GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sourcelair → Ceryx

sourcelair / Ceryx

Licence: mit
Dynamic reverse proxy based on NGINX OpenResty with an API

Programming Languages

python
139335 projects - #7 most used programming language

Labels

dockerproxynginxsslletsencrypt

Projects that are alternatives of or similar to Ceryx

Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (-37.94%)
Mutual labels:  proxy, ssl, letsencrypt, nginx
Serverpilot Letsencrypt
Automate the installation of Let's Encrypt SSL on the free plan of ServerPilot
Stars: ✭ 129 (-81.25%)
Mutual labels:  ssl, letsencrypt, nginx
Lua Resty Auto Ssl
On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
Stars: ✭ 1,786 (+159.59%)
Mutual labels:  ssl, letsencrypt, nginx
Docker Nginx Auto Ssl
Docker image for automatic generation of SSL certs using Let's encrypt and Open Resty
Stars: ✭ 282 (-59.01%)
Mutual labels:  ssl, letsencrypt, nginx
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (-74.71%)
Mutual labels:  ssl, letsencrypt, nginx
Nginx Le
Nginx with automatic let's encrypt (docker image)
Stars: ✭ 475 (-30.96%)
Mutual labels:  proxy, letsencrypt, nginx
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+2077.76%)
Mutual labels:  ssl, letsencrypt, nginx
Acme Nginx
python acme client for nginx
Stars: ✭ 248 (-63.95%)
Mutual labels:  ssl, letsencrypt, nginx
Proxygateway
Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等
Stars: ✭ 335 (-51.31%)
Mutual labels:  proxy, nginx
Acme Client
Let's Encrypt / ACME client written in PHP for the CLI.
Stars: ✭ 337 (-51.02%)
Mutual labels:  ssl, letsencrypt
Service Proxy
API gateway for REST and SOAP written in Java.
Stars: ✭ 355 (-48.4%)
Mutual labels:  proxy, ssl
Hiproxy
🛠 hiproxy is a lightweight proxy tool for Front-End developers based on Node.js that supports an NGINX-like configuration. 🔥
Stars: ✭ 629 (-8.58%)
Mutual labels:  proxy, nginx
Open Proxy
一键部署被墙网站反向代理; 免翻墙访问被禁网站
Stars: ✭ 274 (-60.17%)
Mutual labels:  proxy, nginx
E2guardian
E2guardian is a web content filter that can work in proxy, transparent or icap server modes
Stars: ✭ 340 (-50.58%)
Mutual labels:  proxy, ssl
docker-haproxy-certbot
Dockerized HAProxy with Let's Encrypt certificates automatic renewal
Stars: ✭ 28 (-95.93%)
Mutual labels:  letsencrypt, ssl
Echo
High performance, minimalist Go web framework
Stars: ✭ 21,297 (+2995.49%)
Mutual labels:  ssl, letsencrypt
acme-companion
Automated ACME SSL certificate generation for nginx-proxy
Stars: ✭ 6,434 (+835.17%)
Mutual labels:  letsencrypt, ssl
Certes
A client implementation for the Automated Certificate Management Environment (ACME) protocol
Stars: ✭ 357 (-48.11%)
Mutual labels:  ssl, letsencrypt
Django React Boilerplate
DIY Django + React Boilerplate for starting your SaaS
Stars: ✭ 385 (-44.04%)
Mutual labels:  letsencrypt, nginx
Ansible Role Certbot
Ansible Role - Certbot (for Let's Encrypt)
Stars: ✭ 477 (-30.67%)
Mutual labels:  ssl, letsencrypt
View All Similar Projects ➔

Ceryx - Rock-solid, programmable HTTP(S) reverse proxy

Build Status

Ceryx is the rock-solid, programmable reverse proxy used to provide tens of thousands of SourceLair projects with their unique HTTPS-enabled public URLs.

High-level architecture

One of the main traits of Ceryx that makes it rock-solid is the simplicity in its design. Ceryx is comprised of two components and a Redis backend: the HTTP(S) reverse proxy and an API.

Proxy

Ceryx uses NGINX OpenResty under the hood to route requests, based on the HTTP request's Host header or the Server Name Indication in HTTPS requests. Ceryx queries the Redis backend to decide to which target it should route each request.

API

The Ceryx API lets users dynamically create, update and delete Ceryx routes via any HTTP client. The API essentially validates, sanitizes and eventually stores input in the Ceryx backend, to be queried by the proxy.

Configuration

Ceryx is configured with the following environment variables:

