README

Cargo.lock

@@ -141,6 +141,7 @@ dependencies = [
  "sha2",
  "tokio",
  "tonic",
+ "tower-http",
  "urlencoding",
  "x509-parser",
 ]
@@ -1078,6 +1079,12 @@ dependencies = [
  "pin-project-lite",
 ]
 
+[[package]]
+name = "http-range-header"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
+
 [[package]]
 name = "httparse"
 version = "1.9.5"
@@ -1617,6 +1624,16 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
+[[package]]
+name = "mime_guess"
+version = "2.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
+dependencies = [
+ "mime",
+ "unicase",
+]
+
 [[package]]
 name = "minimal-lexical"
 version = "0.2.1"
@@ -3167,14 +3184,24 @@ checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
 dependencies = [
  "bitflags 2.8.0",
  "bytes",
+ "futures-core",
  "futures-util",
  "http",
  "http-body",
+ "http-body-util",
+ "http-range-header",
+ "httpdate",
  "iri-string",
+ "mime",
+ "mime_guess",
+ "percent-encoding",
  "pin-project-lite",
+ "tokio",
+ "tokio-util",
  "tower",
  "tower-layer",
  "tower-service",
+ "tracing",
 ]
 
 [[package]]

Cargo.toml

@@ -19,6 +19,7 @@ dashmap = "7.0.0-rc2"
 pingora-core = "0.5.0"
 pingora-proxy = "0.5.0"
 pingora-http = "0.5.0"
+#pingora-pool = "0.5.0"
 async-trait = "0.1.88"
 env_logger = "0.11.8"
 log = "0.4.27"
@@ -46,4 +47,6 @@ lazy_static = "1.5.0"
 #openssl = "0.10.73"
 x509-parser = "0.17.0"
 rustls-pemfile = "2.2.0"
+tower-http = { version = "0.6.6", features = ["fs"] }
+
 

README.md

@@ -13,6 +13,7 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers
 
 - **Dynamic Config Reloads** — Upstreams can be updated live via API, no restart required.
 - **TLS Termination** — Built-in OpenSSL support.
+    - **Automatic load of certificates** — Automatically reads and loads certificates from a folder, without a restart.
 - **Upstreams TLS detection** — Aralez will automatically detect if upstreams uses secure connection.
 - **Authentication** — Supports Basic Auth, API tokens, and JWT verification.
     - **Basic Auth**
@@ -24,6 +25,7 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers
     - Failover with health checks
     - Sticky sessions via cookies
 - **Unified Port** — Serve HTTP and WebSocket traffic over the same connection.
+- **Built in file server** — Build in minimalistic file server for serving static files, should be added as upstreams for public access.
 - **Memory Safe** — Created purely on Rust.
 - **High Performance** — Built with [Pingora](https://github.com/cloudflare/pingora) and tokio for async I/O.
 
@@ -83,6 +85,8 @@ Built on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers
 | **hc_method**                    | HEAD                                 | Healthcheck method (HEAD, GET, POST are supported) UPPERCASE                                     |
 | **hc_interval**                  | 2                                    | Interval for health checks in seconds                                                            |
 | **master_key**                   | 5aeff7f9-7b94-447c-af60-e8c488544a3e | Master key for working with API server and JWT Secret generation                                 |
+| **file_server_folder**           | /some/local/folder                   | Optional, local folder to serve                                                                  |
+| **file_server_address**          | 127.0.0.1:3002                       | Optional, Local address for file server. Can set as upstream for public access                   |
 
