{"id":46409878,"url":"https://github.com/sadoyan/aralez","last_synced_at":"2026-04-02T15:33:22.087Z","repository":{"id":299411861,"uuid":"968101154","full_name":"sadoyan/aralez","owner":"sadoyan","description":"Aralez (Արալեզ), Reverse proxy built on top of Cloudflare's Pingora","archived":false,"fork":false,"pushed_at":"2026-03-04T13:42:04.000Z","size":515,"stargazers_count":617,"open_issues_count":1,"forks_count":21,"subscribers_count":10,"default_branch":"main","last_synced_at":"2026-03-04T18:30:38.083Z","etag":null,"topics":["load-balancer","pingora","proxy","reverse-proxy","rust"],"latest_commit_sha":null,"homepage":"https://sadoyan.github.io/aralez-docs/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sadoyan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":"sadoyan","thanks_dev":null,"custom":null}},"created_at":"2025-04-17T14:05:09.000Z","updated_at":"2026-03-04T11:35:52.000Z","dependencies_parsed_at":"2025-12-11T19:37:41.274Z","dependency_job_id":null,"html_url":"https://github.com/sadoyan/aralez","commit_stats":null,"previous_names":["sadoyan/aralez"],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/sadoyan/aralez","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadoyan%2Faralez","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadoyan%2Faralez/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadoyan%2Faralez/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadoyan%2Faralez/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sadoyan","download_url":"https://codeload.github.com/sadoyan/aralez/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sadoyan%2Faralez/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30127218,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["load-balancer","pingora","proxy","reverse-proxy","rust"],"created_at":"2026-03-05T13:02:56.516Z","updated_at":"2026-04-02T15:33:22.075Z","avatar_url":"https://github.com/sadoyan.png","language":"Rust","funding_links":["https://buymeacoffee.com/sadoyan","https://www.buymeacoffee.com/sadoyan"],"categories":[],"sub_categories":[],"readme":"![Aralez](https://netangels.net/utils/aralez-white.jpg)\n\n---\n\n# Aralez (Արալեզ),\n\n### **Reverse proxy built on top of Cloudflare's Pingora**\n\nAralez is a high-performance Rust reverse proxy with zero-configuration automatic protocol handling, TLS, and upstream management,\nfeaturing Consul and Kubernetes integration for dynamic pod discovery and health-checked routing, acting as a lightweight ingress-style proxy.\n\n---\nWhat Aralez means ?\n**Aralez = Արալեզ** \u003cins\u003eNamed after the legendary Armenian guardian spirit, winged dog-like creature, that descend upon fallen heroes to lick their wounds and resurrect them\u003c/ins\u003e.\n\nBuilt on Rust, on top of **Cloudflare’s Pingora engine**, **Aralez** delivers world-class performance, security and scalability — right out of the box.\n\n[![Buy Me A Coffee](https://img.shields.io/badge/☕-Buy%20me%20a%20coffee-orange)](https://www.buymeacoffee.com/sadoyan)\n\n---\n\n## 🔧 Key Features\n\n- **Dynamic Config Reloads** — Upstreams can be updated live via API, no restart required.\n- **TLS Termination** — Built-in OpenSSL support.\n - **Automatic loading of certificates** — Automatically reads and loads certificates from a folder, without a restart.\n- **Upstreams TLS detection** — Aralez will automatically detect if upstreams uses secure connection.