Open source a small http / HTTPS gateway program minigateway based on go language

Time:2021-1-26

Mingateway was originally a small program based on the reverse proxy function of go language. In the process of using it, it gradually enriched some functions and became a small gateway program. I feel that it can basically meet the needs of small websites and apps, and replace nginx to a certain extent. If there is a demand that has not been provided at present, it is more convenient to develop on this basis, so it is open source. If you have any problems in use, please raise issue and welcome to star

Open source address: https://github.com/ccynet/minGateway

advantage:

  • Deployment is simple, the program only has a single file, support multiple operating systems, copy and play
  • Excellent performance, easy to achieve tens of thousands of forwarding per second
  • Good scalability, easy to expand according to their own business (mainly due to the small amount of code)

Function:

  • Load balancing: support three target routing modes, random, polling and hash
  • Multiple forwarding rules: support pre comma and post comma pan routing forwarding
  • Current limiting: set the maximum number of connections to achieve current limiting function
  • CC attack (challenge collapsar) defense: after opening, record frequently accessed IP, add it to the blacklist, and have certain CC defense ability
  • Access restriction: the number of requests to access the same URL with the same IP within a time range will be limited after opening, and those exceeding the limit will be discarded
  • HTTP (s) reverse proxy: the gateway handles the encrypted connection of HTTPS, and the back-end server only needs to provide non encrypted HTTP service
  • OCSP: configurable OCSP stacking function
  • Management API: Currently, it’s a chicken rib. You can only get the number you’re currently accessing. You need to expand it yourself

Pressure measurement data:

Intranet environment:

  • Gateway server (4-core 8g CentOS 7. X), Tomcat server (8-core 16g Contos 7. X)
  • Tomcat provides the “get / Ping” request and returns the string “Pong”
  • One request in 70 microseconds, about 14285 requests per second, lasting for 1 minute

Test results:

  • Tomcat direct pressure result: a total of 823842 successful results and 0 failures were returned, about 13730 successful results per second
  • Forward through mingateway: 606926 successful results are returned, 0 failures, about 10115 successful results per second

In addition, this test is in the case that both Tomcat and mingateway console are open for printing. If you optimize the test data, it should be better.

usage method:

  1. Configure the go compilation environment. The library is compiled in go 1.14
  2. Get code:go get github.com/ccynet/minGateway
  3. Download dependency:cd minGateway && go mod tidy
  4. Compiler:go build
  5. Modify the configuration file: the configuration file is in the bin / configs / directory of mingateway
  6. If the TLS certificate needs to be set, the certificate file is saved in the bin / Cert / directory of the project, and the corresponding settings are made in the configuration file
  7. To run the compiled program, make sure that the executable file is placed in the same level of bin folder

Attached configuration file example:

#Server settings
[core]
#If the maximum number of connections is 0, the current is not limited
limitMaxConn = 30000
#Read timeout: the time limit for reading the head and body of the message. If it is 0, there is no timeout, in seconds
readTimeout = 5
#Write timeout: the time limit from reading the message to returning the message. If it is 0, there is no timeout, unit: seconds
writeTimeout = 30
#Idle timeout. Idletimeout is the longest time to wait for the next request after the keep alive state is enabled (enabled by default).
#If idletimeout is zero, the value of readtimeout is used. If both are zero, there is no timeout. Unit second
idleTimeout = 60
#If the maximum header byte is 0, the default value of 1024k will be used, here 131072 = 128K
maxHeaderBytes = 131072
#Set the name of the IP forwarding field in the read message header and search in the order of the array. If it is empty, the IP address of the TCP connection will be obtained
#If the message is forwarded through the front-end proxy server or CDN, you need to obtain the IP address from the message header (pay attention to ensure the authenticity of the IP)
ipForwardeds = ["Ali-Cdn-Real-Ip","X-Forwarded-For","X-Real-Ip","X-Real-IP"]

#CC defense (challenge collapsar)
#If it is set to access 100 times in 3000 millisecond, the IP will be blacklisted for 3600 seconds
[ccDefense]
#Open or not
enable = true
#Check within this time (unit: ms)
timeDuration = 3000
#Number of visits allowed
count = 100
#Time to put into blacklist (unit: seconds)
blackTime = 3600
#IP white list
whiteList = ["56.127.44.121","56.127.44.122"]
#IP blacklist
IPBlackList = []

#Restrict request configuration
#Limit the number of requests to access the same URL with the same IP within a time range, and those exceeding the limit will be discarded
[limitReq]
#Open or not
enable = true
#Check within this time (unit: ms)
timeDuration = 1000
#Number of visits allowed
count = 1
#0: does not contain parameters 1: contains parameters (when it is 0, the scope is wider)
mode = 0

#Log settings
[log]
#Set the lowest loglevel: debug, info, warn, error, fatal, panic
logLevel = "debug"
#Open write file
writeFile = true
#The directory where log files are stored. If it is not empty, it is the absolute path. If it is empty, it is the relative path in bin / logs / of the program
fileDir = ""

#Proxy settings
[proxyInfo]

#API server
[proxyInfo.shop]
#There is a point at the end of the pan parsing, all the beginning of the alogin go here
host = "alogin."
#Here are two servers, separated by commas
target = ["http://172.226.10.17:8080","http://172.226.10.19:8080"]
#Server selection mode, 1: random mode, 2: polling mode, 3: consistent hash mode; if not set, random mode will be used
obtainMode = 3

#API server
[proxyInfo.alogin]
host = "alogin.obtc.com"
target = ["http://172.226.10.17:8080","http://172.226.10.19:8080"]
obtainMode = 3

#Management background
[proxyInfo.admin]
host = "admin.obtc.com"
target = ["http://172.226.10.19:9150"]

The official account of WeChat
[proxyInfo.wxpay]
host = "wxpay."
target = ["http://172.226.10.17:9101"]

#Open platform, apple pull wechat
[proxyInfo.wxpaypay]
host = "wxpaypay.obtc.com"
target = ["http://172.226.10.17:9103"]

#Simple website and privacy protocol
[proxyInfo.service]
host = "service.obtc.com"
target = ["http://172.226.10.17:9102"]

#I didn't even find it. Go here
[proxyInfo.default]
host = "default"
target = ["http://172.226.10.17:8080"]


[sslBase]
sessionTicket = true

#SSL certificate file
[sslCert]

[sslCert.wxpaypay_obtc_com]
ssl_certificate = "wxpaypay.obtc.com.crt"
ssl_certificate_key = "wxpaypay.obtc.com.key"
ocsp_stapling = true
ocsp_stapling_local = true
ocsp_stapling_file = "wxpaypay.obtc.com.ocsp"

[sslCert.wxpaypay_lidu_com]
ssl_certificate = "wxpaypay.lidu.com.crt"
ssl_certificate_key = "wxpaypay.lidu.com.key"

Recommended Today

Practice of query operation of database table (Experiment 3)

Following the previous two experiments, this experiment is to master the use of select statements for various query operations: single table query, multi table connection and query, nested query, set query, to consolidate the database query operation.Now follow Xiaobian to practice together!Based on the data table (student, course, SC, teacher, TC) created and inserted in […]