feat(config): enable letsencrypt options via config file

.gitignore

@@ -2,7 +2,7 @@
 .DS_Store
 /data
 /dist
-proksi.yaml
+/proksi.yaml
 .zed/
 .vscode/
 /tmp

Cargo.toml

@@ -19,10 +19,10 @@ incremental = true
 
 [profile.release]
 opt-level = 2
-strip = "symbols" # Automatically strip symbols from the binary.
-lto = true        # Enable link-time optimization.
+strip = "symbols"  # Automatically strip symbols from the binary.
+lto = true         # Enable link-time optimization.
 debug = false
-codegen-units = 4
+codegen-units = 12
 
 [dependencies]
 anyhow = "1.0.83"

README.md

@@ -26,7 +26,7 @@ Proksi is a simple, lightweight, and easy-to-use proxy server that automatically
   - [Configuration](#configuration)
     - [YAML/TOML Configuration](#yamltoml-configuration)
     - [Environment variables](#environment-variables)
-  - [Examples](#examples)
+  - [Configuration Examples](#examples)
   - [Performance \& Benchmarks](#performance--benchmarks)
   - [Why build another proxy...?](#why-build-another-proxy)
 
@@ -296,7 +296,7 @@ export PROKSI_ROUTES='[{host="example.com", upstreams=[{ip="10.0.1.24", port=300
 In the future you might be able to use `PROKSI_ROUTES__0__HOST` to set the host of the first route (or any other), but this is not yet implemented.
 
 
-## Examples
+## Configuration Examples
 See [the examples folder](./examples) to learn about how to use Proksi.
 
