gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies

GProxy as a Library

Library Documentation:

go get -u github.com/graphikDB/gproxy

Automatic LetsEncrypt/Acme Based SSL Encryption
Transparent gRPC Proxy(including streaming)
Transparent http Proxy(including websockets)
Expression-Based Routing
Expression-Based Acme Host Policies
Functional Arguments for extensive configuration of http(s) & grpc servers
Graceful Shutdown

        proxy, err := gproxy.New(ctx,
		// serve unencrypted http/gRPC traffic on port 8080
		gproxy.WithInsecurePort(8080),
		// serve encrypted http/gRPC traffic on port 443
		gproxy.WithSecurePort(443),
		// if the request is http & the request host contains localhost, proxy to the target http server
		// expression attributes: (this.http, this.grpc, this.host, this.headers, this.path)
        	gproxy.WithRoute(fmt.Sprintf(`this.http && this.host.endsWith('graphikdb.io') => "%s"`, httpServer.URL)),
        	// if the request is gRPC & the request host contains localhost, proxy to the target gRPC server
		gproxy.WithRoute(fmt.Sprintf(`this.grpc && this.host.endsWith('graphikdb.io') => "%s"`, grpcServer.URL)),
		// when deploying, set the letsencrypt list of allowed domains
		// expression attributes: (this.host)
       		gproxy.WithAcmePolicy("this.host.contains('graphikdb.io')"))
	if err != nil {
		fmt.Println(err.Error())
		return
	}
    // start blocking server
	if err := proxy.Serve(ctx); err != nil {
		fmt.Println(err.Error())
		return
	}

GProxy as a Service

docker:

docker pull graphikDB:gproxy:v1.0.2

homebrew(Mac):

brew tap graphik/tools [email protected]:graphikDB/graphik-homebrew.git

brew install gproxy

default config path: ./gproxy.yaml which may be changed with the --config flag or the GRAPHIK_CONFIG environmental variable

Example Config:

debug: true
autocert:
  ## expression attributes: (this.host)
  policy: "this.host.contains('graphikdb.io')"
routing:
  ## expression attributes: (this.http, this.grpc, this.host, this.headers, this.path)
  - "this.http && this.host.endsWith('graphikdb.io') => 'http://localhost:7821'"
  - "this.grpc && this.host.endsWith('graphikdb.io') => 'localhost:7820'"
server:
  insecure_port: 8080
  secure_port: 443
cors:
  origins: "*"
  methods: "*"
  headers:
    - "GET"
    - "POST"
    - "PUT"
    - "DELETE"
    - "PATCH"
watch: true # hot reload config changes

Deployment

Kubernetes

example manifest:

apiVersion: v1
kind: Namespace
metadata:
  name: gproxy
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: gproxy-config
  namespace: gproxy
data:
  gproxy.yaml: |-
    debug: true
    autocert:
      ## expression attributes: (this.host)
      policy: "this.host.contains('graphikdb.io')"
    routing:
      ## expression attributes: (this.http, this.grpc, this.host, this.headers, this.path)
      - "this.http && this.host.endsWith('graphikdb.io') => { 'target': 'http://localhost:7821' }"
      - "this.grpc && this.host.endsWith('graphikdb.io') => { 'target': 'localhost:7820' }"
    server:
      insecure_port: 80
      secure_port: 443
    cors:
      origins: "*"
      methods: "*"
      headers:
        - "GET"
        - "POST"
        - "PUT"
        - "DELETE"
        - "PATCH"
    watch: true # hot reload config changes
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: gproxy
  namespace: gproxy
  labels:
    app: gproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gproxy
  serviceName: "gproxy"
  template:
    metadata:
      labels:
        app: gproxy
    spec:
      containers:
        - name: gproxy
          image: graphikdb/gproxy:v1.0.2
          imagePullPolicy: Always
          ports:
            - containerPort: 80
            - containerPort: 443
          env:
            - name: GPROXY_CONFIG
              value: /tmp/gproxy/gproxy.yaml
          volumeMounts:
            - mountPath: /tmp/certs
              name: certs-volume
            - mountPath: /tmp/gproxy/gproxy.yaml
              name: config-volume
              subPath: gproxy.yaml
      volumes:
        - name: config-volume
          configMap:
            name: gproxy-config
  volumeClaimTemplates:
    - metadata:
        name: certs-volume
      spec:
        accessModes: [ "ReadWriteOnce" ]
        resources:
          requests:
            storage: 5Mi

