rust-rpxy/README.md
2022-08-01 16:00:46 +09:00

2.3 KiB

rpxy: A simple and ultrafast reverse-proxy for multiple host names with TLS termination, written in pure Rust

License: MIT Unit Test Build and Publish Docker ShiftLeft Scan

WIP Project

Introduction

rpxy [ahr-pik-see] is an implementation of simple and lightweight reverse-proxy with some additional features. The implementation is based on hyper, rustls and tokio, i.e., written in pure Rust. Our rpxy allows to route multiple host names to appropriate backend application servers while serving TLS connections.

As default, rpxy provides the TLS connection sanitization by correctly binding a certificate used to establish secure channel with backend application. Specifically, it always keeps the consistency between the given SNI (server name indication) in ClientHello of the underlying TLS and the domain name given by the overlaid HTTP HOST header (or URL in Request line) 1. Additionally, as a somewhat unstable feature, our rpxy can handle the brand-new HTTP/3 connection thanks to quinn and hyperium/h3.

This project is still work-in-progress. But it is already working in some production environments and serves numbers of domain names. Furthermore it significantly outperforms NGINX and Caddy, e.g., 1.5x faster than NGINX, in the setting of very simple HTTP reverse-proxy scenario (See bench directory).

Making an executable binary

% cargo build --release

Then you have a binary at ./target/release/rpxy.

You can also use docker image instead of building from the source.

Usage

todo!

Configuration

todo!

Using docker image

todo!


  1. We should note that NGINX doesn't guarantee such a consistency by default. To this end, you have to add if statement in the configuration file in NGINX. ↩︎