tcproxy 0.1.1

A TCP proxy for PostgreSQL connections with SSH tunnel support and runtime target switching
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332

# TCP Proxy for PostgreSQL

A high-performance TCP proxy that forwards PostgreSQL connections to different target databases (including SSH-tunneled connections) based on runtime target selection.

## Why Use tcproxy?

This tool solves the common problem of switching between different PostgreSQL environments (local, staging, production) without having to update multiple service configurations. Instead of changing connection strings across your applications, you point them all to the proxy and switch targets at the proxy level.

## Quick Start

### 1. Installation

#### Option 1: Install from crates.io (Recommended)

```bash
cargo install tcproxy
```

### 2. Initialize Configuration

```bash
# Generate a default configuration file
tcproxy init-config

# Or specify a custom location
tcproxy init-config --output my-config.yaml
```

### 3. Configure Your Targets

Edit the generated `config.yaml`:

```yaml
proxy:
  listen_port: 5433
  listen_host: "127.0.0.1"
  max_connections: 1000

targets:
  local:
    host: "localhost"
    port: 5432
    
  production:
    host: "prod-db.internal"
    port: 5432
    ssh:
      enabled: true
      host: "bastion.example.com"
      user: "dbuser"
      key_file: "/path/to/your/private-key.pem"
      port: 22
      auto_reconnect: true
      max_reconnect_attempts: 5
      
  staging:
    host: "staging-db.internal"
    port: 5432
    ssh:
      enabled: true
      host: "staging-bastion.example.com"
      user: "dbuser"
      key_file: "/path/to/staging-key.pem"

connection_management:
  health_check_interval_seconds: 30
  health_check_timeout_seconds: 5
  max_consecutive_failures: 3
```

### 4. Start the Proxy

```bash
# Start with local target
tcproxy start --target local

# Start with production target
tcproxy start --target production

# Override default port
tcproxy start --target local --port 5434

# Override default host
tcproxy start --target local --host 0.0.0.0
```

### 5. Connect Your Applications

Update your application connection strings to point to the proxy:

```bash
# Instead of connecting directly to different databases:
# postgresql://user:pass@localhost:5432/db          # local
# postgresql://user:pass@prod-db.internal:5432/db   # production

# Connect to the proxy:
postgresql://user:pass@localhost:5433/db
```

## Usage Examples

### Basic Commands

```bash
# Validate your configuration
tcproxy validate-config

# Show current configuration
tcproxy show-config

# List all available targets
tcproxy list-targets

# Check health of all targets
tcproxy health-check

# Check health of specific target
tcproxy health-check --target production

# Enable debug logging
tcproxy --log-level debug start --target local

# Enable JSON logging for structured logs
tcproxy --json-logs start --target production
```

### Configuration Examples

#### Simple Local Setup
```yaml
proxy:
  listen_port: 5433
  listen_host: "127.0.0.1"

targets:
  local:
    host: "localhost"
    port: 5432
```

#### Production Setup with SSH Tunnel
```yaml
proxy:
  listen_port: 5433
  listen_host: "127.0.0.1"
  max_connections: 500

targets:
  production:
    host: "10.0.1.100"  # Internal database IP
    port: 5432
    ssh:
      enabled: true
      host: "bastion.example.com"
      user: "deploy"
      key_file: "/home/deploy/.ssh/production.pem"
      port: 22
      timeout_seconds: 30
      auto_reconnect: true
      reconnect_interval_seconds: 30
      max_reconnect_attempts: 5
      reconnect_backoff_multiplier: 2.0
    connection_pool:
      max_size: 20
      timeout_seconds: 30

connection_management:
  health_check_interval_seconds: 60
  health_check_timeout_seconds: 10
  max_consecutive_failures: 3
  retry_delay_seconds: 5
```

#### Multi-Environment Setup
```yaml
proxy:
  listen_port: 5433
  listen_host: "127.0.0.1"

targets:
  local:
    host: "localhost"
    port: 5432
    
  development:
    host: "dev-db.internal"
    port: 5432
    ssh:
      enabled: true
      host: "dev-bastion.example.com"
      user: "developer"
      key_file: "/path/to/dev-key.pem"
      
  staging:
    host: "staging-db.internal"
    port: 5432
    ssh:
      enabled: true
      host: "staging-bastion.example.com"
      user: "deploy"
      key_file: "/path/to/staging-key.pem"
      
  production:
    host: "prod-db.internal"
    port: 5432
    ssh:
      enabled: true
      host: "prod-bastion.example.com"
      user: "deploy"
      key_file: "/path/to/prod-key.pem"
```

## Configuration Reference

### Proxy Section
- `listen_port`: Port for the proxy to listen on (default: 5433)
- `listen_host`: Host interface to bind to (default: "127.0.0.1")
- `max_connections`: Maximum concurrent connections (default: 1000)

### Target Section
- `host`: Target PostgreSQL host
- `port`: Target PostgreSQL port
- `ssh`: SSH tunnel configuration (optional)
- `connection_pool`: Connection pool settings

### SSH Configuration
- `enabled`: Enable/disable SSH tunnel
- `host`: SSH bastion host
- `user`: SSH username
- `key_file`: Path to SSH private key
- `port`: SSH port (default: 22)
- `timeout_seconds`: SSH connection timeout (default: 30)
- `auto_reconnect`: Enable automatic reconnection (default: true)
- `reconnect_interval_seconds`: Time between reconnection attempts (default: 30)
- `max_reconnect_attempts`: Maximum reconnection attempts (default: 5)
- `reconnect_backoff_multiplier`: Backoff multiplier for reconnection (default: 2.0)

### Connection Management
- `health_check_interval_seconds`: Interval between health checks (default: 30)
- `health_check_timeout_seconds`: Health check timeout (default: 5)
- `max_consecutive_failures`: Max failures before marking target unhealthy (default: 3)
- `retry_delay_seconds`: Delay between retry attempts (default: 5)

## Logging

tcproxy provides comprehensive structured logging:

```bash
# Set log level
tcproxy --log-level debug start --target local

# Enable JSON logging for log aggregation
tcproxy --json-logs start --target production

# Available log levels: trace, debug, info, warn, error
```
## Health Monitoring

Built-in health monitoring helps ensure your targets are available:

```bash
# Check all targets
tcproxy health-check

# Check specific target
tcproxy health-check --target production

# Health checks run automatically in the background
# Configure intervals in the connection_management section
```

## Development

### Running Tests

```bash
# Run unit tests
cargo test

# Run integration tests (requires PostgreSQL)
cargo test --test integration_tests

# Run PostgreSQL-specific tests
cargo test --test postgresql_integration
```

### Building

```bash
# Debug build
cargo build

# Release build
cargo build --release

# Run with cargo
cargo run -- start --target local
```

## Command Reference

```bash
tcproxy [OPTIONS] [COMMAND]

Commands:
  start            Start the proxy server
  init-config      Generate a default configuration file
  validate-config  Validate configuration file
  show-config      Show current configuration
  list-targets     List available targets
  health-check     Check health status of targets

Options:
  -c, --config <CONFIG>        Configuration file path [default: config.yaml]
  -l, --log-level <LOG_LEVEL>  Log level (trace, debug, info, warn, error) [default: info]
      --json-logs              Enable JSON logging format
  -h, --help                   Print help
  -V, --version                Print version

Start Command Options:
  -t, --target <TARGET>        Target to proxy to (required)
  -p, --port <PORT>           Override listen port
      --host <HOST>           Override listen host
```

## License

MIT License - see LICENSE file for details.

## Contributing

Contributions are welcome! Please feel free to submit a Pull Request.