├── .gitignore ├── LICENSE.txt ├── README.md ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat └── src ├── dist ├── README └── proxy.yml ├── main ├── java │ └── backflow │ │ ├── BalancerHandler.java │ │ ├── BasicAuthHandler.java │ │ ├── ProxyConfig.java │ │ ├── ProxyServer.java │ │ └── UndertowHelpers.java └── resources │ └── proxy.yml └── test ├── java └── backflow │ └── ProxyServerTest.java └── resources └── proxy.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | target/* 3 | *.iml 4 | .gradle/ 5 | build/ 6 | *.jar 7 | bin/ 8 | .DS_Store 9 | 10 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Andrejs Jermakovics 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this library except in compliance with the License. 4 | You may obtain a copy of the License at 5 | 6 | [www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0) 7 | 8 | Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Backflow [![CircleCI](https://circleci.com/gh/ajermakovics/backflow.svg?style=svg)](https://circleci.com/gh/ajermakovics/backflow) [![Release](https://img.shields.io/github/release/ajermakovics/backflow.svg?colorB=green)](https://github.com/ajermakovics/backflow/releases) 2 | 3 | A load balancing reverse proxy server with an API. Supports adding/removing backends on-the-fly without restarts. 4 | 5 | # Install 6 | 7 | Download from [releases](https://github.com/ajermakovics/backflow/releases) and unzip 8 | 9 | # Configuration 10 | 11 | Edit proxy.yml 12 | 13 | ```yml 14 | server: 15 | port: 8000 # proxy listen port 16 | backends: http://127.0.0.1:8090 http://127.0.0.1:8091 # List of hosts to forward requests to (in round-robin) 17 | maxRequestTime: 30000 # -1 to disable 18 | ioThread: 4 19 | backlog: 1000 20 | rewriteHostHeader: false 21 | reuseXForwarded: true 22 | connectionsPerThread: 20 23 | workerThreads: 16 # default: Runtime.getRuntime().availableProcessors()*8 24 | workerTaskMaxThreads : 16 # default: workerThreads 25 | sslPort: 8443 26 | keystore: /path/to/keystore.jks 27 | keystorePassword: secret 28 | 29 | # Users for accesing the API 30 | users: 31 | admin: secretPassword 32 | ``` 33 | 34 | All requests incoming on port 8000 will be forwarded to one of the backends. 35 | 36 | # Running 37 | 38 | `./bin/backflow` 39 | 40 | # API 41 | 42 | Backflow has a HTTP based API to add/remove backends. 43 | Changes are applied dynamically without restarting the server. 44 | 45 | ## Add a new backend 46 | 47 | `curl -uadmin:secretPassword http://localhost:8000/lb -XPOST -d 'http://new.backend.example.com'` 48 | 49 | ## Remove an existing 50 | 51 | `curl -uadmin:secretPassword http://localhost:8000/lb -XDELETE -d 'http://some.backend.example.com'` 52 | 53 | ## List current backends 54 | 55 | `curl -uadmin:secretPassword http://localhost:8000/lb` 56 | 57 | # Build from source 58 | 59 | `./gradlew distZip` 60 | or 61 | `./gradlew distTar` 62 | 63 | # License 64 | 65 | Apache 2.0 66 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | buildscript { 2 | repositories { 3 | mavenCentral() 4 | } 5 | dependencies { 6 | classpath 'org.ajoberstar:grgit:1.4.