sundry

v0.3.3

Published

2 years ago

A dynamically configurable, load balancing, reverse proxy.

Downloads

0High
0Medium
0Low

paperelectron

router http proxy round-robin

Sundry

The respectably rugged, remarkably reliable, reconfigurable, round-robin reverse proxy.

Sundry is a caching, dynamically configurable, reverse proxy, written in NodeJS and backed by redis.

Cool Stuff

Dynamically add and remove hosts and backends with 0 downtime.
Wildcard https, http -> https redirect built in.
Centralize request logging and error handling without exposing backend errors.
Programically control backend access in real time.

Features

Separate CLI app to view and manage hosts and routes.
Really, Really fast, workload is very nearly 100% Asyncronous (Aside from a couple of ifs and assigments on each request)
System Daemon, can drop privleges to bind to ports 80 and 443, or use Authbind.

Installation and setup

Requirements

Redis server (with events enabled)
- Preferably local to the Sundry server, bare minimum on the local network.
- "notify-keyspace-events"
- With "gsE" events enabled.
- More Info on Redis keyspace events
NodeJS v.11.0 +
AuthBind for port 80/443 bindings as non root user.
Upstart for running as a system daemon.

Install Sundry

Installation

$ npm install -g sundry

Configuration

Sundry relies on several configuration values, all of which can be provided in two ways.

Enviornment Variables. (Useful for running as a system daemon)
Values in $HOME/.sundry/config.json

You can generate a skeleton config by running...

$ sundry config build

This will create ~/.sundry/, ~/.sundry/ssl and ~/.sundry/config.json

Default files

Sundry uses some generic files for its default host, 404 and 500 error pages. You can override any of these by placing the correctly named file in ~/.sundry/html/<index/404/5xx>.html

Run Sundry

Production (some recent flavor of Ubuntu assumed.)

Create a new system user

$ sudo adduser --disabled-password sundry

Build default config (Optional)

$ sudo su -- sundry
$ sundry config build

Install/configure authbind

$ sudo apt-get install authbind
$ sudo touch /etc/authbind/byport/80 /etc/authbind/byport/443
$ sudo chown sundry:sundry /etc/authbind/byport/80 /etc/authbind/byport/443
$ sudo chmod 755 /etc/authbind/byport/80 /etc/authbind/byport/443

Create sundry.conf upstart file.

$ sudo touch /etc/init/sundry.conf
$ sudo <vi/emacs/nano/ed> /etc/init/sundry.conf
# no flame wars here

description "Sundry Dynamic Router"
author      "PaperElectron"

start on (local-filesystems and net-device-up IFACE=eth0)
stop on shutdown

# Automatically Respawn:
respawn
respawn limit 5 60

script
  export HOME=/home/sundry
  export NODE_ENV=production
  exec start-stop-daemon --start -u sundry --exec /usr/bin/authbind sundry start
end script

Test / Development

Generate a self signed cert.

Browsers will flag this as an insecure certificate.

$ cd ~/.sundry/ssl
$ openssl genrsa -out key.pem 2048
$ openssl req -new -key key.pem -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey key.pem -out cert.pem