---
apiVersion: v1
kind: Service
metadata:
  name: gproxy
  namespace: gproxy
spec:
  selector:
    app: gproxy
  ports:
    - protocol: TCP
      port: 80
      name: insecure
    - protocol: TCP
      port: 443
      name: secure
  type: LoadBalancer
---

save to k8s.yaml & apply with

kubectl apply -f k8s.yaml

watch as pods come up:

kubectl get pods -n gproxy -w

check LoadBalancer ip:

kubectl get svc -n gproxy

Portexporter - A HTTP(S) Proxy that registers one or more Gateways across a network boundary and proxies requests to those Gateways

portexporter An HTTP(S) Proxy that registers one or more Gateways across a netwo

Mar 21, 2022

GoHooks make it easy to send and consume secured web-hooks from a Go application

GoHooks GoHooks make it easy to send and consume secured web-hooks from a Go application. A SHA-256 signature is created with the sent data plus an en

Nov 16, 2022

Go based grpc - grpc gateway micro service example

go-grpc-gateway-server This repository provides an example for go based microservice. Go micro services developed based on gRPC protobuf's and also us

Dec 8, 2021

EVM-compatible chain secured by the Lachesis consensus algorithm

ICICB galaxy EVM-compatible chain secured by the Lachesis consensus algorithm. Building the source Building galaxy requires both a Go (version 1.14 or

Jan 8, 2022

Premier ACME client library for Go

acmez - ACME client library for Go ACMEz ("ack-measy" or "acme-zee", whichever you prefer) is a fully-compliant RFC 8555 (ACME) implementation in pure

Dec 27, 2022

Go HTTP tunnel is a reverse tunnel based on HTTP/2.

Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.

Dec 28, 2022

A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms

acme-dns-client A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms. It

Dec 2, 2022

A server that proxies requests and uses fhttp & my fork of CycleTLS to modify your clienthello and prevent your requests from being fingerprinted.

TLS-Fingerprint-API A server that proxies requests and uses my fork of CycleTLS & fhttp (fork of net/http) to prevent your requests from being fingerp

Jan 7, 2023

Totem - A Go library that can turn a single gRPC stream into bidirectional unary gRPC servers

Totem is a Go library that can turn a single gRPC stream into bidirectional unar

Jan 6, 2023

gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

GProxy as a Library

GProxy as a Service

Deployment

Kubernetes

Owner

Similar Resources

Portexporter - A HTTP(S) Proxy that registers one or more Gateways across a network boundary and proxies requests to those Gateways

GoHooks make it easy to send and consume secured web-hooks from a Go application

Go based grpc - grpc gateway micro service example

EVM-compatible chain secured by the Lachesis consensus algorithm

Premier ACME client library for Go

Go HTTP tunnel is a reverse tunnel based on HTTP/2.

A client software for acme-dns with emphasis on usability and guidance through setup and additional security safeguard mechanisms

A server that proxies requests and uses fhttp & my fork of CycleTLS to modify your clienthello and prevent your requests from being fingerprinted.

Totem - A Go library that can turn a single gRPC stream into bidirectional unary gRPC servers

Related tags

rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.

GRPC - Creating a gRPC service from scratch

A pair of local reverse proxies (one in Windows, one in Linux) for Tailscale on WSL2

Reverse Proxying + Static File Serving + Let's Encrypt + multiple hosts

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.

protoc-gen-grpc-gateway-ts is a Typescript client generator for the grpc-gateway project. It generates idiomatic Typescript clients that connect the web frontend and golang backend fronted by grpc-gateway.

grpc-http1: A gRPC via HTTP/1 Enabling Library for Go

HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.

Echo-server - An HTTP echo server designed for testing applications and proxies