid * 60);
         let a = now.duration_since(UNIX_EPOCH).unwrap().as_secs();
         let claim = crate::utils::jwt::Claims { user: payload.owner, exp: a };
-        match encode(&Header::default(), &claim, &EncodingKey::from_secret(payload.masterkey.as_ref())) {
+        match encode(&Header::default(), &claim, &EncodingKey::from_secret(payload.master_key.as_ref())) {
             Ok(t) => {
                 let tok = OutToken { token: t };
                 info!("Generating token: {:?}", tok);
@@ -89,3 +91,23 @@ async fn jwt_gen(State(masterkey): State<String>, Json(payload): Json<InputKey>)
         (StatusCode::FORBIDDEN, Json(tok))
     }
 }
+
+async fn metrics() -> impl IntoResponse {
+    let metric_families = gather();
+    let encoder = TextEncoder::new();
+
+    let mut buffer = Vec::new();
+    if let Err(e) = encoder.encode(&metric_families, &mut buffer) {
+        // encoding error fallback
+        return Response::builder()
+            .status(StatusCode::INTERNAL_SERVER_ERROR)
+            .body(Body::from(format!("Failed to encode metrics: {}", e)))
+            .unwrap();
+    }
+
+    Response::builder()
+        .status(StatusCode::OK)
+        .header("Content-Type", encoder.format_type())
+        .body(Body::from(buffer))
+        .unwrap()
+}