mc/mc-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d63859c28f737c991c0b39a34b8ef3278bb37d41
mc-proxy/README.md
Kyle Isom c7024dcdf0 Initial implementation of mc-proxy 
Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking),
per-listener route tables, bidirectional TCP relay with half-close
propagation, and a gRPC admin API (routes, firewall, status) with
TLS/mTLS support.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 02:56:24 -07:00

728 B
Raw Blame History

mc-proxy is a TLS proxy and router for Metacircular Dynamics projects; it follows the Metacircular Engineering Standards.

Metacircular services are deployed to a machine that runs these projects as containers. The proxy should do a few things:

  1. It should have a global firewall front-end. It should allow a few things:

    1. Per-country blocks using GeoIP for compliance reasons.
    2. Normal IP/CIDR blocks. Note that a proxy has an explicit port setting, so the firewall doesn't need to consider ports.
    3. For endpoints marked as HTTPS, we should consider how to do user-agent blocking.

  2. It should inspect the hostname and route that to the proper container, similar to how haproxy would do it.

Reference in New Issue View Git Blame Copy Permalink