\n- **Built in rate limiter** — Limit requests to server, by setting up upper limit for requests per seconds, per virtualhost.\n - **Global rate limiter** — Set rate limit for all virtualhosts.\n - **Per path rate limiter** — Set rate limit for specific paths. Path limits will override global limits.\n- **Authentication** — Supports Basic Auth, API tokens, and JWT verification.\n - **Basic Auth**\n - **API Key** via `x-api-key` header\n - **JWT Auth**, with tokens issued by Aralez itself via `/jwt` API\n - ⬇️ See below for examples and implementation details.\n- **Load Balancing Strategies**\n - Round-robin\n - Failover with health checks\n - Sticky sessions via cookies\n- **Unified Port** — Serve HTTP and WebSocket traffic over the same connection.\n- **Built in file server** — Build in minimalistic file server for serving static files, should be added as upstreams for public access.\n- **Memory Safe** — Created purely on Rust.\n- **High Performance** — Built with [Pingora](https://github.com/cloudflare/pingora) and tokio for async I/O.\n\n## 🌍 Highlights\n\n- ⚙️ **Upstream Providers:**\n - `file` Upstreams are declared in config file.\n - `consul` Upstreams are dynamically updated from Hashicorp Consul.\n- 🔁 **Hot Reloading:** Modify upstreams on the fly via `upstreams.yaml` — no restart needed.\n- 🔮 **Automatic WebSocket Support:** Zero config — connection upgrades are handled seamlessly.\n- 🔮 **Automatic GRPC Support:** Zero config, Requires `ssl` to proxy, gRPC handled seamlessly.\n- 🔮 **Upstreams Session Stickiness:** Enable/Disable Sticky sessions globally.\n- 🔐 **TLS Termination:** Fully supports TLS for upstreams and downstreams.\n- 🛡️ **Built-in Authentication** Basic Auth, JWT, API key.\n- 🧠 **Header Injection:** Global and per-route header configuration.\n- 🧪 **Health Checks:** Pluggable health check methods for upstreams.\n- 🛰️ **Remote Config Push:** Lightweight HTTP API to update configs from CI/CD or other systems.\n\n---\n\n## 📁 File Structure\n\n```\n.\n├── main.yaml # Main configuration loaded at startup\n├── upstreams.yaml # Watched config with upstream mappings\n├── etc/\n│ ├── server.crt # TLS certificate (required if using TLS)\n│ └── key.pem # TLS private key\n```\n\n---\n\n## 🛠 Configuration Overview\n\n### 🔧 `main.yaml`\n\n| Key | Example Value | Description |\n|----------------------------------|--------------------------------------|----------------------------------------------------------------------------------------------------|\n| **threads** | 12 | Number of running daemon threads. Optional, defaults to 1 |\n| **runuser** | aralez | Optional, Username for running aralez after dropping root privileges, requires to launch as root |\n| **rungroup** | aralez | Optional,Group for running aralez after dropping root privileges, requires to launch as root |\n| **daemon** | false | Run in background (boolean) |\n| **upstream_keepalive_pool_size** | 500 | Pool size for upstream keepalive connections |\n| **pid_file** | /tmp/aralez.pid | Path to PID file |\n| **error_log** | /tmp/aralez_err.log | Path to error log file |\n| **upgrade_sock** | /tmp/aralez.sock | Path to live upgrade socket file |\n| **config_address** | 0.0.0.0:3000 | HTTP API address for pushing upstreams.yaml from remote location |\n| **config_tls_address** | 0.0.0.0:3001 | HTTPS API address for pushing upstreams.yaml from remote location |\n| **config_tls_certificate** | etc/server.crt | Certificate file path for API. Mandatory if proxy_address_tls is set, else optional |\n| **proxy_tls_grade** | (high, medium, unsafe) | Grade of TLS ciphers, for easy configuration. High matches Qualys SSL Labs A+ (defaults to medium) |\n| **config_tls_key_file** | etc/key.pem | Private Key file path. Mandatory if proxy_address_tls is set, else optional |\n| **proxy_address_http** | 0.0.0.0:6193 | Aralez HTTP bind address |\n| **proxy_address_tls** | 0.0.0.0:6194 | Aralez HTTPS bind address (Optional) |\n| **proxy_certificates** | etc/certs/ | The directory containing certificate and key files. In a format {NAME}.crt, {NAME}.key. |\n| **upstreams_conf** | etc/upstreams.yaml | The location of upstreams file |\n| **log_level** | info | Log level , possible values : info, warn, error, debug, trace, off |\n| **hc_method** | HEAD | Healthcheck method (HEAD, GET, POST are supported) UPPERCASE |\n| **hc_interval** | 2 | Interval for health checks in seconds |\n| **master_key** | 5aeff7f9-7b94-447c-af60-e8c488544a3e | Master key for working with API server and JWT Secret generation |\n| **file_server_folder** | /some/local/folder | Optional, local folder to serve |\n| **file_server_address** | 127.0.0.1:3002 | Optional, Local address for file server. Can set as upstream for public access |\n| **config_api_enabled** | true | Boolean to enable/disable remote config push capability |\n\n### 🌐 `upstreams.yaml`\n\n- `provider`: `file` or `consul`\n- File-based upstreams define:\n - Hostnames and routing paths\n - Backend servers (load-balanced)\n - Optional request headers, specific to this upstream\n- Global headers (e.g., CORS) apply to all proxied responses\n- Optional authentication (Basic, API Key, JWT)\n\n---\n\n## 🛠 Installation\n\nDownload the prebuilt binary for your architecture from releases section of [GitHub](https://github.com/sadoyan/aralez/releases) repo\nMake the binary executable `chmod 755 ./aralez-VERSION` and run.\n\nFile names:\n\n| File Name | Description |\n|---------------------------------|--------------------------------------------------------------------------|\n| `aralez-x86_64-musl.gz` | Static Linux x86_64 binary, without any system dependency |\n| `aralez-x86_64-glibc.gz` | Dynamic Linux x86_64 binary, with minimal system dependencies |\n| `aralez-x86_64-compat-musl.gz` | Static Linux x86_64 binary, compatible with old pre Haswell CPUs |\n| `aralez-x86_64-compat-glibc.gz` | Dynamic Linux x86_64 binary, compatible with old pre Haswell CPUs |\n| `aralez-aarch64-musl.gz` | Static Linux ARM64 binary, without any system dependency |\n| `aralez-aarch64-glibc.gz` | Dynamic Linux ARM64 binary, with minimal system dependencies |\n| `sadoyan/aralez` | Docker image on Debian 13 slim (https://hub.docker.com/r/sadoyan/aralez) |\n\n**Via docker**\n\n```shell\ndocker run -d \\\n -v /local/path/to/config:/etc/aralez:ro \\\n -p 80:80 \\\n -p 443:443 \\\n sadoyan/aralez\n```\n\n## 💡 Note\n\nIn general **glibc** builds are working faster, but have few, basic, system dependencies for example :\n\n```\n\tlinux-vdso.so.1 (0x00007ffeea33b000)\n\tlibgcc_s.so.1 =\u003e /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f09e7377000)\n\tlibm.so.6 =\u003e /lib/x86_64-linux-gnu/libm.so.6 (0x00007f09e6320000)\n\tlibc.so.6 =\u003e /lib/x86_64-linux-gnu/libc.so.6 (0x00007f09e613f000)\n\t/lib64/ld-linux-x86-64.so.2 (0x00007f09e73b1000)\n```\n\nThese are common to any Linux systems, so the binary should work on almost any Linux system.