Kyle Isom
c7024dcdf0
Layer 4 TLS SNI proxy with global firewall (IP/CIDR/GeoIP blocking), per-listener route tables, bidirectional TCP relay with half-close propagation, and a gRPC admin API (routes, firewall, status) with TLS/mTLS support. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
20 lines
728 B
Markdown
20 lines
728 B
Markdown
mc-proxy is a TLS proxy and router for Metacircular Dynamics projects;
|
|
it follows the Metacircular Engineering Standards.
|
|
|
|
Metacircular services are deployed to a machine that runs these projects
|
|
as containers. The proxy should do a few things:
|
|
|
|
1. It should have a global firewall front-end. It should allow a few
|
|
things:
|
|
|
|
1. Per-country blocks using GeoIP for compliance reasons.
|
|
2. Normal IP/CIDR blocks. Note that a proxy has an explicit port
|
|
setting, so the firewall doesn't need to consider ports.
|
|
3. For endpoints marked as HTTPS, we should consider how to do
|
|
user-agent blocking.
|
|
|
|
2. It should inspect the hostname and route that to the proper
|
|
container, similar to how haproxy would do it.
|
|
|
|
|