README
¶
proxy
proxy is a reverse proxy designed to be used with yeoman.
Like yeoman, it maintains no state. Instead it frequently retrieves GCP's VMs
via the API, and sets up new routes for you automatically. Routes are always
the same as the service name, e.g. if you have a yeoman service abc, VMs
ym-abc-1 and ym-abc-2, and a host example.com, proxy will automatically
route abc.example.com to both of the VMs using random routing.
proxy does health checks for every service. Every service must respond to
GET /health with 200 OK.
Servers which do not respond to healthchecks with 200 OK are considered down
and removed from routing. They will automatically become available again when
they come back online.
To see what backends are marked as available, you can access a /services
endpoint from an allowed subnet. For example:
$ gcloud compute ssh ym-proxy-1
> curl 127.0.0.1/services
{"my-service.example.com": ["100.0.0.1", "100.0.0.2"]}
Note that the proxy does not healthcheck itself or other proxy servers. You should use an external status monitoring tool to check the health of your services and through which your proxy will either be clearly available or not.
proxy uses letsencrypt to automatically generate and manage TLS certificates for you. Certificates are stored in a bucket, and it's safe to run the proxy with redundancy.
Configuration
Like all other yeoman services, you'll need an app.json file:
{
"type": "go",
"cmd": ["/app/proxy", "-c", "/app/config.json"]
}
The config.json file has these elements:
{
"log": {
"format": "json",
"level": "debug"
},
"http": {
"port": 3000
},
"https": {
"port": 3001,
"certBucket": "my-tls-certs",
"host": "example.com"
},
"providerRegistries": [
{
"provider": "gcp:$projectName:us-central1:us-central1-b",
"registry": "us-central1-pkg.dev/$projectName/$registryName",
"serviceAccount": "yeoman@$projectName.iam.gserviceaccount.com"
}
],
"subnets": [
"127.0.0.0/8",
"10.128.0.0/20"
]
}
Documentation
¶
There is no documentation for this package.
Source Files