#terrazzo #gateway #proxy

trz-gateway-server

Secure Proxy / Agents implementation in Rust

4 releases

Uses new Rust 2024

new 0.1.7 Mar 29, 2025
0.1.6 Mar 16, 2025
0.1.5 Feb 26, 2025
0.1.4 Feb 24, 2025

#6 in #terrazzo

Download history 100/week @ 2025-02-19 187/week @ 2025-02-26 2/week @ 2025-03-05 142/week @ 2025-03-12 27/week @ 2025-03-19

386 downloads per month
Used in 2 crates

MIT license

190KB
4.5K SLoC

Terrazzo Gateway

The Terrazzo Gateway allows clients (aka. remote services) to expose gRPC APIs through the Gateway.

The remote services need outbound connectivity to the Gateway. Only the Gateway is publicly available.

Remote services tunnel connections

Remote services open a WebSocket connections with the Gateway. These WebSockets are then used to transport gRPC traffic.

The connection is encrypted twice

  1. The WebSocket connection is transported over HTTPS
  2. The gRPC connection is secured with TLS, using the remote service certificate.

Remote services authentication

Each remote service authenticates with a TLS certificate.

The TLS certificate is issued by the Gateway in exchange for a code that can be queried from the Gateway and that changes every 60 seconds.

Dependencies

~29–42MB
~758K SLoC