+' 7 | } 8 | } 9 | ext { 10 | git = org.ajoberstar.grgit.Grgit.open() 11 | } 12 | 13 | apply plugin: 'java' 14 | apply plugin: 'application' 15 | apply plugin: 'maven' 16 | 17 | version ext.git.describe() ?: 'dev' 18 | mainClassName = "backflow.ProxyServer" 19 | 20 | println "Version: ${version}" 21 | 22 | repositories { 23 | mavenCentral() 24 | maven { url 'https://jitpack.io' } 25 | } 26 | 27 | dependencies { 28 | compile 'io.undertow:undertow-core:1.3.23.Final' 29 | compile 'org.mortbay.jetty.alpn:alpn-boot:8.1.3.v20150130' 30 | compile 'org.yaml:snakeyaml:1.17' 31 | compile 'org.andrejs:json:1.0.0' 32 | 33 | testCompile 'junit:junit:4.11' 34 | testCompile 'io.rest-assured:rest-assured:3.0.2' 35 | } 36 | 37 | jar { 38 | manifest { 39 | attributes 'Implementation-Title': project.name, 'Implementation-Version': version 40 | attributes "Main-Class": mainClassName 41 | attributes 'Class-Path': configurations.runtime.collect { it.name }.join(' ') 42 | } 43 | } 44 | 45 | startScripts { 46 | classpath = files('$APP_HOME/lib/' + jar.archiveName) 47 | } -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ajermakovics/backflow/d6bf8e49087079671457137c2f43196f16cc515b/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Wed Feb 01 14:01:34 GMT 2017 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 10 | DEFAULT_JVM_OPTS="" 11 | 12 | APP_NAME="Gradle" 13 | APP_BASE_NAME=`basename "$0"` 14 | 15 | # Use the maximum available, or set MAX_FD != -1 to use that value. 16 | MAX_FD="maximum" 17 | 18 | warn ( ) { 19 | echo "$*" 20 | } 21 | 22 | die ( ) { 23 | echo 24 | echo "$*" 25 | echo 26 | exit 1 27 | } 28 | 29 | # OS specific support (must be 'true' or 'false'). 30 | cygwin=false 31 | msys=false 32 | darwin=false 33 | case "`uname`" in 34 | CYGWIN* ) 35 | cygwin=true 36 | ;; 37 | Darwin* ) 38 | darwin=true 39 | ;; 40 | MINGW* ) 41 | msys=true 42 | ;; 43 | esac 44 | 45 | # Attempt to set APP_HOME 46 | # Resolve links: $0 may be a link 47 | PRG="$0" 48 | # Need this for relative symlinks. 49 | while [ -h "$PRG" ] ; do 50 | ls=`ls -ld "$PRG"` 51 | link=`expr "$ls" : '.*-> \(.*\)$'` 52 | if expr "$link" : '/.*' > /dev/null; then 53 | PRG="$link" 54 | else 55 | PRG=`dirname "$PRG"`"/$link" 56 | fi 57 | done 58 | SAVED="`pwd`" 59 | cd "`dirname \"$PRG\"`/" >/dev/null 60 | APP_HOME="`pwd -P`" 61 | cd "$SAVED" >/dev/null 62 | 63 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 64 | 65 | # Determine the Java command to use to start the JVM. 66 | if [ -n "$JAVA_HOME" ] ; then 67 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 68 | # IBM's JDK on AIX uses strange locations for the executables 69 | JAVACMD="$JAVA_HOME/jre/sh/java" 70 | else 71 | JAVACMD="$JAVA_HOME/bin/java" 72 | fi 73 | if [ ! -x "$JAVACMD" ] ; then 74 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 75 | 76 | Please set the JAVA_HOME variable in your environment to match the 77 | location of your Java installation." 78 | fi 79 | else 80 | JAVACMD="java" 81 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 82 | 83 | Please set the JAVA_HOME variable in your environment to match the 84 | location of your Java installation." 85 | fi 86 | 87 | # Increase the maximum file descriptors if we can. 88 | if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then 89 | MAX_FD_LIMIT=`ulimit -H -n` 90 | if [ $? -eq 0 ] ; then 91 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 92 | MAX_FD="$MAX_FD_LIMIT" 93 | fi 94 | ulimit -n $MAX_FD 95 | if [ $? -ne 0 ] ; then 96 | warn "Could not set maximum file descriptor limit: $MAX_FD" 97 | fi 98 | else 99 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 100 | fi 101 | fi 102 | 103 | # For Darwin, add options to specify how the application appears in the dock 104 | if $darwin; then 105 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 106 | fi 107 | 108 | # For Cygwin, switch paths to Windows format before running java 109 | if $cygwin ; then 110 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 111 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 