Initial implementation of mc-proxy
Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking), per-listener route tables, bidirectional TCP relay with half-close propagation, and a gRPC admin API (routes, firewall, status) with TLS/mTLS support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
19
README.md
Normal file
19
README.md
Normal file
@@ -0,0 +1,19 @@
|
||||
mc-proxy is a TLS proxy and router for Metacircular Dynamics projects;
|
||||
it follows the Metacircular Engineering Standards.
|
||||
|
||||
Metacircular services are deployed to a machine that runs these projects
|
||||
as containers. The proxy should do a few things:
|
||||
|
||||
1. It should have a global firewall front-end. It should allow a few
|
||||
things:
|
||||
|
||||
1. Per-country blocks using GeoIP for compliance reasons.
|
||||
2. Normal IP/CIDR blocks. Note that a proxy has an explicit port
|
||||
setting, so the firewall doesn't need to consider ports.
|
||||
3. For endpoints marked as HTTPS, we should consider how to do
|
||||
user-agent blocking.
|
||||
|
||||
2. It should inspect the hostname and route that to the proper
|
||||
container, similar to how haproxy would do it.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user