 ### 🌐 `upstreams.yaml`
 

etc/main.yaml

@@ -1,7 +1,7 @@
 # Main configuration file , applied on startup
 threads: 12 # Nubber of daemon threads default setting
-#user: pastor # Username for running aralez after dropping root privileges, requires program to start as root
+#user: aralez # Username for running aralez after dropping root privileges, requires program to start as root
-#group: pastor # Group for running aralez after dropping root privileges, requires program to start as root
+#group: aralez # Group for running aralez after dropping root privileges, requires program to start as root
 daemon: false # Run in background
 upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
 pid_file: /tmp/aralez.pid # Path to PID file
@@ -13,8 +13,10 @@ config_tls_certificate: etc/server.crt # Mandatory if config_tls_address is set
 config_tls_key_file: etc/key.pem # Mandatory if config_tls_address is set
 proxy_address_http: 0.0.0.0:6193 # Proxy HTTP bind address
 proxy_address_tls: 0.0.0.0:6194 # Optional, Proxy TLS bind address
-proxy_certificates: etc/yoyo # Mandatory if proxy_address_tls set, should contain certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
+proxy_certificates: etc/certificates # Mandatory if proxy_address_tls set, should contain certificate and key files strictly in a format {NAME}.crt, {NAME}.key.
 upstreams_conf: etc/upstreams.yaml # the location of upstreams file
+#file_server_folder: /some/path # Optional, local folder to serve
+#file_server_address: 127.0.0.1:3002 # Optional, Local address for file server. Can set as upstream for public access.
 log_level: info # info, warn, error, debug, trace, off
 hc_method: HEAD # Healthcheck method (HEAD, GET, POST are supported) UPPERCASE
 hc_interval: 2 #Interval for health checks in seconds

src/utils/discovery.rs

@@ -14,6 +14,8 @@ pub struct APIUpstreamProvider {
     pub tls_address: Option<String>,
     pub tls_certificate: Option<String>,
     pub tls_key_file: Option<String>,
+    pub file_server_address: Option<String>,
+    pub file_server_folder: Option<String>,
 }
 
 pub struct ConsulProvider {

src/utils/parceyaml.rs

@@ -150,15 +150,5 @@ pub fn parce_main_config(path: &str) -> AppConfig {
             }
         }
     };
-    // match cfo.config_tls_address.clone() {
-    //     Some(tls_cert) => {
-    //         if let Some((ip, port_str)) = tls_cert.split_once(':') {
-    //             if let Ok(port) = port_str.parse::<u16>() {
-    //                 cfo.local_tls_server = Option::from((ip.to_string(), port));
-    //             }
-    //         }
-    //     }
-    //     None => {}
-    // };
     cfo
 }

src/utils/structs.rs

@@ -73,14 +73,8 @@ pub struct AppConfig {
     pub config_tls_key_file: Option<String>,
     pub proxy_address_tls: Option<String>,
     pub proxy_port_tls: Option<u16>,
-    // pub tls_certificate: Option<String>,
-    // pub tls_key_file: Option<String>,
     pub local_server: Option<(String, u16)>,
     pub proxy_certificates: Option<String>,
+    pub file_server_address: Option<String>,
+    pub file_server_folder: Option<String>,
 }
-
-// #[derive(Debug)]
-// pub struct CertificateMove {
-//     pub cert_tx: Sender<CertificateConfig>,
-//     pub cert_rx: Receiver<CertificateConfig>,
-// }

src/web/bgservice.rs

@@ -39,6 +39,8 @@ impl BackgroundService for LB {
             tls_address: self.config.config_tls_address.clone(),
             tls_certificate: self.config.config_tls_certificate.clone(),
             tls_key_file: self.config.config_tls_key_file.clone(),
+            file_server_address: self.config.file_server_address.clone(),
+            file_server_folder: self.config.file_server_folder.clone(),
         };
         let tx_api = tx.clone();
         let _ = tokio::spawn(async move { api_load.start(tx_api).await });

src/web/proxyhttp.rs

@@ -34,8 +34,6 @@ pub struct Context {
 
 #[async_trait]
 impl ProxyHttp for LB {
-    // type CTX = ();
-    // fn new_ctx(&self) -> Self::CTX {}
     type CTX = Context;
     fn new_ctx(&self) -> Self::CTX {
         Context {
@@ -60,7 +58,6 @@ impl ProxyHttp for LB {
         let host_name = return_header_host(&session);
         match host_name {
             Some(hostname) => {
-                // session.req_header_mut().headers.insert("X-Host-Name", host.to_string().parse().unwrap());
                 let mut backend_id = None;
 
                 if self.extraparams.load().sticky_sessions {
@@ -91,7 +88,7 @@ impl ProxyHttp for LB {
                             peer.options.verify_cert = false;
                             peer.options.verify_hostname = false;
                         }
-                        // println!("{}, {}, alpn {}, h2 {:?}, to_https {}", hostname, address.as_str(), peer.options.alpn, is_h2, _to_https);
+
                         if self.extraparams.load().to_https.unwrap_or(false) || to_https {
                             if let Some(stream) = session.stream() {
                                 if stream.get_ssl().is_none() {
@@ -155,6 +152,12 @@ impl ProxyHttp for LB {
         Ok(())
     }
 