\n\n**musl** builds are 100% portable, static compiled binaries and have zero system depencecies.\nIn general musl builds have a little less performance.\nThe most intensive tests shows 107k-110k requests per second on **Glibc** binaries against 97k-100k **Musl** ones.\n\n## 🔌 Running the Proxy\n\n```bash\n./aralez -c path/to/main.yaml\n```\n\n## 🔌 Systemd integration\n\n```bash\ncat \u003e /etc/systemd/system/aralez.service \u003c\u003cEOF\n[Service]\nType=forking\nPIDFile=/run/aralez.pid\nExecStart=/bin/aralez -d -c /etc/aralez.conf\nExecReload=kill -QUIT $MAINPID\nExecReload=/bin/aralez -u -d -c /etc/aralez.conf\nEOF\n```\n\n```bash\nsystemctl enable aralez.service.\nsystemctl restart aralez.service.\n```\n\n## 💡 Example\n\nA sample `upstreams.yaml` entry:\n\n```yaml\nprovider: \"file\"\nsticky_sessions: false\nto_https: false\nrate_limit: 10\nserver_headers:\n - \"X-Forwarded-Proto:https\"\n - \"X-Forwarded-Port:443\"\nclient_headers:\n - \"Access-Control-Allow-Origin:*\"\n - \"Access-Control-Allow-Methods:POST, GET, OPTIONS\"\n - \"Access-Control-Max-Age:86400\"\nauthorization:\n type: \"jwt\"\n creds: \"910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774\"\nmyhost.mydomain.com:\n paths:\n \"/\":\n rate_limit: 20\n to_https: false\n server_headers:\n - \"X-Something-Else:Foobar\"\n - \"X-Another-Header:Hohohohoho\"\n client_headers:\n - \"X-Some-Thing:Yaaaaaaaaaaaaaaa\"\n - \"X-Proxy-From:Hopaaaaaaaaaaaar\"\n servers:\n - \"127.0.0.1:8000\"\n - \"127.0.0.2:8000\"\n \"/foo\":\n to_https: true\n client_headers:\n - \"X-Another-Header:Hohohohoho\"\n servers:\n - \"127.0.0.4:8443\"\n - \"127.0.0.5:8443\"\n \"/.well-known/acme-challenge\":\n healthcheck: false\n servers:\n - \"127.0.0.1:8001\"\n```\n\n**This means:**\n\n- Sticky sessions are disabled globally. This setting applies to all upstreams. If enabled all requests will be 301 redirected to HTTPS.\n- HTTP to HTTPS redirect disabled globally, but can be overridden by `to_https` setting per upstream.\n- All upstreams will receive custom headers : `X-Forwarded-Proto:https` and `X-Forwarded-Port:443`\n- Additionally, myhost.mydomain.com with path `/` will receive custom headers : `X-Another-Header:Hohohohoho` and `X-Something-Else:Foobar`\n- Requests to each hosted domains will be limited to 10 requests per second per virtualhost.\n - Requests limits are calculated per requester ip plus requested virtualhost.\n - If the requester exceeds the limit it will receive `429 Too Many Requests` error.\n - Optional. Rate limiter will be disabled if the parameter is entirely removed from config.\n- Requests to `myhost.mydomain.com/` will be limited to 20 requests per second.\n- Requests to `myhost.mydomain.com/` will be proxied to `127.0.0.1` and `127.0.0.2`.\n- Plain HTTP to `myhost.mydomain.com/foo` will get 301 redirect to configured TLS port of Aralez.\n- Requests to `myhost.mydomain.com/foo` will be proxied to `127.0.0.4` and `127.0.0.5`.\n- Requests to `myhost.mydomain.com/.well-known/acme-challenge` will be proxied to `127.0.0.1:8001`, but healthcheks are disabled.\n- SSL/TLS for upstreams is detected automatically, no need to set any config parameter.\n - Assuming the `127.0.0.5:8443` is SSL protected. The inner traffic will use TLS.\n - Self-signed certificates are silently accepted.