Renovate
c5e31336d4
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | git.foxden.network/FoxDen/peercred | require | digest | `6ad453d` -> `d3aa00d` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4yNy4xIiwidXBkYXRlZEluVmVyIjoiNDIuMjcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Reviewed-on: #37 Co-authored-by: Renovate <renovate@foxden.network> Co-committed-by: Renovate <renovate@foxden.network> |
||
|---|---|---|
| .forgejo/workflows | ||
| cmd/uds-proxy | ||
| proxy | ||
| .gitignore | ||
| compute-vendor-hash.sh | ||
| flake.lock | ||
| flake.nix | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
| renovate.json | ||
| vendor-hash.txt | ||
uds-proxy
uds-proxy provides a UNIX domain socket and forwards traffic to HTTP(S) remotes through a customizable connection pool (i.e. using persistent connections).
what for? why? how?
Interacting with microservices often involves communication overhead: Every contact with another service may involve DNS lookups and establishment of a TCP connection plus, most likely, a HTTPS handshake.
This overhead can be costly and especially hard to circumvent for legacy applications -- thus uds-proxy.
uds-proxy creates a UNIX domain socket and forwards communication to one or more remote web servers. In a way, uds-proxy aims a bit at reducing application/API complexity by providing a generic and simple solution for connection pooling.
uds-proxy is implemented in Go, so it runs as native application on any OS supporting Go and UNIX domain sockets (i.e. not on Windows). Critical performance metrics of uds-proxy (request latencies, response codes...) and Go process statistics are exposed through Prometheus client library.
It also provides a way to use UNIX socket authentication on TCP-only services.
For this, uds-proxy provides the X-Auth-User and X-Auth-Group headers.
building / installing uds-proxy
Building requires a local Go 1.11+ installation:
go get -v git.foxden.network/FoxDen/uds-proxy/cmd/uds-proxy
usage
Usage of ./uds-proxy:
-client-timeout int
http client connection timeout [ms] for proxy requests (default 5000)
-force-remote-host string
force all requests to be sent to this host (name or ip)
-idle-timeout int
connection timeout [ms] for idle backend connections (default 90000)
-max-conns-per-host int
maximum number of connections per backend host (default 20)
-max-idle-conns int
maximum number of idle HTTP(S) connections (default 100)
-max-idle-conns-per-host int
maximum number of idle conns per backend (default 15)
-no-log-timestamps
disable timestamps in log messages
-remote-https
remote uses https://
-socket string
path of socket to create
-socket-read-timeout int
read timeout [ms] for -socket (default 5500)
-socket-write-timeout int
write timeout [ms] for -socket (default 5500)
-version
print uds-proxy version
using bash / curl
# without uds-proxy, you would...
time curl -I https://www.google.com/
# with uds-proxy, always ...
# a) talk through socket and
# b) use http:// and let `-remote-https` ensure https is used to connect to remote hosts
time curl -I --unix-socket /tmp/proxied-svc.sock http://www.google.com/
# ... or using socket provided by dockerized uds-proxy:
time curl -I --unix-socket /tmp/mysock_dir/uds-proxy-docker.sock http://www.google.com/
using php / curl
<?php
// without uds-proxy
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/");
curl_exec($ch);
// with uds-proxy
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.google.com/");
curl_setopt($ch, CURLOPT_UNIX_SOCKET_PATH, "/tmp/proxied-svc.sock");
curl_exec($ch);
further socket testing
Mac's (i.e. BSD's) netcat allows to talk to unix domain sockets.
It can be used to e.g. ensure correct behaviour of uds-proxy's
-socket-(read|write)-timeout options. Try nc -U /path/to/uds-proxy.sock.
links
- https://godoc.org/gotest.tools/assert
- https://golang.org/pkg/net/#hdr-Name_Resolution
- https://stackoverflow.com/questions/17948827/reusing-http-connections-in-golang
- https://medium.com/@povilasve/go-advanced-tips-tricks-a872503ac859
- https://github.com/bouk/monkey/blob/master/monkey_test.go
- https://github.com/prometheus/client_golang/blob/master/prometheus/examples_test.go
- https://github.com/prometheus/client_golang/blob/master/prometheus/promhttp/instrument_server.go
alternatives
Obviously, uds-proxy is a kludge. Simply use connection pooling if available!
- for Python and HTTP, simply reuse requests library's session objects and you're set
- for Python and Redis, use a redis.py connection pool
- for Redis and PHP, phpredis supports connection pooling since v4.2.1
- a potentially more sophisticated solution can be found in this TCP vs UDS speed comparison stackoverflow thread: Speedus intercepts relevant system calls, which avoids need for any code changes. However, if I understood correctly, Speedus only helps if services actually sit on the same host system (?).
Maybe look at phantom?
You can also use NGINX to create a UDS HTTP/S pooling forward proxy like uds-proxy. It seems that neither Apache nor Squid (?) are able to do that.
license
MIT