koi-proxy
TLS-terminating reverse proxy with automatic certificate management.
Overview
koi-proxy provides a reverse proxy that terminates TLS using certificates
managed by Koi's certmesh CA. It watches for certificate changes on disk and
hot-reloads TLS configuration without restarting. Each proxy entry maps a
listen port to a backend address and can be restricted to local-only or allow
remote connections.
Features
- TLS termination with automatic certificate reload
- File-system watching for cert/key changes
- Per-entry listen port and backend routing
- Local-only or remote access control
- HTTP API for add/remove/list/status operations
- Persistent configuration across restarts
Part of Koi
This crate is part of the Koi workspace. See the main repository for architecture details.
License
Licensed under either of Apache License, Version 2.0 or MIT License at your option.