geoffsee/simple-proxy
1
0
Fork 0
mirror of https://github.com/seemueller-io/simple-proxy.git synced 2025-09-08 22:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
simple-proxy/README.md

160 lines
4.9 KiB
Markdown
Raw Permalink Blame History

# Simple Proxy Server
This implementation addresses a challenge of TLS termination within development Kubernetes environments that leverage self-signed certificates for secure communication.
It is a lightweight HTTP proxy server built with Axum that forwards all requests to a configurable target URL.
## Security Considerations
⚠️ **Important Security Warnings**:
- **TLS Certificate Validation Disabled**: The proxy accepts invalid/self-signed certificates, making it vulnerable to man-in-the-middle attacks
- **Development/Testing Only**: This proxy is not intended for production use
- **No Authentication**: No authentication or authorization mechanisms
- **Permissive CORS**: Allows cross-origin requests from any domain
- **Unfiltered Forwarding**: All requests are forwarded without validation or sanitization
> As a safety precaution, this crate is not published to crates.io. You must build from source.
## Features
- **Flexible Configuration**: Environment variable and .env file support for easy setup
- **Full HTTP Support**: Forwards all HTTP methods (GET, POST, PUT, DELETE, etc.)
- **Header Preservation**: Maintains request and response headers (filtering out hop-by-hop headers)
- **Body Forwarding**: Preserves request and response bodies
- **Self-Signed Certificate Support**: Accepts invalid/self-signed TLS certificates
- **Error Handling**: Comprehensive error handling with proper HTTP status codes
- **Logging**: Built-in tracing for request monitoring
- **CORS Support**: Includes permissive CORS headers
## Configuration
The proxy server supports flexible configuration through environment variables and a `.env` file.
### Environment Variables
- `PROXY_TARGET`: The target URL to proxy requests to (default: `https://machine.127.0.0.1.sslip.io`)
- `PROXY_BIND_ADDR`: The address and port to bind the server to (default: `127.0.0.1:3030`)
### .env File Support
The application automatically loads configuration from a `.env` file in the project root:
```env
PROXY_TARGET=https://your-target-server.com
PROXY_BIND_ADDR=127.0.0.1:3030
```
To change the configuration:
1. Create or edit the `.env` file in the project root
2. Set the desired values for `PROXY_TARGET` and/or `PROXY_BIND_ADDR`
3. Restart the application
You can also set these environment variables directly in your shell or deployment environment.
## Building
```bash
# Check compilation
cargo check
# Build release version
cargo build --release
# Run in development mode
cargo run
```
## Running
The server listens on `127.0.0.1:3030` by default (configurable via `PROXY_BIND_ADDR`).
```bash
# Start the proxy server (uses .env file if present)
cargo run
# Or with environment variables
PROXY_TARGET=https://your-target.com PROXY_BIND_ADDR=0.0.0.0:8080 cargo run
# The server will output:
# Simple proxy server starting on http://127.0.0.1:3030
# Proxying requests to: https://machine.127.0.0.1.sslip.io
```
### Configuration Priority
Environment variables are loaded in the following order (later sources override earlier ones):
1. Default values (hardcoded in the application)
2. `.env` file (if present)
3. System environment variables
## Usage Examples
Once running, you can send requests to the proxy server:
```bash
# GET request
curl http://127.0.0.1:3030/
# POST request with JSON data
curl -X POST http://127.0.0.1:3030/ \
-H "Content-Type: application/json" \
-d '{"key": "value"}'
# Any path will be forwarded
curl http://127.0.0.1:3030/api/health
curl http://127.0.0.1:3030/some/path
```
All requests will be forwarded to the configured target URL while preserving:
- HTTP method
- Request path and query parameters
- Headers (except hop-by-hop headers)
- Request body
## Logging
The server uses structured logging via `tracing`. Set the `RUST_LOG` environment variable to control log levels:
```bash
# Debug level logging
RUST_LOG=debug cargo run
# Info level (default)
RUST_LOG=info cargo run
# Only errors
RUST_LOG=error cargo run
```
## TLS/Certificate Handling
The proxy is configured to accept self-signed and invalid TLS certificates from the target server. This is accomplished using the `danger_accept_invalid_certs(true)` setting in the reqwest client configuration.
This feature allows the proxy to connect to:
- Servers with self-signed certificates
- Servers with expired certificates
- Servers with certificates that don't match the hostname
- Development/testing environments with invalid certificates
**⚠️ Security Warning**: This setting disables certificate validation, which makes the connection vulnerable to man-in-the-middle attacks. Only use this for development, testing, or trusted network environments.
## Architecture
- **Framework**: Axum web framework
- **HTTP Client**: reqwest with rustls-tls
- **Async Runtime**: Tokio
- **Logging**: tracing with tracing-subscriber
## Testing
The project includes unit tests for proxy functionality.
### Running Tests
```bash
# Run all tests
cargo test
```
Reference in New Issue View Git Blame Copy Permalink