#http2 #load-balancing #proxy-server #client-server #mtls #backend-server #quic

app octoproxy

A load balancing proxy with mTLS encryption for QUIC and HTTP/2

1 unstable release

0.1.1 Jun 5, 2023
0.1.0 Jun 5, 2023

#6 in #mtls

MIT license

150KB
3K SLoC

CI MIT

Octoproxy - A load balancing proxy with mTLS encryption for QUIC and HTTP/2

This is a work in progress project and is currently in the development phase and may have unknown issues and potential bugs. Please use it at your own risk.

About

Octoproxy is a load balancing proxy that draws inspiration from the remarkable abilities of an octopus. Just like an octopus with its multiple arms, Octoproxy efficiently manages incoming client requests and distributes them across multiple backend servers. With its flexible tentacles, Octoproxy dynamically adapts to changing network conditions and intelligently routes traffic to ensure optimal performance and high availability. Similar to how an octopus uses its keen senses to navigate the ocean, Octoproxy leverages load balancing algorithms and protocols to monitor server health, detect failures, and seamlessly redirect traffic for a smooth and reliable experience. Dive into the world of Octoproxy and experience its efficient and intelligent load balancing capabilities for your applications.

Overview

  • client: The octoproxy-client is a load balancing proxy implemented on the client-side.
  • e2e: The e2e provides a client and server for simple testing purposes.
  • easycert: The octoproxy-easycert is a convenient mTLS certificate generation tool.
  • lib: The octoproxy-lib provides foundational common code.
  • server: The octoproxy-server handles client requests on the server-side.
  • tui: The octui is a terminal-based UI for managing and monitoring the client.

Quickstart

Build from source

Build the client/server with mimalloc:

cargo build --release -F alloc --bin octoproxy-server
cargo build --release -F alloc --bin octoproxy-client

Build the octui and octoproxy-easycert:

cargo build --release --bin octoproxy-easycert
cargo build --release --bin octui

Usage

From the client side:

octoproxy-client -c config.toml

From the server side:

octoproxy-server -c config.toml

To generate a client/server certificate using an existing CA certificate with octoproxy-easycert

octoproxy-easycert --cacert ./ca.crt --cakey ./ca.key --common-name <common name> --san "DNS:<domain name>" --san "IP:<ip adddress>" -o . --days 365 <client/server cert name>

Please ensure that you provide valid and appropriate values for the parameters, including at least one Subject Alternative Name (SAN) value as required by the --san option.

Example: To generate a certificate for local server use:

octoproxy-easycert --cacert ./ca.crt --cakey ./ca.key --common-name server_name --san "DNS:localhost" --san "IP:127.0.0.1" -o . --days 3650 server

Inspiration

License

This project is licensed under the MIT License. See the LICENSE file for details.

Dependencies

~36–69MB
~1M SLoC