\n- Global headers (CORS for this case) will be injected to all upstreams.\n- Additional headers will be injected into the request for `myhost.mydomain.com`.\n- You can choose any path, deep nested paths are supported, the best match chosen.\n- All requests to servers will require JWT token authentication (You can comment out the authorization to disable it),\n - Firs parameter specifies the mechanism of authorisation `jwt`\n - Second is the secret key for validating `jwt` tokens\n\n---\n\n## 🔄 Hot Reload\n\n- Changes to `upstreams.yaml` are applied immediately.\n- No need to restart the proxy — just save the file.\n- If `consul` provider is chosen, upstreams will be periodically update from Consul's API.\n\n---\n\n## 🔐 TLS Support\n\nTo enable TLS for A proxy server: Currently only OpenSSL is supported, working on Boringssl and Rustls\n\n1. Set `proxy_address_tls` in `main.yaml`\n2. Provide `tls_certificate` and `tls_key_file`\n\n---\n\n## 📡 Remote Config API\n\nPush new `upstreams.yaml` over HTTP to `config_address` (`:3000` by default). Useful for CI/CD automation or remote config updates.\nURL parameter. `key=MASTERKEY` is required. `MASTERKEY` is the value of `master_key` in the `main.yaml`\n\n```bash\ncurl -XPOST --data-binary @./etc/upstreams.txt 127.0.0.1:3000/conf?key=${MASTERKEY}\n```\n\n---\n\n## 🔐 Authentication (Optional)\n\n- Adds authentication to all requests.\n- Only one method can be active at a time.\n- `basic` : Standard HTTP Basic Authentication requests.\n- `apikey` : Authentication via `x-api-key` header, which should match the value in config.\n- `jwt`: JWT authentication implemented via `araleztoken=` url parameter. `/some/url?araleztoken=TOKEN`\n- `jwt`: JWT authentication implemented via `Authorization: Bearer \u003ctoken\u003e` header.\n - To obtain JWT a token, you should send **generate** request to built in api server's `/jwt` endpoint.\n - `master_key`: should match configured `masterkey` in `main.yaml` and `upstreams.yaml`.\n - `owner` : Just a placeholder, can be anything.\n - `valid` : Time in minutes during which the generated token will be valid.\n\n**Example JWT token generation request**\n\n```bash\nPAYLOAD='{\n \"master_key\": \"910517d9-f9a1-48de-8826-dbadacbd84af-cb6f830e-ab16-47ec-9d8f-0090de732774\",\n \"owner\": \"valod\",\n \"valid\": 10\n}'\n\nTOK=`curl -s -XPOST -H \"Content-Type: application/json\" -d \"$PAYLOAD\" http://127.0.0.1:3000/jwt | cut -d '\"' -f4`\necho $TOK\n```\n\n**Example Request with JWT token**\n\nWith `Authorization: Bearer` header\n\n```bash\ncurl -H \"Authorization: Bearer ${TOK}\" -H 'Host: myip.mydomain.com' http://127.0.0.1:6193/\n```\n\nWith URL parameter (Very useful if you want to generate and share temporary links)\n\n```bash\ncurl -H 'Host: myip.mydomain.com' \"http://127.0.0.1:6193/?araleztoken=${TOK}`\"\n```\n\n**Example Request with API Key**\n\n```bash\ncurl -H \"x-api-key: ${APIKEY}\" --header 'Host: myip.mydomain.com' http://127.0.0.1:6193/\n\n```\n\n**Example Request with Basic Auth**\n\n```bash\ncurl -u username:password -H 'Host: myip.mydomain.com' http://127.0.0.1:6193/\n\n```\n\n## 📃 License\n\n[Apache License Version 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n\n---\n\n## 🧠 Notes\n\n- Uses Pingora under the hood for efficiency and flexibility.\n- Designed for edge proxying, internal routing, or hybrid cloud scenarios.\n- Transparent, fully automatic WebSocket upgrade support.