- Fix docker image build options with
post-quantum
feature.
- Feat: Enable the hybrid post-quantum key exchange for TLS and QUIC with
X25519MLKEM768
by default. - Deps and refactor
- Feat: Support post-quantum
X25519Kyber768Draft00
for incoming and outgoing TLS initiation. This is non-default feature [feature:post-quantum
]. - Feat: emit WARN messages if there exist unused and unsupported options specified in configuration file.
- Docs:
rpxy.io
is now available for the official website ofrpxy
. - Refactor: lots of minor improvements
- Deps
- Feat: Add Jenkins build pipeline (#182)
- Refactor: lots of minor improvements
- BugFix: Fix the bug related to the installation of
CryptoProvider
(#194) - BugFix: h3 header to use https_redirection_port (#192)
- Deps
- Feat: Support
https_redirection_port
option to redirect http requests to https with custom port.
- Refactor: lots of minor improvements
- Deps
- Breaking: Experimental ACME support is added. Check the new configuration options and README.md for ACME support. Note that it is still under development and may have some issues.
- Refactor: lots of minor improvements
- Deps
- Fix the bug that the dynamic config reload does not work properly.
- Refactor: lots of minor improvements
- Deps
- Breaking: Support for
rustls
-0.23.x for http/1.1, 2 and 3. No configuration update is needed at this point. - Breaking: Along with
rustls
, the cert manager was split fromrpxy-lib
and moved to a new inner craterpxy-cert
. This change is to make the cert manager reusable for other projects and to support not only static file based certificates but also other types, e.g., dynamic fetching and management via ACME, in the future.
- Refactor: lots of minor improvements
- Change the certificate verifier from
rustls-native-certs
torustls-platform-verifier
to use the system's default root cert store for better client (forwarder) performance inhyper-rustls
.
- deps and patches
- Breaking:
hyper
-1.0 for both server and client modules. - Breaking: Remove
override_host
option in upstream options. Add a reverse option, i.e.,keep_original_host
, and the similar optionset_upstream_host
. Whilekeep_original_host
can be explicitly specified,rpxy
keeps the originalhost
given by the incoming request by default. Then, the originalhost
header is maintained or added from the value of url request line. Ifhost
header needs to be overridden with the upstream host name (backend uri's host name),set_upstream_host
has to be set. If both ofset_upstream_host
andkeep_original_host
are set,keep_original_host
is prioritized since it is explicitly specified. - Breaking: Introduced
native-tls-backend
feature to use the native TLS engine to access backend applications. - Breaking: Changed the policy of the default cert store from
webpki
to the system-native store. Thus we terminated the featurenative-roots
and introducedwebpki-roots
feature to usewebpki
root cert store.
- Redesigned: Cache structure is totally redesigned with more memory-efficient way to read from cache file, and more secure way to strongly bind memory-objects with files with hash values.
- Redesigned: HTTP body handling flow is also redesigned with more memory-and-time efficient techniques without putting the whole objects on memory by using
futures::stream::Stream
andfutures::channel::mpsc
- Feat: Allow to disable/enable forced-connection-timeout regardless of connection status (idle or not). [default: disabled]
- Refactor: lots of minor improvements
- Feat: Add a build feature of
native-roots
to use the system's default root cert store. - Feat: Add binary release in addition to container release
- Refactor: lots of minor improvements
- Fix: fix a "watch" bug for docker. Due to a docker limitation, we need to mount a dir, e.g,
/rpxy/config
, instead of a file,rpxy.toml
, to track changes of the configuration file. We thus updated a start up script in docker container for the case "WATCH=true".
- Feat: Enabled
h2c
(HTTP/2 cleartext) requests to upstream app servers (in the previous versions, only HTTP/1.1 is allowed for cleartext requests) - Feat: Initial implementation of caching feature using file + on memory cache. (Caveats: No persistance of the cache. Once config is updated, the cache is totally eliminated.)
- Refactor: lots of minor improvements
- Fix: fix
server
in the response header (rpxy_lib
->rpxy
) - Fix: fix bug for hot-reloading configuration file (Add termination notification receiver in proxy services)
- Feat:
s2n-quic
withs2n-quic-h3
is supported as QUIC and HTTP/3 library in addition toquinn
withh3-quinn
, related to #57. - Feat: Publish dockerfile for
rpxy
withs2n-quic
on bothamd64
andarm64
. - Feat: Start to publish docker images on
ghcr.io
- Refactor: logs of minor improvements
- Feat: Continuous watching on a specified config file and hot-reloading the file when updated
- Feat: Enabled to specify TCP listen backlog in the config file
- Feat: Add a GitHub action to build
arm64
docker image. - Bench: Add benchmark result on
amd64
architecture. - Refactor: Split
rpxy
intorpxy-lib
andrpxy-bin
- Refactor: lots of minor improvements
- Fix bug to apply default backend application
- HTTP/3 Deps: Update
h3
withquinn-0.10
or higher. But changed their crates fromcrates.io
togit submodule
as a part of work around. I think this will be back tocrates.io
in a near-future update. - Load Balancing: Implement the session persistance function for load balancing using sticky cookie (initial implementation). Enabled in
default-features
. - Docker UID:GID: Update
Dockerfile
s to allow arbitrary UID and GID (non-root users) for rpxy. Now they can be set as you like by specifying through env vars. - Refactor: Various minor improvements
- Update docker of
nightly
built fromdevelop
branch along withamd64-slim
andamd64
images withlatest
andlatest:slim
tags built frommain
branch.nightly
image is based onamd64
. - Update
h3
withquinn-0.10
or higher. - Implement path replacing option for each reverse proxy backend group.