112 | JAVACMD=`cygpath --unix "$JAVACMD"` 113 | 114 | # We build the pattern for arguments to be converted via cygpath 115 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 116 | SEP="" 117 | for dir in $ROOTDIRSRAW ; do 118 | ROOTDIRS="$ROOTDIRS$SEP$dir" 119 | SEP="|" 120 | done 121 | OURCYGPATTERN="(^($ROOTDIRS))" 122 | # Add a user-defined pattern to the cygpath arguments 123 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 124 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 125 | fi 126 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 127 | i=0 128 | for arg in "$@" ; do 129 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 130 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 131 | 132 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 133 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 134 | else 135 | eval `echo args$i`="\"$arg\"" 136 | fi 137 | i=$((i+1)) 138 | done 139 | case $i in 140 | (0) set -- ;; 141 | (1) set -- "$args0" ;; 142 | (2) set -- "$args0" "$args1" ;; 143 | (3) set -- "$args0" "$args1" "$args2" ;; 144 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 145 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 146 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 147 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 148 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 149 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 150 | esac 151 | fi 152 | 153 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules 154 | function splitJvmOpts() { 155 | JVM_OPTS=("$@") 156 | } 157 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS 158 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" 159 | 160 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" 161 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 12 | set DEFAULT_JVM_OPTS= 13 | 14 | set DIRNAME=%~dp0 15 | if "%DIRNAME%" == "" set DIRNAME=. 16 | set APP_BASE_NAME=%~n0 17 | set APP_HOME=%DIRNAME% 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | if "%@eval[2+2]" == "4" goto 4NT_args 53 | 54 | :win9xME_args 55 | @rem Slurp the command line arguments. 56 | set CMD_LINE_ARGS= 57 | set _SKIP=2 58 | 59 | :win9xME_args_slurp 60 | if "x%~1" == "x" goto execute 61 | 62 | set CMD_LINE_ARGS=%* 63 | goto execute 64 | 65 | :4NT_args 66 | @rem Get arguments from the 4NT Shell from JP Software 67 | set CMD_LINE_ARGS=%$ 68 | 69 | :execute 70 | @rem Setup the command line 71 | 72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 73 | 74 | @rem Execute Gradle 75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 76 | 77 | :end 78 | @rem End local scope for the variables with windows NT shell 79 | if "%ERRORLEVEL%"=="0" goto mainEnd 80 | 81 | :fail 82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 83 | rem the _cmd.exe /c_ return code! 84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 85 | exit /b 1 86 | 87 | :mainEnd 88 | if "%OS%"=="Windows_NT" endlocal 89 | 90 | :omega 91 | -------------------------------------------------------------------------------- /src/dist/README: -------------------------------------------------------------------------------- 1 | Backflow reverse proxy 2 | 3 | Start 4 | ===== 5 | 6 | ./bin/backflow 7 | 8 | Configure 9 | ========= 10 | 11 | Edit proxy.yml 12 | -------------------------------------------------------------------------------- /src/dist/proxy.yml: -------------------------------------------------------------------------------- 1 | server: 2 | port: 8000 # (optional if using sslPort) 3 | host: 