\n- Transparent, fully automatic gRPC proxy.\n- Sticky session support.\n- HTTP2 ready.\n\n### 🧩 Summary Table: Feature Comparison\n\n| Feature / Proxy | **Aralez** | **Nginx** | **HAProxy** | **Traefik** | **Caddy** | **Envoy** |\n|----------------------------------|:-----------------:|:---------------------------:|:-----------------:|:--------------------------------:|:---------------:|:---------------:|\n| **Hot Reload (Zero Downtime)** | ✅ **Automatic** | ⚙️ Manual (graceful reload) | ⚙️ Manual | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **Auto Cert Reload (from disk)** | ✅ **Automatic** | ❌ No | ❌ No | ✅ Automatic (Let's Encrypt only) | ✅ Automatic | ⚙️ Manual |\n| **Auth: Basic / API Key / JWT** | ✅ **Built-in** | ⚙️ Basic only | ⚙️ Basic only | ✅ Config-based | ✅ Config-based | ✅ Config-based |\n| **TLS / HTTP2 Termination** | ✅ **Automatic** | ⚙️ Manual config | ⚙️ Manual config | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **Built-in A+ TLS Grades** | ✅ **Automatic** | ⚙️ Manual tuning | ⚙️ Manual | ⚙️ Manual | ✅ Automatic | ⚙️ Manual |\n| **gRPC Proxy** | ✅ **Zero-Config** | ⚙️ Manual setup | ⚙️ Manual | ⚙️ Needs config | ⚙️ Needs config | ⚙️ Needs config |\n| **SSL Proxy** | ✅ **Zero-Config** | ⚙️ Manual | ⚙️ Manual | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **HTTP/2 Proxy** | ✅ **Zero-Config** | ⚙️ Manual enable | ⚙️ Manual enable | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **WebSocket Proxy** | ✅ **Zero-Config** | ⚙️ Manual upgrade | ⚙️ Manual upgrade | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **Sticky Sessions** | ✅ **Built-in** | ⚙️ Config-based | ⚙️ Config-based | ✅ Automatic | ⚙️ Limited | ✅ Config-based |\n| **Prometheus Metrics** | ✅ **Built-in** | ⚙️ External exporter | ✅ Built-in | ✅ Built-in | ✅ Built-in | ✅ Built-in |\n| **Consul Integration** | ✅ **Yes** | ❌ No | ⚙️ Via DNS only | ✅ Yes | ❌ No | ✅ Yes |\n| **Kubernetes Integration** | ✅ **Yes** | ⚙️ Needs ingress setup | ⚙️ External | ✅ Yes | ⚙️ Limited | ✅ Yes |\n| **Request Limiter** | ✅ **Yes** | ✅ Config-based | ✅ Config-based | ✅ Config-based | ✅ Config-based | ✅ Config-based |\n| **Serve Static Files** | ✅ **Yes** | ✅ Yes | ⚙️ Basic | ✅ Automatic | ✅ Automatic | ❌ No |\n| **Upstream Health Checks** | ✅ **Automatic** | ⚙️ Manual config | ⚙️ Manual config | ✅ Automatic | ✅ Automatic | ✅ Automatic |\n| **Built With** | 🦀 **Rust** | C | C | Go | Go | C++ |\n\n---\n\n✅ **Automatic / Zero-Config** – Works immediately, no setup required \n⚙️ **Manual / Config-based** – Requires explicit configuration or modules \n❌ **No** – Not supported\n\n## 💡 Simple benchmark by [Oha](https://github.com/hatoo/oha)\n\n⚠️ These benchmarks use :\n\n- 3 async Rust echo servers on a local network with 1Gbit as upstreams.\n- A dedicated server for running **Aralez**\n- A dedicated server for running **Oha**\n- The following upstreams configuration.\n- 9 test URLs from simple `/` to nested up to 7 subpaths.\n\n```yaml\n myhost.mydomain.com:\n paths:\n \"/\":\n to_https: false\n headers:\n - \"X-Proxy-From:Aralez\"\n servers:\n - \"192.168.211.211:8000\"\n - \"192.168.211.212:8000\"\n - \"192.168.211.213:8000\"\n \"/ping\":\n to_https: false\n headers:\n - \"X-Some-Thing:Yaaaaaaaaaaaaaaa\"\n - \"X-Proxy-From:Aralez\"\n servers:\n - \"192.168.211.211:8000\"\n - \"192.168.211.212:8000\"\n```\n\n## 💡 Results reflect synthetic performance under optimal conditions.