Awesome
Go Proxy Cache
<center>Simple Reverse Proxy with Caching, written in Go, using Redis.
>>> (semi) production-ready <<<
</center>
๐ Support the Project ๐
This project is only maintained by one person, Fabio Cicerchia.
It started as a simple caching service, now it has a lot of pro functionalities just for FREE ๐
Maintaining a project is a very time consuming activity, especially when done alone ๐ช
I really want to make this project better and become super cool ๐
Two commercial versions have been planned: PRO and PREMIUM.
The development of the COMMUNITY version will continue, but priority will be given to the COMMERCIAL versions.
- If you'd like to support this open-source project I'll appreciate any kind of contribution.
- If you'd like to sponsor the commercial version, please get in touch with me.
How it works
When the request is cached:
.---------. .---------. .---------.
| | | | | |
| | | | | |
you --->|---->----|--->---|---->----|--->---|-->--. |
| | | | | | |
<---|----<----|---<---|----<----|---<---|--<--' |
`---------ยด `---------ยด `---------ยด
network go-proxy-cache redis
When the request is not cached:
website
,_,
| |
.---+-+---. .---------. .---------.
| | '-->|--->---|---->----|--->---|-->--, |
| '-<---|---<---|<--, | | | |
| | | | | | | |
you --->|---->----|--->---|---' | | | |
| | | | | | |
<---|----<----|---<---|----<----|---<---|--<--' |
`---------ยด `---------ยด `---------ยด
network go-proxy-cache redis
Features
Small, Pragmatic and Easy to Use
- Dockerized
- Compiled
- Easily Configurable, via YAML or Environment Variables.
- Self-Contained, does not require Go, Git or any other software installed. Just run the binary or the container.
Caching
- Full Page Caching, via Redis.
- Cache Invalidation, by calling HTTP Method
PURGE
on the resource URI. - Cache Bypass, by using the HTTP Header
X-Go-Proxy-Cache-Force-Fresh
the request will always be fresh. - Support Chunking, by replicating exactly the same original amount.
- Selective HTTP Status Codes/Methods, allows caching for different response codes or HTTP methods.
- ETag Support, generating non-weak tags, handling
304 Not Modified
, managing HTTP headersIf-Modified-Since
,If-Unmodified-Since
,If-None-Match
,If-Match
.
ETag wrapper doesn't work well with WebSocket and HTTP/2. - Cache Stampede Prevention, delaying invalidation request to the backend using an extra small random TTL (between 5s and 10s).
- Serving Stale Content, used mainly for avoiding cache stampede, for maximum 10s.
- Upstream DNS Resolution Cache, the upstream hostname will be cached to speed up the response and avoid the DNS resolution at each request.
Load Balancing
- HTTP & HTTPS Forward Traffic
- Load Balancing, uses a list of IPs/Hostnames as load balanced backend servers.
- Multiple Algorithms Available, choose among IP Hash, Least Connections, Random or Round-Robin.
- Support for HTTP Basic Auth, it's possible to provide the HTTP Basic Auth for each endpoint (by specify user:pass in the URL).
Security
- HTTP/2 Support, HTTP/2 Pusher achievable only if upstream implements HTTP header
Link
. Server Push is deprecated (since not really supported in the browsers). - SSL/TLS Certificates via ACME, provides automatic generation of SSL/TLS certificates from Let's Encrypt and any other ACME-based CA.
- Using your own SSL/TLS Certificates, optional.
Reliability
- Healthcheck Endpoint, exposes the route
/healthcheck
(internally). - Upstream Healthcheck, verifies periodically if upstream nodes are healthy.
- Respecting HTTP Cache Headers,
Vary
,ETag
,Cache-Control
andExpires
. - Fully Tested, Unit, Functional & Linted & 0 Race Conditions Detected.
- Cache Circuit Breaker, bypassing Redis when not available.
Scaling
- Multiple domains, override and fine-tune the global settings per domain.
Customisations
- HTTP to HTTPS Redirects, optional, status code to be used when redirecting HTTP to HTTPS.
- GZip Compression, optional.
- Server Timeouts, it is possible to configure in details the server overall timeouts (read, write, headers, handler, idle).
- Fine tuning circuit-breaker and TLS settings, it is possible to adjust the settings about thresholds, timeouts and failure rate.
- Configure error handler, stdout or file.
- Debug/Verbose mode, it is possible to have additional levels of details by settings the flags
-verbose
or-debug
.
Logging
- Request Tracing, each line in logs has a RequestID to easily identify the response flow.
- OpenTelemetry Tracing, each request has a deep tracing with Jaeger (optional).
- Prometheus Endpoint, exposes the route
/metrics
(internally) to serve Prometheus metrics. - Support for Sentry & Syslog, all warning/error logs can be forwarded to Sentry and/or Syslog.
Configuration
YAML
This is a simple (and not comprehensive) configuration:
server:
port:
http: "80"
https: "443"
tls:
cert_file: server.pem
key_file: server.key
upstream:
host: ~
port: 443
scheme: https
endpoints:
- 127.0.0.1
http_to_https: true
redirect_status_code: 301
cache:
hosts:
- localhost:6379
domains:
example_com:
server:
upstream:
host: example.com
example_org:
server:
upstream:
host: example.org
For more details about the full server configuration check the relative documentation in docs/CONFIGURATION.md
Examples
CLI
$ go-proxy-cache -h
Usage of go-proxy-cache:
-config string
config file (default "config.yml")
-debug
enable debug
-log string
log file (default stdout)
-test
test configuration
-verbose
enable verbose
-version
display version
[...]
For examples check the relative documentation in docs/EXAMPLES.md
Release Cycle
- Bug-fixes (e.g.
1.1.1
,1.1.2
,1.2.1
,1.2.3
) are released as needed (no additional features are delivered in those versions, bug-fixes only). - Each version is supported until the next one is released (e.g.
1.1.x
will be supported until1.2.0
is out). - We use Semantic Versioning.
Common Errors
acme/autocert: server name component count invalid
Let's Encrypt cannot be used locally, as described in this threadacme/autocert: missing certificate
Let's Encrypt cannot be used locally, as described in this thread501 Not Implemented
If there's no domain defined in the main configuration nor in the domain overrides, and a client will request an unknown domain the status501
is returned.- WebSocket and TimeoutHandler are not working together, because TimeoutHandler doesn't support Hijacker, so in order to have WebSocket support the setting
TimeoutHandler
must be set to-1
. context deadline exceeded
The reason is because the timeout on the context.Context of the client side of the request is shorter than the timeout in the server side handler. This means that the client gives up before any response is written.
References
- Proxy servers and tunneling
- Make resilient Go net/http servers using timeouts, deadlines and context cancellation
- So you want to expose Go on the Internet
- Writing a very fast cache service with millions of entries in Go
- RFC7234 - Hypertext Transfer Protocol (HTTP/1.1): Caching
- The complete guide to Go net/http timeouts
- What Happens in a TLS Handshake? | SSL Handshake
- A step by step guide to mTLS in Go
- Learning HTTP caching in Go
- Nginx HTTP2 Server Push
- Introducing HTTP/2 Server Push with NGINX 1.13.9
- Preload - W3C Editor's Draft 20 August 2020
- Web Linking
- HTTP Health Checks
- Types of load balancing algorithms
License
OpenSSL
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Go Proxy Cache
MIT License
Copyright (c) 2023 Fabio Cicerchia info@fabiocicerchia.it
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.