0.0.0.0 # (optional) 4 | backends: http://127.0.0.1:8090 http://127.0.0.1:8091 5 | maxRequestTime: -1 6 | ioThread: 4 7 | backlog: 1000 8 | rewriteHostHeader: false 9 | reuseXForwarded: true 10 | connectionsPerThread: 20 11 | # sslPort: 8443 12 | # keystore: /path/to/keystore.jks 13 | # keystorePassword: secret 14 | # workerThreads: 16 # default: Runtime.getRuntime().availableProcessors()*8 15 | # workerTaskMaxThreads : 16 # default: workerThreads 16 | 17 | # Users for interacting with the API 18 | users: 19 | admin: secretPassword -------------------------------------------------------------------------------- /src/main/java/backflow/BalancerHandler.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | import io.undertow.server.HttpHandler; 4 | import io.undertow.server.HttpServerExchange; 5 | import io.undertow.server.handlers.proxy.LoadBalancingProxyClient; 6 | import io.undertow.util.Headers; 7 | import org.andrejs.json.Json; 8 | import org.jboss.logging.Logger; 9 | 10 | import java.net.URI; 11 | import java.util.Set; 12 | import java.util.concurrent.ConcurrentSkipListSet; 13 | 14 | 15 | public class BalancerHandler implements HttpHandler { 16 | 17 | private static final Logger log = Logger.getLogger(BalancerHandler.class.getSimpleName()); 18 | 19 | private LoadBalancingProxyClient lb; 20 | private Set backends = new ConcurrentSkipListSet<>(); 21 | 22 | public BalancerHandler(LoadBalancingProxyClient lb, String... backendHosts) { 23 | this.lb = lb; 24 | for (String backend : backendHosts) { 25 | addBackend(backend); 26 | } 27 | } 28 | 29 | private void addBackend(String backend) { 30 | try { 31 | lb.addHost(new URI(backend)); 32 | backends.add(backend); 33 | log.info("Added load balancer backend: " + backend); 34 | } catch (Exception e) { 35 | log.error("Error adding backend: " + backend, e); 36 | throw new IllegalArgumentException(e); 37 | } 38 | } 39 | 40 | private void removeBackend(String backend) { 41 | try { 42 | if (backends.remove(backend)) { 43 | lb.removeHost(new URI(backend)); 44 | log.info("Removed load balancer backend: " + backend); 45 | } 46 | } catch (Exception e) { 47 | log.error("Error removing backend: " + backend, e); 48 | throw new IllegalArgumentException(e); 49 | } 50 | } 51 | 52 | @Override 53 | public void handleRequest(HttpServerExchange req) throws Exception { 54 | req.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json"); 55 | switch (req.getRequestMethod().toString()) { 56 | case "GET": 57 | req.getResponseSender() 58 | .send(new Json("backends", backends).toString()); 59 | break; 60 | case "POST": 61 | req.getRequestReceiver().receiveFullString((exch, body) -> { 62 | addBackend(body); 63 | req.getResponseSender().send(new Json("status", "ok").toString()); 64 | }); 65 | break; 66 | case "DELETE": 67 | req.getRequestReceiver().receiveFullString((exch, body) -> { 68 | removeBackend(body); 69 | req.getResponseSender().send(new Json("status", "ok").toString()); 70 | }); 71 | break; 72 | default: 73 | req.setStatusCode(405); 74 | req.getResponseSender().send("error"); 75 | } 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /src/main/java/backflow/BasicAuthHandler.