Initial implementation of mc-proxy

Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking), per-listener route tables, bidirectional TCP relay with half-close propagation, and a gRPC admin API (routes, firewall, status) with TLS/mTLS support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 02:56:24 -07:00
commit c7024dcdf0
23 changed files with 2693 additions and 0 deletions
--- a/15
+++ b/15
@@ -0,0 +1,15 @@
+FROM golang:1.24-alpine AS builder
+
+WORKDIR /build
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o mc-proxy ./cmd/mc-proxy
+
+FROM alpine:3.21
+
+RUN addgroup -S mc-proxy && adduser -S mc-proxy -G mc-proxy
+COPY --from=builder /build/mc-proxy /usr/local/bin/mc-proxy
+
+USER mc-proxy
+ENTRYPOINT ["mc-proxy"]