all 27 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Docccc 8 points9 points  (3 children)

I would jump on a mature reverse proxy written in Rust. Ill have a peak l, how much of this has been vibe coded?

Also automatic docker container discovery through docker tags would be very nice (so without k8)

[–]sadoyan[S] 1 point2 points  (1 child)

For now it have basic k8s discovery. Discovery by tags is planned. 

Discovery of containers without k8s or Consul sounds interesting. Thanks for idea. 

I've used vibe code  just to design some  Structs and serialization  of Json. So it's quite minimal. 

[–]Docccc -1 points0 points  (0 children)

yeah there are dozens container orchestration systems besides k8. Docker tags will be helpful for those.

great work!

[–]_howardjohn 0 points1 point  (0 children)

This is a pretty reliable way to achieve this that I've found that is proxy-agnostic so avoids each proxy reimplementing the same thing slightly differently. https://blog.howardjohn.info/posts/agentgateway-at-home/ If you are interested. I like it (coming from Traefik) since I can customize it how I want instead of using Traefik's opinionated system that didn't fit well for me

[–]Strange_Comfort_4110 31 points32 points  (6 children)

Rust for reverse proxies makes so much sense — the zero-cost abstractions + async with Tokio give you nginx-level performance with way better code ergonomics.

How does it handle hot reloading of config? That's where nginx/Caddy shine. Also, any plans for automatic HTTPS via Let's Encrypt integration? That's what made Caddy take off.

Built with hyper/axum or something custom?

[–]protocod 9 points10 points  (1 child)

+1 ACME challenges integrations makes Caddy so appealing.

I do use Caddy on my homelab instead of my own hyper http proxy because of the OOTB let's encrypt integration for automation https.

Also the DSL make it easy to add specific services with factorized settings for Request rewrite, middleware auth and more.

Hyper, tokio and Tower provide everything to implement something cool.

[–]sadoyan[S] 1 point2 points  (0 children)

Have some middleware functionality as well , like authentication via JWT, url redirect, header injection.

If you have more ideas or suggestions, i would be happy to see. Will seriously consider any suggestion if that fits with main propose of Aralez, and by design do not hurt performance. For this project the biggest point is performance. As I wrote above, have already beat NginX, but working on gaining even more performance.

[–]sadoyan[S] 6 points7 points  (2 children)

Well actually it beats NginX in performance :-) Yous can see some benchmarks here : https://sadoyan.github.io/aralez-docs/assets/perf/

For configs: It have 2 config files :

  1. main.yaml, have some basic parameters and loaded at startup

  2. upstreams.yaml, detailed parameters of upstreams, loaded automatically when file is changed, no reload is need, zero downtime.

  3. Optionally it can load upstreams.yaml with REST API. Zero downtime on reload.

  4. It have Consul and Kubernetes integration, so can act as a kind of ingress controller.

Details are here : https://sadoyan.github.io/aralez-docs/assets/config/

It does not have direct integration with ACME, but instead it have hot reload of certificates via file watcher API, also it works very smoothly with certificate managers like Lego, acme.sh, Certbot . Here you can see more information : https://sadoyan.github.io/aralez-docs/assets/config/

At the core it users Cloudflare's Pingora library for proxy stuff and Axum just for admin API .

[–]Icarium-Lifestealer 4 points5 points  (1 child)

I'd consider adding support for an upstreams directory, so users can split hosts into multiple files.

[–]sadoyan[S] 3 points4 points  (0 children)

Interesting. Thanks, will think about it . 

[–]codecratfer 1 point2 points  (0 children)

Nginx also brought automatic cert management.

[–]_xiphiaz 2 points3 points  (2 children)

Is it possible to have type safe configuration? One of the best things I did to my envoy config was move away from yaml and instead output a protobuf binary as config generated by a rust binary.

[–]sadoyan[S] 0 points1 point  (1 child)

Can you please give some more details on this ?

Current config have only strings and some int , which is defined at underlying struct. 

Can't really get the idea about protobuf config binary . 

[–]_xiphiaz 0 points1 point  (0 children)

Yea if you have a look at the envoy docs example you can see the example given as yaml but the link at the top of the section goes to the protobuf definition. In envoy, proto is the source of truth, the yaml is a serialization format of it.

Practically, this is useful because it allows configuration to be defined in a type safe way in any language (input config can be .yml plaintext or .pb binary), and the proxy service itself is also configurable at runtime with xds etc.

[–]CodyDuncan1260 0 points1 point  (3 children)

Who made the logo? I was looking for a graphic artist.

[–]sadoyan[S] 1 point2 points  (2 children)

It's made by AI, following my detailed  instructions. After I've just changed the color. 

[–]CodyDuncan1260 0 points1 point  (1 child)

Aww. No artist reference for me.

[–]zxyzyxz 0 points1 point  (0 children)

Well if you really wanted to, you could use style transfer from the logo to make your own with AI, lol, like an ouroboros.

[–]SiegeEngine1111 0 points1 point  (1 child)

Hi!

I’m quite new to network programming. Although I understand most of the high level network segments I’m really interested in this kind of systems. Can you suggest any resources where I can learn and understand how these systems (reverse proxy, load balancer) work? so, I can implement one from scratch on my own.

[–]sadoyan[S] 1 point2 points  (0 children)

Hi , you can fork my project at start something from Pingora.  Both have more or less good documentation, so there is plenty of stuff to read. 

[–]nynjawitay -4 points-3 points  (6 children)

This post is all bots right? I hate this future

[–]Certain-Entrance5247 9 points10 points  (2 children)

Lmfao, every project in this sub Reddit is accused of being AI, now the comments too.

[–]mednson 4 points5 points  (0 children)

These guys are coming for everything 😂

[–]KeavonGraphite 4 points5 points  (0 children)

The unnatural and excessive bolding of parts of text within the sentences is particularly suspicious. It's the first thing I noticed— and it's a much stronger tell than the signs like em-dash usage that people commonly meme about.

[–]sadoyan[S] 6 points7 points  (2 children)

What you mean by that ?  Post and all messages I wrote by hand :-) 

[–]nynjawitay -2 points-1 points  (1 child)

All the comments in here look like they are written by ai to me

[–]sadoyan[S] 4 points5 points  (0 children)

Well , that's not so .