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | import io.undertow.server.HttpHandler; 4 | import io.undertow.server.HttpServerExchange; 5 | 6 | import java.util.Base64; 7 | import java.util.Map; 8 | import java.util.Set; 9 | import java.util.stream.Collectors; 10 | 11 | public class BasicAuthHandler implements HttpHandler { 12 | 13 | private final HttpHandler next; 14 | private final Set authentications; 15 | 16 | public BasicAuthHandler(Map users, HttpHandler next) { 17 | 18 | this.next = next; 19 | authentications = users.entrySet().stream() 20 | .map(e -> (e.getKey() + ":" + e.getValue()).getBytes()) 21 | .map(Base64.getEncoder()::encode) 22 | .map(auth -> "Basic " + new String(auth)) 23 | .collect(Collectors.toSet()); 24 | } 25 | 26 | @Override 27 | public void handleRequest(HttpServerExchange req) throws Exception { 28 | String auth = req.getRequestHeaders().getFirst("Authorization"); 29 | 30 | if(authentications.contains(auth)) { 31 | next.handleRequest(req); 32 | } else { 33 | req.setStatusCode(401); 34 | req.getResponseSender().send("Unauthorized"); 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/backflow/ProxyConfig.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | 4 | import org.andrejs.json.Json; 5 | import org.jboss.logging.Logger; 6 | import org.yaml.snakeyaml.Yaml; 7 | 8 | import java.io.IOError; 9 | import java.io.IOException; 10 | import java.io.InputStream; 11 | import java.nio.file.Files; 12 | import java.nio.file.Path; 13 | import java.nio.file.Paths; 14 | import java.util.Map; 15 | import java.util.Properties; 16 | 17 | public class ProxyConfig { 18 | 19 | private static final Logger log = Logger.getLogger(ProxyServer.class.getSimpleName()); 20 | 21 | public static Json loadConfig() { 22 | Properties props = new Properties(); 23 | Yaml yml = new Yaml(); 24 | 25 | Path ymlfile = Paths.get("proxy.yml"); 26 | Map config; 27 | 28 | if(Files.exists(ymlfile)) { 29 | try(InputStream is = Files.newInputStream(ymlfile)) { 30 | config = (Map) yml.load(is); 31 | } catch (IOException e) { 32 | log.error("Could not load " + ymlfile.toAbsolutePath(), e); 33 | throw new IOError(e); 34 | } 35 | log.info("Loaded config from " + ymlfile.toAbsolutePath() + ": " + config); 36 | } else { 37 | ClassLoader classLoader = ProxyConfig.class.getClassLoader(); 38 | config = (Map) yml.load(classLoader.getResourceAsStream("proxy.yml")); 39 | log.info("Loaded config from classpath proxy.yml: " + config); 40 | } 41 | 42 | // flatten(config, props, ""); 43 | return new Json(config); 44 | } 45 | 46 | private static void flatten(Map load, Properties props, String prefix) { 47 | for(String key: load.keySet()) { 48 | Object val = load.get(key); 49 | String pref = prefix.isEmpty() ? "" : prefix + "."; 50 | if(val instanceof Map) 51 | flatten((Map) val, props, pref + key); 52 | else 53 | props.put(pref + key, val.toString()); 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /src/main/java/backflow/ProxyServer.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | import io.undertow.Handlers; 4 | import io.undertow.Undertow; 5 | import io.undertow.server.HttpHandler; 6 | import io.undertow.server.handlers.ResponseCodeHandler; 7 | import io.undertow.server.handlers.proxy.LoadBalancingProxyClient; 8 | import io.undertow.server.handlers.proxy.ProxyHandler; 9 | import org.andrejs.json.Json; 10 | import org.jboss.logging.Logger; 11 | import org.xnio.Options; 12 | 13 | import javax.net.ssl.SSLContext; 14 | import java.security.KeyStore; 15 | 16 | import static backflow.ProxyConfig.loadConfig; 17 | 18 | public class ProxyServer { 19 | 20 | private static final Logger log = Logger.getLogger(ProxyServer.class.getSimpleName()); 21 | 22 | private Undertow undertow; 23 | private final Json config; 24 | 25 | public ProxyServer(Json config) { 26 | this.config = config; 27 | } 28 | 29 | public static void main(final String[] args) throws Exception { 30 | new ProxyServer(loadConfig()).start(); 31 | } 