+    // async fn request_body_filter(&self, _session: &mut Session, _body: &mut Option<Bytes>, _end_of_stream: bool, _ctx: &mut Self::CTX) -> Result<()>
+    // where
+    //     Self::CTX: Send + Sync,
+    // {
+    //     Ok(())
+    // }
     async fn response_filter(&self, session: &mut Session, _upstream_response: &mut ResponseHeader, ctx: &mut Self::CTX) -> Result<()> {
         // _upstream_response.insert_header("X-Proxied-From", "Fooooooooooooooo").unwrap();
         if self.extraparams.load().sticky_sessions {
@@ -195,6 +198,7 @@ impl ProxyHttp for LB {
             }
             None => {}
         }
+        session.set_keepalive(Some(300));
         Ok(())
     }
 
@@ -227,10 +231,3 @@ fn return_header_host(session: &Session) -> Option<&str> {
         }
     }
 }
-
-// fn return_no_host(inp: &Option<(String, u16)>) -> Box<HttpPeer> {
-//     match inp {
-//         Some(t) => Box::new(HttpPeer::new(t, false, String::new())),
-//         None => Box::new(HttpPeer::new(("0.0.0.0", 0), false, String::new())),
-//     }
-// }

src/web/start.rs

@@ -28,6 +28,7 @@ pub fn run() {
     let ff_config = Arc::new(DashMap::new());
     let im_config = Arc::new(DashMap::new());
     let hh_config = Arc::new(DashMap::new());
+
     let ec_config = Arc::new(ArcSwap::from_pointee(Extraparams {
         sticky_sessions: false,
         to_https: None,
@@ -37,25 +38,13 @@ pub fn run() {
     let cfg = Arc::new(maincfg);
 
     let lb = LB {
-        ump_upst: uf_config.clone(),
+        ump_upst: uf_config,
-        ump_full: ff_config.clone(),
+        ump_full: ff_config,
-        ump_byid: im_config.clone(),
+        ump_byid: im_config,
         config: cfg.clone(),
-        headers: hh_config.clone(),
+        headers: hh_config,
-        extraparams: ec_config.clone(),
+        extraparams: ec_config,
     };
-    // let bg = LB {
-    //     ump_upst: uf_config.clone(),
-    //     ump_full: ff_config.clone(),
-    //     ump_byid: im_config.clone(),
-    //     config: cfg.clone(),
-    //     headers: hh_config.clone(),
-    //     extraparams: ec_config.clone(),
-    //     config_rx: Arc::from(Mutex::new(rx)),
-    // };
-
-    // env_logger::Env::new();
-    // env_logger::init();
 
     let log_level = cfg.log_level.clone();
     unsafe {

src/web/webserver.rs

@@ -17,6 +17,7 @@ use std::collections::HashMap;
 use std::net::SocketAddr;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 use tokio::net::TcpListener;
+use tower_http::services::ServeDir;
 
 #[derive(Deserialize)]
 struct InputKey {
@@ -42,12 +43,14 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
         master_key: config.masterkey.clone(),
         config_sender: to_return.clone(),
     };
+
     let app = Router::new()
         // .route("/{*wildcard}", get(senderror))
         // .route("/{*wildcard}", post(senderror))
         // .route("/{*wildcard}", put(senderror))
         // .route("/{*wildcard}", head(senderror))
         // .route("/{*wildcard}", delete(senderror))
+        // .nest_service("/static", static_files)
         .route("/jwt", post(jwt_gen))
         .route("/conf", post(conf))
         .route("/metrics", get(metrics))
@@ -65,6 +68,13 @@ pub async fn run_server(config: &APIUpstreamProvider, mut to_return: Sender<Conf
         info!("Starting the TLS API server on: {}", value);
     }
 
+    if let (Some(address), Some(folder)) = (&config.file_server_address, &config.file_server_folder) {
+        let static_files = ServeDir::new(folder);
+        let static_serve: Router = Router::new().fallback_service(static_files);
+        let static_listen = TcpListener::bind(address).await.unwrap();
+        let _ = tokio::spawn(async move { axum::serve(static_listen, static_serve).await.unwrap() });
+    }
+
     let listener = TcpListener::bind(config.address.clone()).await.unwrap();
     info!("Starting the API server on: {}", config.address);
     axum::serve(listener, app).await.unwrap();