This is the project we used to build enterprise-oriented generic proxy solutions, including but not limited to proxy / reverse proxy (WIP) / load balancer (TBD) / nat traversal (TBD).
G3 Project is made up of many components.
The project-level documents resides in the doc subdirectory, and you should see the links below for the important ones. Each component will have its own documents in its doc subdirectory.
A generic forward proxy solution, but you can also use it as tcp streaming / transparent proxy / reverse proxy as we have basic support built in.
- Async Rust: fast and reliable
- Http1 / Socks5 forward proxy protocol, SNI Proxy and TCP TPROXY
- Proxy Chaining, with support for dynamic selection of upstream proxies
- Plenty of egress route selection methods, with support for custom egress selection agent
- TCP/TLS Stream Proxy, Basic HTTP Reverse Proxy
- TLS over OpenSSL or BoringSSL or AWS-LC or Tongsuo, and even rustls
- TLS MITM interception, decrypted traffic dump, HTTP1/HTTP2/IMAP/SMTP interception
- ICAP adaptation for HTTP1/HTTP2/IMAP/SMTP, can integrate seamlessly with 3rd-party security products
- Graceful reload
- Customizable load balancing and failover strategies
- User Auth, with a rich set of config options
- Can set differential site config for each user
- Rich ACL/Limit rules, at ingress / egress / user level
- Rich monitoring metrics, at ingress / egress / user / user-site level
- Support for a variety of observability tools
See g3proxy for detailed introduction.
A work in progress reverse proxy solution.
A benchmark tool that supports HTTP 1.x, HTTP 2, HTTP 3, TLS Handshake, DNS and Cloudflare Keyless.
See g3bench for detailed introduction.
A tool to make root CA / intermediate CA / TLS server / TLS client certificates.
Fake certificate generator for g3proxy.
IP location lookup service for g3proxy GeoIP support.
A simple implementation of Cloudflare keyless server.
Only Linux is fully supported yet. The code will compile on FreeBSD, NetBSD, macOS and Windows, but we haven't tested it there.
Feel free to open PRs to add support for other platforms.
Follow Dev-Setup.
Follow Standards.
We will set tags for each release of each component in the form <name>-v<version>. You can use these tags to generate source tarballs. And we have added deb and rpm package files for each component that is ready for distribution.
If you want to do a release build:
-
generate a release tarball
# if we have a tag <name>-v<version> ./scripts/release/build_tarball.sh <name>-v<version> # if no tags usable, you need to specify the git revision (e.g. HEAD) ./scripts/release/build_tarball.sh <name> <rev>
All vendor sources will be added to the source tarball, so you can save the source tarball and build it offline at anywhere that has the compiler and dependencies installed.
-
build the package
For deb package:
tar xf <name>-<version>.tar.xz cd <name>-<version> ./build_deb_from_tar.sh
For rpm package:
rpmbuild -ta ./<name>-<version>.tar.xz # if failed, you can run the following commands manually: tar xvf <name>-<version>.tar.xz ./<name>-<version>/<name>.spec cp <name>-<version>.tar.xz ~/rpmbuild/SOURCES/ rpmbuild -ba ./<name>-<version>/<name>.spec
If you want to build a package directly from the git repo:
-
For deb package:
./build_deb_from_git.sh <name>
-
For rpm package:
./build_rpm_from_git.sh <name>
It is recommended to build packages yourself if you want to install them in a production environment.
For testing purpose, we have built and uploaded some packages to cloudsmith, you can find installation instructions there.
You can find Dockerfile(s) under docker folder of each component. The build command will be like
# run this in the source root dir
docker build -f <component>/docker/debian.Dockerfile . -t <component>:<tag>
# build without the source code
docker build -f <component>/docker/debian.Dockerfile github.com/bytedance/g3 -t <component>:<tag>
# if you have a source tarball, you can also use the URL of that tarballSee Static Linking.
See OpenSSL Variants.
See Long-Term Support.
Please check Contributing for more details.
Please check Code of Conduct for more details.
If you discover a potential security issue in this project, or think you may have discovered a security issue, we ask that you notify Bytedance Security via our security center or vulnerability reporting email.
Please do not create a public GitHub issue.
This project is licensed under the Apache-2.0 License.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
