Initial commit: WolfProxy - Rust nginx proxy replacement

Features:
- Reads nginx sites-enabled configuration directly
- Automatic SSL/TLS certificate pickup from nginx config
- Load balancing with round-robin, IP hash, least connections, weighted
- Full upstream support with health checking
- SNI support for multiple SSL domains
- HTTP/1.1 and HTTP/2 support
- Proxy pass with header manipulation
- Location block matching (prefix, exact, regex)
- Rewrite and redirect rules

(C) 2025 Wolf Software Systems Ltd

Author: Paul C

.codewolf/conversation_codewolf.json

@@ -0,0 +1,8 @@
+/target
+Cargo.lock
+*.log
+*.bak
+.DS_Store
+*.swp
+*.swo
+*~

.gitignore

@@ -0,0 +1,54 @@
+[package]
+name = "wolfproxy"
+version = "0.1.0"
+edition = "2021"
+description = "A Rust-based nginx proxy replacement that reads nginx configuration files"
+authors = ["Wolf Software Systems Ltd"]
+
+[dependencies]
+# Web framework
+axum = { version = "0.7", features = ["macros", "http1", "http2"] }
+tokio = { version = "1", features = ["full"] }
+
+# Logging
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+
+# Error handling
+anyhow = "1"
+
+# Tower middleware
+tower = { version = "0.4", features = ["util", "timeout", "retry", "load-shed", "limit"] }
+tower-http = { version = "0.4", features = ["fs", "trace", "cors", "compression-gzip"] }
+
+# HTTP client for proxying
+hyper = { version = "1", features = ["full"] }
+hyper-util = { version = "0.1.19", features = ["full", "client-legacy"] }
+http-body-util = "0.1"
+
+# Serialization
+serde = { version = "1", features = ["derive"] }
+toml = "0.8"
+
+# TLS/SSL
+rustls = "0.23"
+tokio-rustls = "0.26"
+rustls-pemfile = "2"
+
+# Utilities
+bytes = "1"
+tokio-util = { version = "0.7", features = ["io"] }
+mime_guess = "2"
+futures-util = "0.3"
+regex = "1"
+url = "2"
+rand = "0.8"
+dashmap = "6"
+arc-swap = "1"
+notify = "6"
+fnv = "1"
+glob = "0.3"
+
+[[bin]]
+name = "wolfproxy"
+path = "src/main.rs"

Cargo.toml

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Wolf Software Systems Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE

@@ -0,0 +1,205 @@
+# WolfProxy
+
+A high-performance Rust-based reverse proxy server that reads and uses nginx configuration files directly.
+
+**(C) 2025 Wolf Software Systems Ltd - http://wolf.uk.com**
+
+## Features
+
+- **Drop-in nginx replacement**: Reads nginx sites-enabled configuration directly
+- **Automatic SSL/TLS**: Automatically picks up SSL certificates from nginx config (Let's Encrypt, etc.)
+- **Load Balancing**: Full upstream support with multiple algorithms:
+  - Round Robin
+  - Weighted Round Robin
+  - IP Hash (sticky sessions)
+  - Least Connections
+  - Random
+- **Health Checking**: Automatic backend health monitoring with configurable thresholds
+- **SNI Support**: Proper Server Name Indication for multiple SSL domains
+- **HTTP/1.1 & HTTP/2**: Full protocol support
+
+## Supported nginx Directives
+
+### Server Block
+- `listen` - Port and SSL configuration
+- `server_name` - Virtual host names
+- `root` - Document root
+- `index` - Index files
+- `error_page` - Custom error pages
+- `ssl_certificate` / `ssl_certificate_key` - SSL certificates
+- `include` - Include other config files
+- `gzip` - Compression (header support)
+
+### Location Block
+- `location` - Path matching (prefix, exact `=`, regex `~`, case-insensitive `~*`, priority `^~`)
+- `proxy_pass` - Reverse proxy to backend or upstream
+- `proxy_set_header` - Set headers for backend
+- `proxy_http_version` - HTTP version for backend
+- `proxy_buffer_size` / `proxy_buffers` - Buffer configuration
+- `proxy_connect_timeout` / `proxy_read_timeout` / `proxy_send_timeout` - Timeouts
+- `root` / `alias` - Static file serving
+- `try_files` - Try multiple files
+- `return` - Return status codes or redirects
+- `rewrite` - URL rewriting
+- `deny` / `allow` - Access control
+- `add_header` - Add response headers
+
+### Upstream Block
+- `upstream` - Define backend server groups
+- `server` - Backend servers with options:
+  - `weight` - Server weight
+  - `max_fails` - Failure threshold
+  - `fail_timeout` - Recovery timeout
+  - `backup` - Backup server
+  - `down` - Mark server as down
+- `ip_hash` - Sticky sessions
+- `least_conn` - Least connections balancing
+- `keepalive` - Connection pooling
+
+### Conditionals
+- `if ($host = ...)` - Host-based conditions
+- `if ($request_method = ...)` - Method-based conditions
+
+## Installation
+
+### Prerequisites
+
+- Rust 1.70+ (https://rustup.rs)
+- Existing nginx configuration in `/etc/nginx/sites-enabled/`
+
+### Build
+
+```bash
+./build.sh
+```
+
+Or manually:
+
+```bash
+cargo build --release
+```
+
+### Run
+
+```bash
+./run.sh
+```
+
+Or:
+
+```bash
+./target/release/wolfproxy
+```
+
+### Install as Service
+
+```bash
+sudo ./install_service.sh
+```
+
+This will:
+1. Copy the binary to `/opt/wolfproxy/`
+2. Create a systemd service
+3. Optionally stop nginx and start WolfProxy
+
+## Configuration
+
+WolfProxy uses a simple TOML configuration file (`wolfproxy.toml`):
+
+```toml
+[server]
+host = "0.0.0.0"
+http_port = 80
+https_port = 443
+
+[nginx]
+config_dir = "/etc/nginx"
+auto_reload = false
+```
+
+The nginx configuration is read from:
+- `{config_dir}/sites-enabled/` - Site configuration files
+- `{config_dir}/conf.d/*.conf` - Additional configuration files
+
+## Example nginx Configuration
+
+WolfProxy will read standard nginx configuration like:
+
+```nginx
+upstream backend {
+    ip_hash;
+    server 10.0.10.105 max_fails=3 fail_timeout=360s;
+    server 10.0.10.102 max_fails=3 fail_timeout=360s;
+    server 10.0.10.103 max_fails=3 fail_timeout=360s;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name example.com;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name example.com;
+
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+    location / {
+        proxy_pass http://backend;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+    }
+}
+```
+
+## Migration from nginx
+
+1. **Stop nginx**: `sudo systemctl stop nginx`
+2. **Install WolfProxy**: `sudo ./install_service.sh`
+3. **Start WolfProxy**: `sudo systemctl start wolfproxy`
+4. **Verify**: Check your sites are working
+5. **Disable nginx**: `sudo systemctl disable nginx`
+6. **Enable WolfProxy**: `sudo systemctl enable wolfproxy`
+
+## Logging
+
+Set the `RUST_LOG` environment variable to control log level:
+
+```bash
+RUST_LOG=debug ./target/release/wolfproxy
+```
+
+Levels: `trace`, `debug`, `info`, `warn`, `error`
+
+## Comparison with nginx
+
+| Feature | nginx | WolfProxy |
+|---------|-------|-----------|
+| Configuration | nginx native | nginx native (reads directly) |
+| Memory Usage | Low | Very Low |
+| Performance | Excellent | Excellent |
+| SSL/TLS | Yes | Yes (auto-detect from config) |
+| HTTP/2 | Yes | Yes |
+| Load Balancing | Yes | Yes |
+| Lua Scripting | Yes | No |
+| Module System | Yes | No (but extensible in Rust) |
+
+## License
+
+MIT License - See LICENSE file
+
+## Support
+
+- Website: http://wolf.uk.com
+- Issues: GitHub Issues