 
@@ -308,8 +308,9 @@ An sample run from the `wrk` benchmark on the simple `/ping` endpoint shows the
 
 ```bash
 # Apple M1 Pro, 16GB
-# Memory Usage: 15MB, CPU Usage: 13%, 12 threads
-# Ran at 2024-05-16T23:47
+# Memory Usage: 15MB, CPU Usage: 13%, 4 worker threads
+# at 2024-05-16T23:47
+# Wrk > 50 connections, 4 threads, 30s duration
 wrk -c 50 -t 4 -d 30s http://127.0.0.1/ping
 
 Running 30s test @ http://127.0.0.1/ping

examples/proksi.toml

@@ -0,0 +1,123 @@
+# Description: Example configuration file for Proksi
+#
+# Proksi is a reverse proxy server that can be used to route incoming requests to different upstream servers based on the request's host, path, headers, and other attributes.
+#
+# This configuration file specifies the following settings:
+#
+#
+# ------------------------------------------------------------------
+# The name of the service is "proksi".
+# This will show in logs and it's mostly used for log filtering if needed
+service_name = "proksi"
+
+# Number of threads that the HTTPS service will use to handle incoming requests.
+# This can be adjusted based on the number of CPU cores available on the server.
+# The default value is 1.
+#
+# Note: Increasing the number of threads can improve the performance of the server, but it can also increase the memory usage.
+#
+# Note 2: This only affect the HTTPS service, the HTTP service
+# (and other background services) is single threaded.
+worker_threads = 4
+
+# The configuration for the Let's Encrypt integration.
+[letsencrypt]
+# Whether the Let's Encrypt integration is enabled
+# (the background service will run and issue certificates for your routes).
+enabled = true
+
+# The email address to use for Let's Encrypt notifications and account registration.
+# Important: Make sure to replace this with your own email address.
+# any "@example.com" is invalid and will not work.
+email = "[email protected]"
+
+# The staging flag is used to test the Let's Encrypt integration without hitting the rate limits.
+# When set to <true>, the integration will use the Let's Encrypt staging environment.
+# --
+# When set to <false>, the integration will use the Let's Encrypt production environment
+# and certificates will be publicly trusted for 90 days.
+staging = true
+
+# The logging configuration for the server.
+[logging]
+# The log level for the server (can be "DEBUG", "INFO", "WARN", "ERROR").
+level = "INFO"
+
+# Whether access logs are enabled.
+# When set to <true>, the server will log information about incoming requests.
+# This information includes the request method, path, status code, response time and more.
+access_logs_enabled = true
+
+# Whether error logs are enabled.
+error_logs_enabled = false
+
+# The paths for the TLS certificates, challenges, orders, and account credentials.
+# You can override any, these are the current defaults.
+[paths]
+# The path where the TLS certificates will be stored in JSON format
+tls_certificates = "/etc/proksi/certificates"
+
+# The path where the TLS challenges will be stored in JSON format
+tls_challenges = "/etc/proksi/challenges"
+
+# The path where the TLS orders will be stored in JSON format
+tls_order = "/etc/proksi/orders"
+
+# The path where the TLS account credentials will be stored in JSON format
+# This is used to register an account with Let's Encrypt and it's reused as
+# long as the folder is not deleted.
+tls_account_credentials = "/etc/proksi/account-credentials"
+
+# The list of routes that the server will use to route incoming requests
+# to different upstream servers.
+# Each route is an item in the list and it has the following attributes:
+[[routes]]
+
+# The host attribute specifies the hostname that the route will match.
+# This is normally the domain, subdomain that you want to route to a particular server/ip.
+# This can be a domain name or an IP address. For IP address, no certificate will be issued.
+# The host attribute is required.
+host = "example.com"
+
+# The path_prefix attribute specifies the path prefix that the route will match.
+path_prefix = "/api"
+
+# The headers attribute specifies the headers that will
+# be added or removed at the *end* of the response
+# --
+# In the near future you will be able to modify the headers
+# of the request send to the upstream server
+# (Adds) the given headers to the dowstream (client) response
+#
+[[routes.headers.add]]
+name = "X-Forwarded-For"
+value = "<value>"
+
+[[routes.headers.add]]
+name = "X-Api-Version"
+value = "1.0"
+
+# Removes the given headers from the dowstream (client) response
+[[routes.headers.remove]]
+name = "Server"
+
+# The upstreams attribute specifies the list of upstream servers that the route will use.
+# These are load balanced and the server will try to connect to the first one in the list.
+# If the connection fails, it will try the next one.
+# --
+# Health checks run in the background to ensure you have a healthy connection always.
+[[routes.upstreams]]
+
+# The IP address of the upstream server
+# (can be any IP address, as long as Proksi can access it).
+ip = "10.1.2.24/24"
+# The port of the upstream server (can be any port).
+port = 3_000
+# The network attribute specifies the network that the upstream server is part of.
+# This is mostly important for Docker containers, but it can be used for other purposes.
+network = "public"
+
+[[routes.upstreams]]
+ip = "10.1.2.23/24"
+port = 3_000
+network = "shared"

examples/proksi.yaml

@@ -0,0 +1,120 @@
+# Description: Example configuration file for Proksi
+#
+# Proksi is a reverse proxy server that can be used to route incoming requests to different upstream servers based on the request's host, path, headers, and other attributes.
+#
+# This configuration file specifies the following settings:
+#
+#
+# ------------------------------------------------------------------
+# The name of the service is "proksi".
+# This will show in logs and it's mostly used for log filtering if needed
+service_name: "proksi"
+
+# Number of threads that the HTTPS service will use to handle incoming requests.
+# This can be adjusted based on the number of CPU cores available on the server.
+# The default value is 1.
+#
+# Note: Increasing the number of threads can improve the performance of the server, but it can also increase the memory usage.
+#
+# Note 2: This only affect the HTTPS service, the HTTP service
+# (and other background services) is single threaded.
+worker_threads: 4
+
+# The configuration for the Let's Encrypt integration.
+letsencrypt:
+
+  # Whether the Let's Encrypt integration is enabled
+  # (the background service will run and issue certificates for your routes).
+  enabled: true
+
+  # The email address to use for Let's Encrypt notifications and account registration.
+  # Important: Make sure to replace this with your own email address.
+  # any "@example.com" is invalid and will not work.
+  email: "[email protected]"
+
+  # The staging flag is used to test the Let's Encrypt integration without hitting the rate limits.
+  # When set to <true>, the integration will use the Let's Encrypt staging environment.
+  # --
+  # When set to <false>, the integration will use the Let's Encrypt production environment
+  # and certificates will be publicly trusted for 90 days.
+  staging: true
+
+# The logging configuration for the server.
+logging:
+  # The log level for the server (can be "DEBUG", "INFO", "WARN", "ERROR").
+  level: "INFO"
+
+  # Whether access logs are enabled.
+  # When set to <true>, the server will log information about incoming requests.
+  # This information includes the request method, path, status code, response time and more.
+  access_logs_enabled: true
+
+  # Whether error logs are enabled.
+  error_logs_enabled: false
+
+# The paths for the TLS certificates, challenges, orders, and account credentials.
+# You can override any, these are the current defaults.
+paths:
+
+  # The path where the TLS certificates will be stored in JSON format
+  tls_certificates: "/etc/proksi/certificates"
+
+  # The path where the TLS challenges will be stored in JSON format
+  tls_challenges: "/etc/proksi/challenges"
+
+  # The path where the TLS orders will be stored in JSON format
+  tls_order: "/etc/proksi/orders"
+
+  # The path where the TLS account credentials will be stored in JSON format
+  # This is used to register an account with Let's Encrypt and it's reused as
+  # long as the folder is not deleted.
+  tls_account_credentials: "/etc/proksi/account-credentials"
+
+
+# The list of routes that the server will use to route incoming requests
+# to different upstream servers.
+# Each route is an item in the list and it has the following attributes:
+routes:
+
+  # The host attribute specifies the hostname that the route will match.
+  # This is normally the domain, subdomain that you want to route to a particular server/ip.
+  # This can be a domain name or an IP address. For IP address, no certificate will be issued.
+  # The host attribute is required.
+  - host: "example.com"
+
+    # The path_prefix attribute specifies the path prefix that the route will match.
+    path_prefix: "/api"
+
+    # The headers attribute specifies the headers that will
+    # be added or removed at the end of the response
+    # --
+    # In the near future you will be able to modify the headers
+    # of the request send to the upstream server
+    headers:
+      # Adds the given headers to the dowstream (client) response
+      add:
+        - name: "X-Forwarded-For"
+          value: "<value>"
+        - name: "X-Api-Version"
+          value: "1.0"
+      # Removes the given headers from the dowstream (client) response
+      remove:
+        - name: "Server"
+    # The upstreams attribute specifies the list of upstream servers that the route will use.
+    # These are load balanced and the server will try to connect to the first one in the list.
+    # If the connection fails, it will try the next one.
+    # --
+    # Health checks run in the background to ensure you have a healthy connection always.
+    upstreams:
+      # The IP address of the upstream server
+      # (can be any IP address, as long as Proksi can access it).
+      - ip: "10.1.2.24/24"
+        # The port of the upstream server (can be any port).
+        port: 3000
+
+        # The network attribute specifies the network that the upstream server is part of.
+        # This is mostly important for Docker containers, but it can be used for other purposes.
+        network: "public"
+      - ip: "10.1.2.23/24"
+        port: 3000
+        network: "shared"