Expand description
ZLayer Reverse Proxy
This crate provides a high-performance reverse proxy for routing HTTP/HTTPS traffic to backend services. It supports:
- Host and path-based routing via
ServiceRegistry - Round-robin backend selection
- Health-aware backend selection for L4 streams
- HTTP/1.1 support with upgrade (WebSocket) pass-through
- Forwarding headers (X-Forwarded-For, etc.)
- TLS termination with dynamic SNI certificate selection
- ACME (Let’s Encrypt) automatic certificate provisioning
- L4 TCP/UDP stream proxying
§Example
ⓘ
use zlayer_proxy::{ProxyConfig, ProxyServer, ServiceRegistry, RouteEntry};
use std::sync::Arc;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let registry = Arc::new(ServiceRegistry::new());
// Register HTTP services
registry.register(RouteEntry { /* ... */ }).await;
// Start proxy server
let lb = Arc::new(LoadBalancer::new());
let server = ProxyServer::new(ProxyConfig::default(), registry, lb);
server.run().await?;
Ok(())
}Re-exports§
pub use config::HeaderConfig;pub use config::PoolConfig;pub use config::ProxyConfig;pub use config::ServerConfig;pub use config::TimeoutConfig;pub use config::TlsConfig;pub use config::TlsVersion;pub use error::ProxyError;pub use error::Result;pub use network_policy::NetworkPolicyChecker;pub use server::ProxyServer;pub use service::empty_body;pub use service::full_body;pub use service::BoxBody;pub use service::ReverseProxyService;pub use tls::create_tls_acceptor;pub use tls::TlsServerConfig;pub use tunnel::is_upgrade_request;pub use tunnel::is_upgrade_response;pub use tunnel::is_websocket_upgrade;pub use tunnel::proxy_tunnel;pub use tunnel::proxy_upgrade;pub use lb::Backend;pub use lb::BackendGroup;pub use lb::BackendGroupSnapshot;pub use lb::BackendSnapshot;pub use lb::ConnectionGuard;pub use lb::HealthStatus;pub use lb::LbStrategy;pub use lb::LoadBalancer;pub use acme::CertManager;pub use acme::CertMetadata;pub use routes::ResolvedService;pub use routes::RouteEntry;pub use routes::ServiceRegistry;pub use sni_resolver::SniCertResolver;pub use stream::BackendHealth as StreamBackendHealth;pub use stream::StreamRegistry;pub use stream::StreamService;pub use stream::TcpListenerConfig;pub use stream::TcpStreamService;pub use stream::UdpListenerConfig;pub use stream::UdpStreamService;pub use stream::DEFAULT_UDP_SESSION_TIMEOUT;
Modules§
- acme
- ACME certificate manager for automatic TLS
- cf_
ip_ list - Cloudflare edge IP range cache.
- config
- Proxy configuration types
- error
- Proxy error types
- lb
- Load balancer for backend selection
- network_
policy - Network policy access control for the reverse proxy.
- routes
- Service registry for route resolution
- server
- HTTP server implementation
- service
- Reverse proxy service implementation
- sni_
resolver - SNI-based TLS Certificate Resolver
- stream
- Stream (L4) proxy module for TCP/UDP proxying
- tls
- TLS server configuration
- trust
- Trusted-proxy predicate.
- tunnel
- WebSocket and upgrade tunneling
Structs§
- Discovered
Cert - Information about a discovered certificate on disk
- ZLayer
Proxy Config - Configuration for the
ZLayerproxy server
Enums§
- Cloudflare
Trust - Controls whether Cloudflare’s published edge IP ranges are treated as
trusted proxies for the purpose of honoring
CF-Connecting-IP/X-Forwarded-Forrequest headers. - Proxy
Start Error - Error type for proxy startup failures
Functions§
- discover_
certificates - Find all certificates in the storage directory
- load_
existing_ certs_ into_ resolver - Load existing certificates into the SNI resolver
Type Aliases§
- Pingora
Proxy Config - Backwards-compatible alias for
ZLayerProxyConfig.