proxies requests with user supplied configuration or defaults

2025-09-08 22:56:47 +00:00 · 2025-08-15 12:25:26 -04:00
commit b479d5900e
8 changed files with 3849 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,159 @@
+# Simple Proxy Server
+
+This implementation addresses a challenge of TLS termination within development Kubernetes environments that leverage self-signed certificates for secure communication. 
+It is a lightweight HTTP proxy server built with Axum that forwards all requests to a configurable target URL.
+
+## Security Considerations
+
+⚠️ **Important Security Warnings**:
+
+- **TLS Certificate Validation Disabled**: The proxy accepts invalid/self-signed certificates, making it vulnerable to man-in-the-middle attacks
+- **Development/Testing Only**: This proxy is not intended for production use
+- **No Authentication**: No authentication or authorization mechanisms
+- **Permissive CORS**: Allows cross-origin requests from any domain
+- **Unfiltered Forwarding**: All requests are forwarded without validation or sanitization
+
+> As a safety precaution, this crate is not published to crates.io. You must build from source.
+
+## Features
+
+- **Flexible Configuration**: Environment variable and .env file support for easy setup
+- **Full HTTP Support**: Forwards all HTTP methods (GET, POST, PUT, DELETE, etc.)
+- **Header Preservation**: Maintains request and response headers (filtering out hop-by-hop headers)
+- **Body Forwarding**: Preserves request and response bodies
+- **Self-Signed Certificate Support**: Accepts invalid/self-signed TLS certificates
+- **Error Handling**: Comprehensive error handling with proper HTTP status codes
+- **Logging**: Built-in tracing for request monitoring
+- **CORS Support**: Includes permissive CORS headers
+
+## Configuration
+
+The proxy server supports flexible configuration through environment variables and a `.env` file.
+
+### Environment Variables
+
+- `PROXY_TARGET`: The target URL to proxy requests to (default: `https://machine.127.0.0.1.sslip.io`)
+- `PROXY_BIND_ADDR`: The address and port to bind the server to (default: `127.0.0.1:3030`)
+
+### .env File Support
+
+The application automatically loads configuration from a `.env` file in the project root:
+
+```env
+PROXY_TARGET=https://your-target-server.com
+PROXY_BIND_ADDR=127.0.0.1:3030
+```
+
+To change the configuration:
+1. Create or edit the `.env` file in the project root
+2. Set the desired values for `PROXY_TARGET` and/or `PROXY_BIND_ADDR`
+3. Restart the application
+
+You can also set these environment variables directly in your shell or deployment environment.
+
+## Building
+
+```bash
+# Check compilation
+cargo check
+
+# Build release version
+cargo build --release
+
+# Run in development mode
+cargo run
+```
+
+## Running
+
+The server listens on `127.0.0.1:3030` by default (configurable via `PROXY_BIND_ADDR`).
+
+```bash
+# Start the proxy server (uses .env file if present)
+cargo run
+
+# Or with environment variables
+PROXY_TARGET=https://your-target.com PROXY_BIND_ADDR=0.0.0.0:8080 cargo run
+
+# The server will output:
+# Simple proxy server starting on http://127.0.0.1:3030
+# Proxying requests to: https://machine.127.0.0.1.sslip.io
+```
+
+### Configuration Priority
+
+Environment variables are loaded in the following order (later sources override earlier ones):
+1. Default values (hardcoded in the application)
+2. `.env` file (if present)
+3. System environment variables
+
+## Usage Examples
+
+Once running, you can send requests to the proxy server:
+
+```bash
+# GET request
+curl http://127.0.0.1:3030/
+
+# POST request with JSON data
+curl -X POST http://127.0.0.1:3030/ \
+  -H "Content-Type: application/json" \
+  -d '{"key": "value"}'
+
+# Any path will be forwarded
+curl http://127.0.0.1:3030/api/health
+curl http://127.0.0.1:3030/some/path
+```
+
+All requests will be forwarded to the configured target URL while preserving:
+- HTTP method
+- Request path and query parameters
+- Headers (except hop-by-hop headers)
+- Request body
+
+## Logging
+
+The server uses structured logging via `tracing`. Set the `RUST_LOG` environment variable to control log levels:
+
+```bash
+# Debug level logging
+RUST_LOG=debug cargo run
+
+# Info level (default)
+RUST_LOG=info cargo run
+
+# Only errors
+RUST_LOG=error cargo run
+```
+
+## TLS/Certificate Handling
+
+The proxy is configured to accept self-signed and invalid TLS certificates from the target server. This is accomplished using the `danger_accept_invalid_certs(true)` setting in the reqwest client configuration.
+
+This feature allows the proxy to connect to:
+- Servers with self-signed certificates
+- Servers with expired certificates
+- Servers with certificates that don't match the hostname
+- Development/testing environments with invalid certificates
+
+**⚠️ Security Warning**: This setting disables certificate validation, which makes the connection vulnerable to man-in-the-middle attacks. Only use this for development, testing, or trusted network environments.
+
+## Architecture
+
+- **Framework**: Axum web framework
+- **HTTP Client**: reqwest with rustls-tls
+- **Async Runtime**: Tokio
+- **Logging**: tracing with tracing-subscriber
+
+## Testing
+
+The project includes unit tests for proxy functionality.
+
+### Running Tests
+
+```bash
+# Run all tests
+cargo test
+```
+
+