Kyle Isom
c7024dcdf0
Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking), per-listener route tables, bidirectional TCP relay with half-close propagation, and a gRPC admin API (routes, firewall, status) with TLS/mTLS support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mc-proxy is a TLS proxy and router for Metacircular Dynamics projects; it follows the Metacircular Engineering Standards.
Metacircular services are deployed to a machine that runs these projects as containers. The proxy should do a few things:
-
It should have a global firewall front-end. It should allow a few things:
- Per-country blocks using GeoIP for compliance reasons.
- Normal IP/CIDR blocks. Note that a proxy has an explicit port setting, so the firewall doesn't need to consider ports.
- For endpoints marked as HTTPS, we should consider how to do user-agent blocking.
-
It should inspect the hostname and route that to the proper container, similar to how haproxy would do it.