2025-11-29 01:57:12 +01:00
# rproxy
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
rproxy is a high-performance reverse proxy server written in C. It routes HTTP and WebSocket requests to upstream services based on hostname, with support for SSL/TLS termination and connection pooling.
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
## Features
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
- Reverse proxy routing by hostname
2025-11-29 04:58:34 +01:00
- SSL/TLS support for upstream connections with certificate verification
2025-11-29 01:57:12 +01:00
- WebSocket proxying
- Connection pooling and idle timeout management
- Real-time monitoring and statistics
- Web-based dashboard for metrics visualization
- SQLite-based persistent statistics storage
- Epoll-based event handling for high concurrency
2025-11-29 04:58:34 +01:00
- Graceful shutdown with connection draining
- Live configuration reload via SIGHUP
- Dashboard authentication (HTTP Basic Auth)
- Rate limiting per client IP
- Health checks for upstream servers
- Automatic upstream connection retries
- File logging support
2025-11-29 05:56:34 +01:00
- Stream data patching/rewriting for textual content
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
## Dependencies
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
- GCC
- OpenSSL (libssl, libcrypto)
- SQLite3
2025-11-29 04:58:34 +01:00
- pthreads
2025-11-29 01:57:12 +01:00
- cJSON library
2025-09-25 02:35:00 +02:00
2025-11-29 01:57:12 +01:00
## Build
```bash
make
```
This compiles the source files in `src/` and produces the `rproxy` executable.
## Configuration
Configuration is defined in `proxy_config.json` :
2025-09-25 02:35:00 +02:00
```json
{
2025-11-29 01:57:12 +01:00
"port": 9998,
2025-09-25 02:35:00 +02:00
"reverse_proxy": [
2025-11-29 01:57:12 +01:00
{
"hostname": "example.com",
"upstream_host": "127.0.0.1",
"upstream_port": 5000,
"use_ssl": false,
2025-11-29 05:56:34 +01:00
"rewrite_host": true,
"patch": {
"old_string": "new_string",
"secret_key": "[REDACTED]",
"blocked_content": null
}
2025-11-29 01:57:12 +01:00
}
2025-09-25 02:35:00 +02:00
]
}
```
2025-11-29 01:57:12 +01:00
- `port` : Listening port for incoming connections
- `reverse_proxy` : Array of routing rules
- `hostname` : Host header to match for routing
- `upstream_host` : Target server hostname/IP
- `upstream_port` : Target server port
- `use_ssl` : Enable SSL for upstream connection
- `rewrite_host` : Rewrite Host header to upstream hostname
2025-11-29 05:56:34 +01:00
- `patch` : Optional object for stream data patching (see below)
### Data Patching
The `patch` configuration allows rewriting or blocking content in HTTP streams. Patch rules are applied to textual content only (text/*, application/json, application/xml, etc.). Binary content passes through unmodified.
```json
{
"patch": {
"find_this": "replace_with_this",
"another_string": "replacement",
"blocked_term": null
}
}
```
- **String replacement**: Each key-value pair defines a find-replace rule
- **Content blocking**: Setting value to `null` blocks the entire response/request when the key is found
- **Bidirectional**: Patches apply to both requests (client → upstream) and responses (upstream → client)
When content is blocked:
- Blocked responses return `502 Bad Gateway` to the client
- Blocked requests return `403 Forbidden` to the client
Supported textual content types:
- `text/*` (text/html, text/plain, text/css, etc.)
- `application/json`
- `application/xml`
- `application/javascript`
- `application/x-www-form-urlencoded`
- Any content type with `+xml` or `+json` suffix
2025-11-29 01:57:12 +01:00
2025-11-29 04:58:34 +01:00
## Environment Variables
| Variable | Description |
|----------|-------------|
| `DEBUG` | Enable debug logging (set to `1` ) |
| `LOG_FILE` | Path to log file (default: stdout) |
| `RATE_LIMIT` | Max requests per minute per IP |
| `DASHBOARD_USER` | Dashboard authentication username |
| `DASHBOARD_PASS` | Dashboard authentication password |
| `SSL_VERIFY` | Disable SSL verification (set to `0` ) |
| `SSL_CA_FILE` | Path to custom CA certificate file |
| `SSL_CA_PATH` | Path to CA certificate directory |
2025-11-29 01:57:12 +01:00
## Usage
```bash
./rproxy [config_file]
```
If no config file is specified, defaults to `proxy_config.json` .
2025-11-29 04:58:34 +01:00
Examples:
```bash
# Basic usage
./rproxy
# With custom config
./rproxy /etc/rproxy/config.json
# With debug logging
DEBUG=1 ./rproxy
# With file logging
LOG_FILE=/var/log/rproxy.log ./rproxy
# With rate limiting (100 requests/minute)
RATE_LIMIT=100 ./rproxy
# With dashboard authentication
DASHBOARD_USER=admin DASHBOARD_PASS=secret ./rproxy
# Reload configuration
kill -HUP $(pidof rproxy)
```
2025-11-29 01:57:12 +01:00
## Endpoints
- Dashboard: `http://localhost:{port}/rproxy/dashboard`
- API Stats: `http://localhost:{port}/rproxy/api/stats`
2025-11-29 04:58:34 +01:00
## Signals
| Signal | Action |
|--------|--------|
| `SIGINT` | Graceful shutdown |
| `SIGTERM` | Graceful shutdown |
| `SIGHUP` | Reload configuration |
2025-11-29 01:57:12 +01:00
## Architecture
- **main.c**: Entry point, event loop, signal handling
- **connection.c**: Connection management, epoll handling
- **http.c**: HTTP request/response parsing
- **ssl_handler.c**: SSL/TLS connection handling
- **monitor.c**: System and per-vhost statistics collection
- **dashboard.c**: Web dashboard generation
- **config.c**: JSON configuration parsing
- **buffer.c**: Circular buffer implementation
- **logging.c**: Logging utilities
2025-11-29 04:58:34 +01:00
- **rate_limit.c**: Per-IP rate limiting
- **auth.c**: Dashboard authentication
- **health_check.c**: Upstream health monitoring
2025-11-29 05:56:34 +01:00
- **patch.c**: Stream data patching engine
2025-11-29 01:57:12 +01:00
## Testing
```bash
make test
```
Runs unit tests for core components.
