mc-proxy is a TLS proxy and router for Metacircular Dynamics projects;
it follows the Metacircular Engineering Standards.

Metacircular services are deployed to a machine that runs these projects
as containers. The proxy should do a few things:

1. It should have a global firewall front-end. It should allow a few
   things:

   1. Per-country blocks using GeoIP for compliance reasons.
   2. Normal IP/CIDR blocks. Note that a proxy has an explicit port
      setting, so the firewall doesn't need to consider ports.
   3. For endpoints marked as HTTPS, we should consider how to do
      user-agent blocking.

2. It should inspect the hostname and route that to the proper
   container, similar to how haproxy would do it.