32 | 33 | public void start() throws Exception { 34 | Json serverConfig = config.at("server"); 35 | String host = serverConfig.get("host", "0.0.0.0"); 36 | String backends = serverConfig.get("backends", ""); 37 | int port = serverConfig.get("port", 8000); 38 | int maxRequestTime = serverConfig.get("maxRequestTime", 30000); 39 | int connectionsPerThread = serverConfig.get("connectionsPerThread", 20); 40 | int ioThreads = serverConfig.get("ioThread", 4); 41 | int workerThreads = serverConfig.get("workerThreads", Runtime.getRuntime().availableProcessors() * 8); 42 | int workerTaskMaxThreads = serverConfig.get("workerTaskMaxThreads", workerThreads); 43 | int backlog = serverConfig.get("backlog", 1000); 44 | boolean rewriteHostHeader =serverConfig.get("rewriteHostHeader", false); 45 | boolean reuseXForwarded = serverConfig.get("reuseXForwarded", true); 46 | 47 | LoadBalancingProxyClient loadBalancer = new LoadBalancingProxyClient() 48 | .setConnectionsPerThread(connectionsPerThread); 49 | 50 | Json users = config.at("users"); 51 | HttpHandler loadBalancerApi = new BasicAuthHandler(users, new BalancerHandler(loadBalancer, backends.split("\\s+"))); 52 | ProxyHandler proxyHandler = new ProxyHandler(loadBalancer, maxRequestTime, ResponseCodeHandler.HANDLE_404, rewriteHostHeader, reuseXForwarded); 53 | 54 | HttpHandler handler = Handlers.path() 55 | .addPrefixPath("/lb", loadBalancerApi) 56 | .addPrefixPath("/", proxyHandler); 57 | 58 | Undertow.Builder proxyBuilder = Undertow.builder() 59 | .setIoThreads(ioThreads) 60 | .setWorkerThreads(workerThreads) 61 | .setWorkerOption(Options.WORKER_TASK_MAX_THREADS, workerTaskMaxThreads) 62 | .setSocketOption(Options.BACKLOG, backlog) 63 | .setHandler(handler); 64 | 65 | if(serverConfig.containsKey("port")) { 66 | proxyBuilder.addHttpListener(port, host); 67 | log.info("Started proxy on " + host + ":" + port); 68 | } 69 | 70 | if(serverConfig.containsKey("sslPort")) { 71 | int sslPort = serverConfig.get("sslPort", 443); 72 | String keystorePassword = serverConfig.get("keystorePassword", ""); 73 | KeyStore keyStore = UndertowHelpers.loadKeyStore(serverConfig.get("keystore", ""), keystorePassword); 74 | SSLContext sslContext = UndertowHelpers.newSslContext(keyStore, keystorePassword); 75 | proxyBuilder.addHttpsListener(sslPort, host, sslContext); 76 | log.info("Started SSL proxy on " + host + ":" + sslPort); 77 | } 78 | 79 | this.undertow = proxyBuilder.build(); 80 | undertow.start(); 81 | } 82 | 83 | public void stop() { 84 | undertow.stop(); 85 | } 86 | 87 | } 88 | -------------------------------------------------------------------------------- /src/main/java/backflow/UndertowHelpers.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | 4 | import javax.net.ssl.KeyManager; 5 | import javax.net.ssl.KeyManagerFactory; 6 | import javax.net.ssl.SSLContext; 7 | import javax.net.ssl.TrustManager; 8 | import java.io.InputStream; 9 | import java.nio.file.Files; 10 | import java.nio.file.Paths; 11 | import java.security.KeyStore; 12 | 13 | public class UndertowHelpers { 14 | 15 | public static SSLContext newSslContext(final KeyStore keyStore, String keyStorePw) throws Exception { 16 | KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 17 | keyManagerFactory.init(keyStore, keyStorePw.toCharArray()); 18 | KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); 19 | 20 | SSLContext sslContext = SSLContext.getInstance("TLS"); 21 | sslContext.init(keyManagers, new TrustManager[]{}, null); 22 | 23 | return sslContext; 24 | } 25 | 26 | public static KeyStore loadKeyStore(String