\n\n- CPU : Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz\n- 300 : simultaneous connections\n- Duration : 10 Minutes\n- Binary : aralez-x86_64-glibc\n\n```\nSummary:\n Success rate:\t100.00%\n Total:\t600.0027 secs\n Slowest:\t0.2138 secs\n Fastest:\t0.0002 secs\n Average:\t0.0023 secs\n Requests/sec:\t129777.3838\n\n Total data:\t0 B\n Size/request:\t0 B\n Size/sec:\t0 B\n\nResponse time histogram:\n 0.000 [1] |\n 0.022 [77668026] |■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■\n 0.043 [190362] |\n 0.064 [7908] |\n 0.086 [319] |\n 0.107 [4] |\n 0.128 [0] |\n 0.150 [0] |\n 0.171 [0] |\n 0.192 [0] |\n 0.214 [4] |\n\nResponse time distribution:\n 10.00% in 0.0012 secs\n 25.00% in 0.0016 secs\n 50.00% in 0.0020 secs\n 75.00% in 0.0026 secs\n 90.00% in 0.0033 secs\n 95.00% in 0.0040 secs\n 99.00% in 0.0078 secs\n 99.90% in 0.0278 secs\n 99.99% in 0.0434 secs\n\n\nDetails (average, fastest, slowest):\n DNS+dialup:\t0.0161 secs, 0.0002 secs, 0.0316 secs\n DNS-lookup:\t0.0000 secs, 0.0000 secs, 0.0000 secs\n\nStatus code distribution:\n [200] 77866624 responses\n\nError distribution:\n [158] aborted due to deadline\n```\n\n![Aralez](https://netangels.net/utils/glibc10.png)\n\n- CPU : Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz\n- 300 : simultaneous connections\n- Duration : 10 Minutes\n- Binary : aralez-x86_64-musl\n\n```\nSummary:\n Success rate:\t100.00%\n Total:\t600.0021 secs\n Slowest:\t0.2182 secs\n Fastest:\t0.0002 secs\n Average:\t0.0024 secs\n Requests/sec:\t123870.5820\n\n Total data:\t0 B\n Size/request:\t0 B\n Size/sec:\t0 B\n\nResponse time histogram:\n 0.000 [1] |\n 0.022 [74254679] |■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■\n 0.044 [61400] |\n 0.066 [5911] |\n 0.087 [385] |\n 0.109 [0] |\n 0.131 [0] |\n 0.153 [0] |\n 0.175 [0] |\n 0.196 [0] |\n 0.218 [1] |\n\nResponse time distribution:\n 10.00% in 0.0012 secs\n 25.00% in 0.0016 secs\n 50.00% in 0.0021 secs\n 75.00% in 0.0028 secs\n 90.00% in 0.0037 secs\n 95.00% in 0.0045 secs\n 99.00% in 0.0077 secs\n 99.90% in 0.0214 secs\n 99.99% in 0.0424 secs\n\n\nDetails (average, fastest, slowest):\n DNS+dialup:\t0.0066 secs, 0.0002 secs, 0.0210 secs\n DNS-lookup:\t0.0000 secs, 0.0000 secs, 0.0000 secs\n\nStatus code distribution:\n [200] 74322377 responses\n\nError distribution:\n [228] aborted due to deadline\n```\n\n![Aralez](https://netangels.net/utils/musl10.png)\n\n## 🚀 Aralez, Nginx, Traefik performance benchmark\n\nThis benchmark is done on 4 servers. With CPU Intel(R) Xeon(R) E-2174G CPU @ 3.80GHz, 64 GB RAM.\n\n1. Sever runs Aralez, Traefik, Nginx on different ports. Tuned as much as I could .\n2. 3x Upstreams servers, running Nginx. Replying with dummy json hardcoded in config file for max performance.\n\nAll servers are connected to the same switch with 1GB port in datacenter , not a home lab. The results:\n![Aralez](https://raw.githubusercontent.com/sadoyan/aralez/refs/heads/main/assets/bench.png)\n\nThe results show requests per second performed by Load balancer. You can see 3 batches with 800 concurrent users.\n\n1. Requests via http1.1 to plain text endpoint.\n2. Requests to via http2 to SSL endpoint.\n3. Mixed workload with plain http1.1 and htt2 SSL.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsadoyan%2Faralez","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsadoyan%2Faralez","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsadoyan%2Faralez/lists"}