|
# rproxy
|
|
|
|
rproxy is a high-performance reverse proxy server written in C. It routes HTTP and WebSocket requests to upstream services based on hostname, with support for SSL/TLS termination and connection pooling.
|
|
|
|
## Features
|
|
|
|
- Reverse proxy routing by hostname
|
|
- SSL/TLS support for upstream connections with certificate verification
|
|
- WebSocket proxying
|
|
- Connection pooling and idle timeout management
|
|
- Real-time monitoring and statistics
|
|
- Web-based dashboard for metrics visualization
|
|
- SQLite-based persistent statistics storage
|
|
- Epoll-based event handling for high concurrency
|
|
- Graceful shutdown with connection draining
|
|
- Live configuration reload via SIGHUP
|
|
- Dashboard authentication (HTTP Basic Auth)
|
|
- Rate limiting per client IP
|
|
- Health checks for upstream servers
|
|
- Automatic upstream connection retries
|
|
- File logging support
|
|
- Stream data patching/rewriting for textual content
|
|
|
|
## Dependencies
|
|
|
|
- GCC
|
|
- OpenSSL (libssl, libcrypto)
|
|
- SQLite3
|
|
- pthreads
|
|
- cJSON library
|
|
|
|
## Build
|
|
|
|
```bash
|
|
make
|
|
```
|
|
|
|
This compiles the source files in `src/` and produces the `rproxy` executable.
|
|
|
|
## Configuration
|
|
|
|
Configuration is defined in `proxy_config.json`:
|
|
|
|
```json
|
|
{
|
|
"port": 9998,
|
|
"reverse_proxy": [
|
|
{
|
|
"hostname": "example.com",
|
|
"upstream_host": "127.0.0.1",
|
|
"upstream_port": 5000,
|
|
"use_ssl": false,
|
|
"rewrite_host": true,
|
|
"patch": {
|
|
"old_string": "new_string",
|
|
"secret_key": "[REDACTED]",
|
|
"blocked_content": null
|
|
}
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
- `port`: Listening port for incoming connections
|
|
- `reverse_proxy`: Array of routing rules
|
|
- `hostname`: Host header to match for routing
|
|
- `upstream_host`: Target server hostname/IP
|
|
- `upstream_port`: Target server port
|
|
- `use_ssl`: Enable SSL for upstream connection
|
|
- `rewrite_host`: Rewrite Host header to upstream hostname
|
|
- `patch`: Optional object for stream data patching (see below)
|
|
|
|
### Data Patching
|
|
|
|
The `patch` configuration allows rewriting or blocking content in HTTP streams. Patch rules are applied to textual content only (text/*, application/json, application/xml, etc.). Binary content passes through unmodified.
|
|
|
|
```json
|
|
{
|
|
"patch": {
|
|
"find_this": "replace_with_this",
|
|
"another_string": "replacement",
|
|
"blocked_term": null
|
|
}
|
|
}
|
|
```
|
|
|
|
- **String replacement**: Each key-value pair defines a find-replace rule
|
|
- **Content blocking**: Setting value to `null` blocks the entire response/request when the key is found
|
|
- **Bidirectional**: Patches apply to both requests (client → upstream) and responses (upstream → client)
|
|
|
|
When content is blocked:
|
|
- Blocked responses return `502 Bad Gateway` to the client
|
|
- Blocked requests return `403 Forbidden` to the client
|
|
|
|
Supported textual content types:
|
|
- `text/*` (text/html, text/plain, text/css, etc.)
|
|
- `application/json`
|
|
- `application/xml`
|
|
- `application/javascript`
|
|
- `application/x-www-form-urlencoded`
|
|
- Any content type with `+xml` or `+json` suffix
|
|
|
|
## Environment Variables
|
|
|
|
| Variable | Description |
|
|
|----------|-------------|
|
|
| `DEBUG` | Enable debug logging (set to `1`) |
|
|
| `LOG_FILE` | Path to log file (default: stdout) |
|
|
| `RATE_LIMIT` | Max requests per minute per IP |
|
|
| `DASHBOARD_USER` | Dashboard authentication username |
|
|
| `DASHBOARD_PASS` | Dashboard authentication password |
|
|
| `SSL_VERIFY` | Disable SSL verification (set to `0`) |
|
|
| `SSL_CA_FILE` | Path to custom CA certificate file |
|
|
| `SSL_CA_PATH` | Path to CA certificate directory |
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
./rproxy [config_file]
|
|
```
|
|
|
|
If no config file is specified, defaults to `proxy_config.json`.
|
|
|
|
Examples:
|
|
|
|
```bash
|
|
# Basic usage
|
|
./rproxy
|
|
|
|
# With custom config
|
|
./rproxy /etc/rproxy/config.json
|
|
|
|
# With debug logging
|
|
DEBUG=1 ./rproxy
|
|
|
|
# With file logging
|
|
LOG_FILE=/var/log/rproxy.log ./rproxy
|
|
|
|
# With rate limiting (100 requests/minute)
|
|
RATE_LIMIT=100 ./rproxy
|
|
|
|
# With dashboard authentication
|
|
DASHBOARD_USER=admin DASHBOARD_PASS=secret ./rproxy
|
|
|
|
# Reload configuration
|
|
kill -HUP $(pidof rproxy)
|
|
```
|
|
|
|
## Endpoints
|
|
|
|
- Dashboard: `http://localhost:{port}/rproxy/dashboard`
|
|
- API Stats: `http://localhost:{port}/rproxy/api/stats`
|
|
|
|
## Signals
|
|
|
|
| Signal | Action |
|
|
|--------|--------|
|
|
| `SIGINT` | Graceful shutdown |
|
|
| `SIGTERM` | Graceful shutdown |
|
|
| `SIGHUP` | Reload configuration |
|
|
|
|
## Architecture
|
|
|
|
- **main.c**: Entry point, event loop, signal handling
|
|
- **connection.c**: Connection management, epoll handling
|
|
- **http.c**: HTTP request/response parsing
|
|
- **ssl_handler.c**: SSL/TLS connection handling
|
|
- **monitor.c**: System and per-vhost statistics collection
|
|
- **dashboard.c**: Web dashboard generation
|
|
- **config.c**: JSON configuration parsing
|
|
- **buffer.c**: Circular buffer implementation
|
|
- **logging.c**: Logging utilities
|
|
- **rate_limit.c**: Per-IP rate limiting
|
|
- **auth.c**: Dashboard authentication
|
|
- **health_check.c**: Upstream health monitoring
|
|
- **patch.c**: Stream data patching engine
|
|
|
|
## Testing
|
|
|
|
```bash
|
|
make test
|
|
```
|
|
|
|
Runs unit tests for core components. |