Struct ProxyServer 

pub struct ProxyServer { /* private fields */ }

The proxy server

Implementations

impl ProxyServer

pub fn new( config: ProxyConfig, registry: Arc<ServiceRegistry>, load_balancer: Arc<LoadBalancer>, ) -> Self

Create a new proxy server

pub fn with_registry( config: ProxyConfig, registry: Arc<ServiceRegistry>, load_balancer: Arc<LoadBalancer>, ) -> Self

Create a proxy server with an existing registry (alias for new)

pub fn with_tls_resolver( config: ProxyConfig, registry: Arc<ServiceRegistry>, load_balancer: Arc<LoadBalancer>, resolver: Arc<SniCertResolver>, ) -> Self

Create a proxy server with TLS via SNI resolver

pub fn with_cert_manager(self, cm: Arc<CertManager>) -> Self

Set the certificate manager for ACME challenge interception

pub fn with_network_policy_checker(self, checker: NetworkPolicyChecker) -> Self

Set the network policy checker for access control enforcement

pub fn has_tls(&self) -> bool

Check if TLS is enabled

pub fn tls_acceptor(&self) -> Option<&TlsAcceptor>

Get the TLS acceptor if configured

pub fn registry(&self) -> Arc<ServiceRegistry>

Get the service registry

pub fn config(&self) -> Arc<ProxyConfig>

Get the configuration

pub fn shutdown(&self)

Signal the server to shut down

pub async fn run(&self) -> Result<()>

Run the HTTP server

Errors

Returns an error if binding to the configured HTTP address fails or if the accept loop encounters a fatal error.

pub async fn run_on(&self, addr: SocketAddr) -> Result<()>

Run the server on a specific address

Errors

Returns an error if binding to the given address fails or if the accept loop encounters a fatal error.

pub async fn run_with_retry(&self, addr: SocketAddr) -> Result<()>

Run the HTTP ingress server on a specific address, retrying the bind FOREVER on failure instead of returning a fatal error.

This is the ingress entry point: if addr (typically 0.0.0.0:80) is already held, it logs a warning and keeps retrying the bind with a capped exponential backoff until the port frees, then proceeds to the normal accept loop. It NEVER returns ProxyError::BindFailed.

Errors

Returns an error only if the accept loop itself encounters a fatal error after a successful bind. Bind failures are non-fatal.

pub async fn run_https(&self) -> Result<()>

Run the HTTPS server

This requires TLS to be configured when creating the ProxyServer.

Errors

Returns an error if TLS is not configured, if binding to the configured HTTPS address fails, or if the accept loop encounters a fatal error.

pub async fn run_https_on(&self, addr: SocketAddr) -> Result<()>

Run the HTTPS server on a specific address

Errors

Returns an error if TLS is not configured, if binding to the given address fails, or if the accept loop encounters a fatal error.

pub async fn run_https_with_retry(&self, addr: SocketAddr) -> Result<()>

Run the HTTPS ingress server on a specific address, retrying the bind FOREVER on failure instead of returning a fatal error.

This is the TLS ingress entry point: if addr (typically 0.0.0.0:443) is already held, it logs a warning and keeps retrying the bind with a capped exponential backoff until the port frees, then proceeds to the normal TLS accept loop. It NEVER returns ProxyError::BindFailed.

Errors

Returns an error if TLS is not configured, or if the accept loop itself encounters a fatal error after a successful bind. Bind failures are non-fatal.

pub async fn run_both(&self) -> Result<()>

Run both HTTP and HTTPS servers concurrently

This requires TLS to be configured when creating the ProxyServer.

Errors

Returns an error if TLS is not configured, if binding to either the HTTP or HTTPS address fails, or if either accept loop encounters a fatal error.