reverse-http
Reverse HTTP proxy over QUIC protocol (RFC 9000).
Architecture
Standalone
HA setup
- Agent connection process
- An agent initiates a connection to the UDP load balancer, which in turn establishes a connection with one of the proxy servers
- Upon establishing a connection, the proxy server records an entry in
memcached
for an agentID along with its own HTTP proxy address.
- Client connection process
- Clients connect to the TCP load balancer, which then establishes a connection with one of the LB servers.
- Upon connection, the LB server retrieves the HTTP proxy address and an agentID from Memcached.
- The LB server then sends an
HTTP CONNECT
request to the proxy.
Build
build binary
make clean build
Quick requirements
https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
sudo bash -c 'echo net.core.rmem_max=2500000 >> /etc/sysctl.conf'
sudo bash -c 'echo net.core.wmem_max=2500000 >> /etc/sysctl.conf'
sudo sysctl -p
Local test standalone
no auth
make start-proxy
make start-agent
curl -x "http://4711:noauth@localhost:3128" https://httpbin.org/ip
jwt auth
make start-proxy-jwt
make start-agent-jwt
make curl-proxy-jwt
Local test docker-compose
make TEST_AUTH=noauth docker-compose.run
make TEST_AGENT_ID=4711 curl-proxy
make TEST_AGENT_ID=4712 curl-proxy
Whitelisting patterns
localhost
localhost:80
localhost:1000-2000
*.zone
*.zone:80
*.zone:1000-2000
127.0.0.1
127.0.0.1:80
127.0.0.1:1000-2000
10.0.0.1/8
10.0.0.1/8:80
10.0.0.1/8:1000-2000
1000::/16
1000::/16:80
1000::/16:1000-2000
[2001:db8::1]/64
[2001:db8::1]/64:80
[2001:db8::1]/64:1000-2000
2001:db8::1
[2001:db8::1]
[2001:db8::1]:80
[2001:db8::1]:1000-2000