soli-proxy 0.6.0

A fast, configurable reverse proxy with automatic HTTPS, Lua scripting, and blue-green deployments
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# Soli Proxy Configuration
# Server settings
[server]
bind = "0.0.0.0:80"
https_port = 443
worker_threads = "auto"

# TLS Configuration
[tls]
mode = "auto"  # "auto" for self-signed dev, "letsencrypt" for production
cache_dir = "./certs"

# Let's Encrypt (for production)
[letsencrypt]
staging = false
email = "admin@example.com"
terms_agreed = true

# Logging Configuration
[logging]
level = "info"
format = "json"
output = "stdout"  # or "file:/var/log/soli-proxy.log"
include_request_body = true
include_response_body = true

# Metrics Configuration
[metrics]
enabled = true
endpoint = "/metrics"

# Health Check Configuration
[health]
enabled = true
liveness_path = "/health/live"
readiness_path = "/health/ready"

# Limits Configuration
[limits]
max_connections = 10000
max_request_size = "10MB"
keep_alive_timeout = 30
request_timeout = 60

# Rate Limiting Configuration
[rate_limiting]
enabled = true
strategy = "token_bucket"
requests_per_second = 1000
burst_size = 2000
redis_url = "redis://localhost:6379"

# Circuit Breaker Configuration
# Tracks backend health and stops sending traffic to failing backends.
# When all targets for a route are open, returns 503 Service Unavailable.
[circuit_breaker]
failure_threshold = 5               # consecutive failures before opening breaker
recovery_timeout_secs = 30          # seconds before probing an open backend
success_threshold = 2               # successful probes to close breaker
failure_status_codes = [502, 503, 504]  # HTTP codes that count as failures

# Admin REST API Configuration
[admin]
enabled = true
bind = "0.0.0.0:9090"
# api_key = "your-secret-key"

# Lua Scripting Configuration
# When enabled, scripts are loaded from scripts_dir.
# Scripts can be assigned globally or per-route in proxy.conf:
#   [global] @script:cors.lua,logging.lua
#   /api/* -> http://localhost:3000  @script:auth.lua,rate_limit.lua
# Built-in modules: log, base64, crypto, env, time, shared
[scripting]
enabled = false
scripts_dir = "./scripts/lua"
hook_timeout_ms = 10  # Max execution time per hook call in milliseconds

# Authentication Configuration
[auth]
enabled = false
auth_type = "basic"
realm = "Restricted"
# Uncomment and configure for production
# enabled = true
# auth_type = "jwt"
# issuer = "https://auth.example.com"
# audience = "soli-proxy"
# jwks_url = "https://auth.example.com/.well-known/jwks.json"