README.md

@@ -0,0 +1,23 @@
+#!/bin/bash
+# WolfProxy Build Script
+# (C) 2025 Wolf Software Systems Ltd
+
+set -e
+
+echo "Building WolfProxy..."
+
+# Check for cargo
+if ! command -v cargo &> /dev/null; then
+    echo "Error: cargo not found. Please install Rust: https://rustup.rs"
+    exit 1
+fi
+
+# Build in release mode
+cargo build --release
+
+echo ""
+echo "Build complete!"
+echo "Binary location: target/release/wolfproxy"
+echo ""
+echo "To run: ./target/release/wolfproxy"
+echo "To install as service: sudo ./install_service.sh"

build.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copy WolfProxy files to a remote server
+# (C) 2025 Wolf Software Systems Ltd
+
+set -e
+
+if [ "$#" -lt 1 ]; then
+    echo "Usage: $0 <user@host> [remote_path]"
+    echo "Example: $0 root@server.example.com /opt/wolfproxy"
+    exit 1
+fi
+
+REMOTE_HOST="$1"
+REMOTE_PATH="${2:-/opt/wolfproxy}"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Check if binary exists
+if [ ! -f "$SCRIPT_DIR/target/release/wolfproxy" ]; then
+    echo "Binary not found. Building..."
+    cd "$SCRIPT_DIR"
+    cargo build --release
+fi
+
+echo "Copying WolfProxy to $REMOTE_HOST:$REMOTE_PATH..."
+
+# Create remote directory
+ssh "$REMOTE_HOST" "mkdir -p $REMOTE_PATH"
+
+# Copy files
+scp "$SCRIPT_DIR/target/release/wolfproxy" "$REMOTE_HOST:$REMOTE_PATH/"
+scp "$SCRIPT_DIR/wolfproxy.toml.example" "$REMOTE_HOST:$REMOTE_PATH/"
+scp "$SCRIPT_DIR/install_service.sh" "$REMOTE_HOST:$REMOTE_PATH/"
+scp "$SCRIPT_DIR/README.md" "$REMOTE_HOST:$REMOTE_PATH/"
+
+# Copy config if it doesn't exist on remote
+ssh "$REMOTE_HOST" "[ -f $REMOTE_PATH/wolfproxy.toml ] || cp $REMOTE_PATH/wolfproxy.toml.example $REMOTE_PATH/wolfproxy.toml"
+
+echo ""
+echo "Files copied successfully!"
+echo ""
+echo "To install as service, SSH to the server and run:"
+echo "  cd $REMOTE_PATH"
+echo "  sudo ./install_service.sh"