1 unstable release
0.1.1 | Jun 5, 2023 |
---|---|
0.1.0 |
|
#3 in #mtls
150KB
3K
SLoC
Octoproxy - A load balancing proxy with mTLS encryption for QUIC and HTTP/2
This is a work in progress project and is currently in the development phase and may have unknown issues and potential bugs. Please use it at your own risk.
About
Octoproxy is a load balancing proxy that draws inspiration from the remarkable abilities of an octopus. Just like an octopus with its multiple arms, Octoproxy efficiently manages incoming client requests and distributes them across multiple backend servers. With its flexible tentacles, Octoproxy dynamically adapts to changing network conditions and intelligently routes traffic to ensure optimal performance and high availability. Similar to how an octopus uses its keen senses to navigate the ocean, Octoproxy leverages load balancing algorithms and protocols to monitor server health, detect failures, and seamlessly redirect traffic for a smooth and reliable experience. Dive into the world of Octoproxy and experience its efficient and intelligent load balancing capabilities for your applications.
Overview
client
: Theoctoproxy-client
is a load balancing proxy implemented on the client-side.e2e
: Thee2e
provides a client and server for simple testing purposes.easycert
: Theoctoproxy-easycert
is a convenient mTLS certificate generation tool.lib
: Theoctoproxy-lib
provides foundational common code.server
: Theoctoproxy-server
handles client requests on the server-side.tui
: Theoctui
is a terminal-based UI for managing and monitoring the client.
Quickstart
Build from source
Build the client/server with mimalloc:
cargo build --release -F alloc --bin octoproxy-server
cargo build --release -F alloc --bin octoproxy-client
Build the octui
and octoproxy-easycert
:
cargo build --release --bin octoproxy-easycert
cargo build --release --bin octui
Usage
From the client side:
octoproxy-client -c config.toml
From the server side:
octoproxy-server -c config.toml
To generate a client/server certificate using an existing CA certificate with octoproxy-easycert
octoproxy-easycert --cacert ./ca.crt --cakey ./ca.key --common-name <common name> --san "DNS:<domain name>" --san "IP:<ip adddress>" -o . --days 365 <client/server cert name>
Please ensure that you provide valid and appropriate values for the parameters, including at least one Subject Alternative Name (SAN) value as required by the --san
option.
Example: To generate a certificate for local server use:
octoproxy-easycert --cacert ./ca.crt --cakey ./ca.key --common-name server_name --san "DNS:localhost" --san "IP:127.0.0.1" -o . --days 3650 server
Inspiration
License
This project is licensed under the MIT License. See the LICENSE file for details.
Dependencies
~34–68MB
~1M SLoC