  • CERYX_API_HOST: The host to bind the Ceryx API (default: 127.0.0.1)
  • CERYX_API_HOSTNAME: Optional publicly accessible hostname for the Ceryx API (default: None)
  • CERYX_API_PORT: The port to bind the Ceryx API (default: 5555)
  • CERYX_DEBUG: Enable debug logs for Ceryx API (default: true)
  • CERYX_DISABLE_LETS_ENCRYPT: Disable automatic Let's Encrypt HTTPS certificate generation (default: false)
  • CERYX_DNS_RESOLVER: The IP of the DNS resolver to use (default: 127.0.0.11 — the Docker DNS resolver)
  • CERYX_DOCKERIZE_EXTRA_ARGS: Extra arguments, to pass to dockerize (default: None)
  • CERYX_MAX_REQUEST_BODY_SIZE: The maximum body size allowed for an incoming request to Ceryx (default: 100m — 100 megabytes)
  • CERYX_REDIS_HOST: The Redis host to use as backend (default: 127.0.0.1)
  • CERYX_REDIS_PASSWORD: Optional password to use for authenticating with Redis (default: None)
  • CERYX_REDIS_PORT: The where Redis should be reached (default: 6379)
  • CERYX_REDIS_PREFIX: The prefix to use in Ceryx-related Redis keys (default: ceryx)
  • CERYX_REDIS_TIMEOUT: The timeout for all Redis operations, including the intial connection to Redis, specified in milliseconds (default: 100)
  • CERYX_SSL_DEFAULT_CERTIFICATE: The path to the fallback SSL certificate (default: /etc/ceryx/ssl/default.crt — randomly generated at build time)
  • CERYX_SSL_DEFAULT_KEY: The path to the fallback SSL certificate key (default: /etc/ceryx/ssl/default.key — randomly generated at build time)

Adjusting log level

Ceryx will output logs of level to equal or higher of info by default. Setting CERYX_DEBUG to true will also output logs of debug level.

Not running Ceryx as container?

👋 Heads up! Ceryx is designed to be run inside a container using Docker or similar tools.

If you're not running Ceryx using the official sourcelair/ceryx image, you'll need to take care of configuration file generation yourself. Take a look at entrypoint.sh to get ideas.

Dynamic SSL certificates

By default, Ceryx will try to generate a certificate when a domain is hit via HTTPS through Let's Encrypt, if and only if a route exists for it. To disable this behavior, set CERYX_DISABLE_LETS_ENCRYPT to true.

Quick start

You can start using Ceryx in a few seconds!

Requirements

Before getting started, make sure you have the following:

  1. A computer accessible from the internet with Docker (docs) and Docker Compose (docs)
  2. At least one domain (or subdomain) resolving to the computer's public IP addtess

Running Ceryx

Just run the following command to run Ceryx in the background:

docker-compose up -d

Running Ceryx in Kubernetes

Kubernetes Requirements

  1. A Kubernetes cluster deployed with a public facing IP. Kubectl, Helm installed on your machine. Tiller installed on the cluster.

  2. At least one domain/subdomain (or even a wildcard A record) resolving to the cluster IP address.

  3. Edit the values file in .k8s/ceryx/values.yaml to suit your deployment needs.

cd k8s

helm install --debug --generate-name --values <path to your value file> ./ceryx

Recommend: Add --dry-run to the above before deploying to check generated yaml.

Exposing the API to the public

👋 Heads up! Don't ever do this in production! Anyone from the internet will be able to access the Ceryx API and mess with it. It's useful for development/testing though.

To access (and therefore 🐶 dogfood) the Ceryx API via Ceryx' proxy, set the CERYX_API_HOSTNAME setting and run the following command in your terminal:

docker-compose exec api bin/populate-api

The Ceryx API

Add a new route to Ceryx

curl -H "Content-Type: application/json" \
     -X POST \
     -d '{"source":"publicly.accessible.domain","target":"http://service.internal:8000"}' \
     http://ceryx-api-host/api/routes

Update a route in Ceryx

curl -H "Content-Type: application/json" \
     -X PUT \
     -d '{"source":"publicly.accessible.domain","target":"http://another-service.internal:8000"}' \
     http://ceryx-api-host/api/routes/publicly.accessible.domain

Delete a route from Ceryx

curl -H "Content-Type: application/json" \
     -X DELETE \
     http://ceryx-api-host/api/routes/publicly.accessible.domain

Enforce HTTPS

You can enforce redirection from HTTP to HTTPS for any host you would like.

curl -H "Content-Type: application/json" \
     -X POST \
     -d '{"source":"publicly.accessible.domain","target":"http://service.internal:8000", "settings": {"enforce_https": true}}' \
     http://ceryx-api-host/api/routes

The above functionality works in PUT update requests as well.

Redirect to target, instead of proxying

Instead of proxying the request to the targetm you can prompt the client to redirect the request there itself.

curl -H "Content-Type: application/json" \
     -X POST \
     -d '{"source":"sourcelair.com","target":"https://www.sourcelair.com", "settings": {"mode": "redirect"}}' \
     http://ceryx-api-host/api/routes

Ceryx web UI

The Ceryx Web community project provides a sweet web UI

Real-world uses

Ceryx has proven to be extremely reliable in production systems, handling tens of thousands of routes in its backend. Some of them are:

  • SourceLair: In-browser IDE for web applications, made publicly accessible via development web servers powered by Ceryx.
  • Stolos: Managed Docker development environments for enterprises.

Do you use Ceryx in production as well? Please open a Pull Request to include it here. We would love to have it in our list.

Origin

Ceryx started in SourceLair to help provide tens of thousands of users with a unique public URL (subdomain) for each one of their projects. Initial development had different stages; from using tproxy, Twisted and bare NGINX as a proxy and backends ranging from MongoDB to etcd.

After a lot of experimentation, we have ended up in using OpenResty as the proxy and Redis as the backend. This solution has served us and we are now developing it in the open as an open source project.

License

Ceryx is MIT licensed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].