storeLoc, String storePw) throws Exception { 27 | InputStream stream = Files.newInputStream(Paths.get(storeLoc)); 28 | if(stream == null) { 29 | throw new IllegalArgumentException("Could not load keystore"); 30 | } 31 | try(InputStream is = stream) { 32 | KeyStore loadedKeystore = KeyStore.getInstance("JKS"); 33 | loadedKeystore.load(is, storePw.toCharArray()); 34 | return loadedKeystore; 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/resources/proxy.yml: -------------------------------------------------------------------------------- 1 | server: 2 | port: 8000 # (optional if using sslPort) 3 | host: 0.0.0.0 # (optional) 4 | backends: http://127.0.0.1:8090 http://127.0.0.1:8091 5 | maxRequestTime: -1 6 | ioThread: 4 7 | backlog: 1000 8 | rewriteHostHeader: false 9 | reuseXForwarded: true 10 | connectionsPerThread: 20 11 | # sslPort: 8443 12 | # keystore: /path/to/keystore.jks 13 | # keystorePassword: secret 14 | # workerThreads: 16 # default: Runtime.getRuntime().availableProcessors()*8 15 | # workerTaskMaxThreads : 16 # default: workerThreads 16 | 17 | # Users for interacting with the API 18 | users: 19 | admin: secretPassword -------------------------------------------------------------------------------- /src/test/java/backflow/ProxyServerTest.java: -------------------------------------------------------------------------------- 1 | package backflow; 2 | 3 | 4 | import io.restassured.specification.RequestSpecification; 5 | import org.hamcrest.Matchers; 6 | import org.junit.After; 7 | import org.junit.Before; 8 | import org.junit.Test; 9 | 10 | import static backflow.ProxyConfig.loadConfig; 11 | import static io.restassured.RestAssured.given; 12 | import static io.restassured.RestAssured.when; 13 | import static org.hamcrest.CoreMatchers.equalTo; 14 | import static org.hamcrest.CoreMatchers.hasItem; 15 | 16 | public class ProxyServerTest { 17 | 18 | ProxyServer proxyServer = new ProxyServer(loadConfig()); 19 | 20 | @Before 21 | public void startProxy() throws Exception { 22 | proxyServer.start(); 23 | } 24 | 25 | @After 26 | public void stopProxy() throws Exception { 27 | proxyServer.stop(); 28 | } 29 | 30 | @Test 31 | public void returnsInitialBackend() { 32 | givenAuth(). 33 | when(). 34 | get("/lb"). 35 | then(). 36 | statusCode(200). 37 | body("backends", hasItem("http://127.0.0.1:9090")); 38 | } 39 | 40 | @Test 41 | public void postAddsNewBackend() { 42 | givenAuth(). 43 | body("http://localhost:9000").post("/lb"); 44 | 45 | givenAuth(). 46 | when(). 47 | get("/lb"). 48 | then(). 49 | statusCode(200). 50 | body("backends", hasItem("http://localhost:9000")); 51 | ; 52 | } 53 | 54 | @Test 55 | public void deleteRemovesBackend() { 56 | givenAuth(). 57 | body("http://127.0.0.1:9090").delete("/lb"); 58 | 59 | givenAuth(). 60 | when(). 61 | get("/lb"). 62 | then(). 63 | statusCode(200). 64 | body("backends", Matchers.empty()); 65 | } 66 | 67 | @Test 68 | public void failesWithoutAuthentication() { 69 | when(). 70 | get("/lb"). 71 | then(). 72 | statusCode(401). 73 | body(equalTo("Unauthorized")); 74 | } 75 | 76 | private RequestSpecification givenAuth() { 77 | return given().auth().preemptive().basic("test", "secret"); 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /src/test/resources/proxy.yml: -------------------------------------------------------------------------------- 1 | server: 2 | port: 8080 3 | backends: http://127.0.0.1:9090 4 | maxRequestTime: 30 5 | 6 | users: 7 | test: secret 8 | --------------------------------------------------------------------------------