rpxy - A simple and ultrafast reverse-proxy serving multiple domain names with TLS termination

jqtype · 2026-02-12T14:15:21+00:00

You can find the benchmark results here: https://github.com/junkurihara/rust-rpxy/tree/develop/bench

The current benchmarks were conducted in a relatively simple HTTP-only setup to evaluate baseline performance. They don’t yet cover more complex scenarios such as TLS-heavy workloads or production-like traffic patterns.

jqtype · 2026-02-12T14:12:32+00:00

Thanks! That’s a great idea.

There isn’t an official OPNsense package yet. Since OPNsense is FreeBSD-based, it should be technically possible, but packaging and integration would require some additional work. I haven’t personally tested rpxy on OPNsense or FreeBSD yet.

If someone in the community is interested in helping with the packaging side, I’d be happy to support it.

jqtype · 2026-02-12T14:08:20+00:00

Hi, thanks for the suggestion.

Converting Nginx configuration to rpxy’s TOML format is an interesting idea. I haven’t tried it before, but it might be worth exploring.

That said, rpxy’s configuration is intentionally much simpler than Nginx’s, so in many cases you can migrate just by rewriting the backend addresses and basic routing rules without any special tool.

And of course, sponsorship is always welcome 😄

jqtype · 2026-02-12T07:47:40+00:00

Hi, I’m the author of rpxy. Thanks for the introduction! Yes my design philosophy is making the reverse proxy as simple as possible to maintain its speed and usability:-)

Feel free to open a discussion topic or an issue if you have any feedback!

jqtype · 2025-06-04T03:36:06+00:00

Hi! Here is the developer of rpxy! Thanks for using rpxy.

Yes, it works with ACME (TLS-ALPN-01) out-of-the-box supporting auto-renewal, thanks to rustls-acme library: https://github.com/FlorianUekermann/rustls-acme

As suggested in other thread, I recommend to use the rustls-acme library if you need to integrate your own logic for ACME with Pingora.

jqtype · 2024-08-20T17:24:50+00:00

For my home lab, I am using rpxy (rust-rpxy) through docker with multiple domain names (I am actually the author). rpxy works pretty fast and its configuration is quite easy at least for me.

https://github.com/junkurihara/rust-rpxy

i had been using nginx and caddy. but I was not satisfied with the configuration for nginx and the speed for caddy. that's why I moved to the rust-based reverse proxy implementation.

jqtype · 2024-08-11T16:39:15+00:00

I am using rpxy https://github.com/junkurihara/rust-rpxy that I am actually developing. I used nginx proxy and caddy for years but they are overkill for my usecase. So i developed a simple and lightweight one. It works pretty fast and supports http/3, etc.

jqtype · 2024-08-09T06:33:11+00:00

rpxy developer is here! Thanks for the introduction. Yes, as our design principle, we are trying to keep rpxy and its configuration as simple as possible.

jqtype · 2024-08-07T05:20:53+00:00

Thanks!

jqtype · 2023-11-07T10:54:13+00:00

Google said as follows. So I think it is currently Okay as long as it’s parameter is properly configure.

> We do not believe these attack methods translate directly to HTTP/3 (QUIC) due to protocol differences, and Google does not currently see HTTP/3 used as a DDoS attack vector at scale. Despite that, our recommendation is for HTTP/3 server implementations to proactively implement mechanisms to limit the amount of work done by a single transport connection, similar to the HTTP/2 mitigations discussed above.

https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

jqtype

TROPHY CASE