Skip to main content

Crate palisade

Crate palisade 

Source
Expand description

An HTTP reverse proxy built on hyper, tokio, and rustls.

This crate provides the core proxy logic: configuration loading with pre-compiled regex patterns, request forwarding with body streaming, header and parameter blocking for GET requests, sensitive data masking in response bodies, weighted round-robin load balancing with passive and active health checks, structured observability via tracing, configurable timeouts, connection pool tuning, concurrency limiting, per-IP rate limiting, and graceful shutdown.

Every inbound request is assigned a monotonic request ID, injected into the response as an X-Request-Id header, and wrapped in a tracing::Span carrying the request method, URI, and client address as structured fields.

§Example

Load a YAML configuration, build an HTTP client, and forward a single request programmatically:

use std::net::SocketAddr;
use std::sync::Arc;

use palisade::{
    Config, LoadBalancer, UpstreamPool, build_client, handle_request,
};

#[tokio::main]
async fn main() {
    let config = Config::load_from_file("Config.yml")
        .and_then(|c| c.into_runtime())
        .expect("valid configuration");

    let client = build_client(&config);
    let pool = UpstreamPool::from_validated(&config.upstreams);
    let balancer = LoadBalancer::new(pool);
    let config = Arc::new(config);

    let req = hyper::Request::builder()
        .uri("http://localhost/hello")
        .body(http_body_util::Empty::<bytes::Bytes>::new())
        .unwrap();

    let resp = handle_request(
        req,
        client,
        config,
        balancer,
        SocketAddr::from(([127, 0, 0, 1], 0)),
        None,
    )
    .await
    .expect("proxy succeeded");

    println!("status: {}", resp.status());
}

Re-exports§

pub use balancer::LoadBalancer;
pub use config::Config;
pub use config::HealthCheckConfig;
pub use config::PoolConfig;
pub use config::RateLimitConfig;
pub use config::RuntimeConfig;
pub use config::TimeoutsConfig;
pub use config::TlsConfig;
pub use config::UpstreamConfig;
pub use error::ProxyError;
pub use proxy::BoxBody;
pub use proxy::HttpClient;
pub use proxy::HttpsClient;
pub use proxy::build_client;
pub use proxy::build_https_client;
pub use proxy::handle_request;
pub use rate_limit::IpRateLimiter;
pub use upstream::UpstreamPool;
pub use upstream::UpstreamState;

Modules§

balancer
Weighted round-robin load balancer.
config
Configuration loading, validation, and pre-compiled runtime state.
error
Error types and HTTP status code mapping.
headers
HTTP header processing: hop-by-hop removal, forwarding header injection, host rewriting, and response header sanitization.
proxy
Core proxy handler: request forwarding, body streaming, and filtering.
rate_limit
Per-IP rate limiting using the GCRA (Generic Cell Rate Algorithm).
server
Server accept loop, background tasks, and graceful shutdown.
tls
TLS configuration for both inbound (termination) and outbound (origination).
upstream
Per-backend health state tracking.

Type Aliases§

Result