Sundry is a caching, dynamically configurable, reverse proxy, written in NodeJS and backed by redis.
- Multiple load balancing modes, including Sticky Sessions, Round robin, and application controlled.
- Balance mode and Cache time configurable per host.
- Dynamically add and remove hosts and backends with 0 downtime.
- Wildcard https, http -> https redirect built in.
- Centralize request logging and error handling without exposing backend errors.
- Programmatically control access to backends in real time.
- Separate CLI app to view and manage hosts and routes.
- Really, Really fast, workload is very nearly 100% Asyncronous (Aside from a couple of ifs and assigments on each request)
- System Daemon, can drop privleges to bind to ports 80 and 443, or use Authbind.
-
Redis server (with events enabled)
- Preferably local to the Sundry server, bare minimum on the local network.
- "notify-keyspace-events"
- With "gsE" events enabled.
- More Info on Redis keyspace events
-
NodeJS v.11.0 +
-
AuthBind for port 80/443 bindings as non root user.
-
Upstart for running as a system daemon.
$ npm install -g sundry
Sundry relies on several configuration values, all of which can be provided in two ways.
- Enviornment Variables. (Useful for running as a system daemon)
- Values in $HOME/.sundry/config.json
You can generate a skeleton config by running...
$ sundry config build
This will create ~/.sundry/
, ~/.sundry/ssl
and ~/.sundry/config.json
Sundry uses some generic files for its default host, 404 and 500 error pages.
You can override any of these by placing the correctly named file in
~/.sundry/html/<index/404/5xx>.html
You can list, add and remove hosts from any computer that can connect to the Redis database that Sundry is using.
The easiest way is to simply run:
$ sundry -i
This will give you a pretty robust interactive cli which can be used to manage every aspect of the hosts registered with the system. Other config options are available with:
$ sundry -h
######simply run
$ sundry start
This will start sundry on your local machine, to take full advantage of its features, you will probably want to be running Dnsmasq on your router.
Add something like this to Dnsmasq 'Additional DNS Options', obviously replacing host and ip with your own.
address=/.my-computer.internal/192.168.1.3
Now you should be able to point your browser at *.my-computer.internal and sundry will handle the routing from there.
$ sudo adduser --disabled-password sundry
$ sudo su -- sundry
$ sundry config build
$ sudo apt-get install authbind
$ sudo touch /etc/authbind/byport/80 /etc/authbind/byport/443
$ sudo chown sundry:sundry /etc/authbind/byport/80 /etc/authbind/byport/443
$ sudo chmod 755 /etc/authbind/byport/80 /etc/authbind/byport/443
$ sudo touch /etc/init/sundry.conf
$ sudo <vi/emacs/nano/ed> /etc/init/sundry.conf
# no flame wars here
description "Sundry Dynamic Router"
author "PaperElectron"
start on (local-filesystems and net-device-up IFACE=eth0)
stop on shutdown
# Automatically Respawn:
respawn
respawn limit 5 60
script
export HOME=/home/sundry
export NODE_ENV=production
exec start-stop-daemon --start -u sundry --exec /usr/bin/authbind sundry start
end script
Browsers will flag this as an insecure certificate.
$ cd ~/.sundry/ssl
$ openssl genrsa -out key.pem 2048
$ openssl req -new -key key.pem -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey key.pem -out cert.pem