diff --git a/docs/index.md b/docs/index.md index 42af2cb..49665f6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -101,10 +101,6 @@ docker pull ghcr.io/jkaninda/goma-gateway Documentation references Docker Hub, but all examples will work using ghcr.io just as well. -## Supported Engines - -This image is developed and tested against the Docker CE engine exclusively. -While it may work against different implementations, there are no guarantees about support for non-Docker engines. ## References diff --git a/docs/middleware/intro.md b/docs/middleware/intro.md deleted file mode 100644 index 7519046..0000000 --- a/docs/middleware/intro.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Intro -layout: default -parent: Middleware -nav_order: 1 ---- -# Middlewares - -Middleware is a function executed before (or after) the route callback. - -This is a great way to add API authentication checks, or to validate that the user has permission to access the route. - -With Goma you can create your middleware based on the type you want and apply it on your routes - -Goma Gateway supports : - -- Authentication middleware - - JWT `client authorization based on the result of a request` - - Basic-Auth - - OAuth -- Rate limiting middleware - - In-Memory client IP based -- Access middleware \ No newline at end of file diff --git a/docs/middleware/overview.md b/docs/middleware/overview.md new file mode 100644 index 0000000..c81203d --- /dev/null +++ b/docs/middleware/overview.md @@ -0,0 +1,29 @@ +--- +title: Overview +layout: default +parent: Middleware +nav_order: 1 +--- +# Middlewares + +Middleware functions are executed before or after a route callback, enabling you to extend the behavior of your routes. + +They are an excellent way to implement features like API authentication, access control, or request validation. + +With Goma, you can create custom middleware tailored to your needs and apply them to your routes seamlessly. + +## Supported Middleware Types + +- **Authentication Middleware** + - **JWT**: Performs client authorization based on the result of a request using JSON Web Tokens. + - **Basic-Auth**: Verifies credentials through Basic Authentication. + - **OAuth**: Supports OAuth-based authentication flows. + +- **Rate Limiting Middleware** + - **In-Memory Client IP Based**: Throttles requests based on the client’s IP address using an in-memory store. + - **Distributed Rate Limiting**: Leverage Redis for scalable, client IP-based rate limits. + +- **Access Middleware** + - Validates user permissions or access rights for specific route paths. + +Middleware provides a flexible and powerful way to enhance the functionality, security, and performance of your API. diff --git a/docs/quickstart/distrubuted-intance.md b/docs/quickstart/distrubuted-intance.md index e798575..2c0657f 100644 --- a/docs/quickstart/distrubuted-intance.md +++ b/docs/quickstart/distrubuted-intance.md @@ -8,6 +8,10 @@ nav_order: 5 # Distributed instances +Goma Gateway includes built-in support for Redis-based rate limiting, enabling efficient and scalable deployments. + +By leveraging Redis, the Gateway ensures high-performance request throttling and distributed rate limiting across multiple instances, making it ideal for modern, cloud-native architectures. + ```yaml version: "1.0" gateway: diff --git a/docs/quickstart/extra-route.md b/docs/quickstart/extra-route.md index e6267d5..efef503 100644 --- a/docs/quickstart/extra-route.md +++ b/docs/quickstart/extra-route.md @@ -31,6 +31,8 @@ gateway: - path: / name: example ``` +## Routes Configuration +Below is an example of configuring routes for the Gateway, defining service paths, methods, backends, health checks, and other settings. Create a file in `/etc/goma/extra` using `yaml` or `.yaml` extension. @@ -86,6 +88,7 @@ Create a file in `/etc/goma/extra` using `yaml` or `.yaml` extension. disableHostFording: true interceptErrors: [404,401] blockCommonExploits: false + ## List of middleware middlewares: - auth-middleware diff --git a/docs/quickstart/gateway.md b/docs/quickstart/gateway.md index e8db1e7..97c2e28 100644 --- a/docs/quickstart/gateway.md +++ b/docs/quickstart/gateway.md @@ -7,49 +7,51 @@ nav_order: 1 # Gateway -```yaml -version: 1.0 -gateway: - sslCertFile: /etc/goma/cert.pem - sslKeyFile: /etc/goma/key.pem - writeTimeout: 15 - readTimeout: 15 - idleTimeout: 30 - # Rate limiting - rateLimit: 0 - accessLog: /dev/Stdout - errorLog: /dev/stderr - logLevel: info - ## Add additional routes - extraRoutes: - # path - directory: /etc/goma/extra - watch: true - disableRouteHealthCheckError: false - disableDisplayRouteOnStart: false - disableKeepAlive: false - disableHealthCheckStatus: false - blockCommonExploits: true - # Intercept backend errors - interceptErrors: - - 500 - cors: - origins: - - http://localhost:8080 - - https://example.com - headers: - Access-Control-Allow-Credentials: "true" - Access-Control-Allow-Headers: Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id - Access-Control-Max-Age: "1728000" - routes: [] -``` -## Extra Routes +The Gateway serves as the entry point to the server. This section provides options to configure the proxy server, define routes, and specify additional routes. -The Extra Routes feature allows you to define additional routes by using .yml or .yaml files stored in a specified directory. +These settings enable precise control over traffic flow and routing within your deployment. -This approach helps you avoid the complexity of managing all routes in a single file. +## Configuration Options -When dealing with many routes, maintaining them in one file can quickly become unwieldy. With this feature, you can organize your routes into separate files, making them easier to manage and maintain. +- **`sslCertFile`** (`string`): Path to the SSL certificate file. +- **`sslKeyFile`** (`string`): Path to the SSL certificate private key file. +- **`redis`**: Redis configuration settings. +- **`writeTimeout`** (`integer`): Timeout for writing responses (in seconds). +- **`readTimeout`** (`integer`): Timeout for reading requests (in seconds). +- **`idleTimeout`** (`integer`): Timeout for idle connections (in seconds). +- **`rateLimit`** (`integer`): Global rate limiting for the proxy. +- **`blockCommonExploits`** (`boolean`): Enable or disable blocking of common exploits. +- **`accessLog`** (`string`, default: `/dev/stdout`): Path for access logs. +- **`errorLog`** (`string`, default: `/dev/stderr`): Path for error logs. +- **`logLevel`** (`string`): Log verbosity level (e.g., `info`, `debug`, `error`). +- **`disableHealthCheckStatus`** (`boolean`): Enable or disable exposing the health check route status. +- **`disableRouteHealthCheckError`** (`boolean`): Enable or disable returning health check error responses for routes. +- **`disableDisplayRouteOnStart`** (`boolean`): Enable or disable displaying routes during server startup. +- **`disableKeepAlive`** (`boolean`): Enable or disable `keepAlive` for the proxy. +- **`enableMetrics`** (`boolean`): Enable or disable server metrics collection. +- **`interceptErrors`** (`array of integers`): List of HTTP status codes to intercept for custom handling. + +### CORS Configuration + +Customize Cross-Origin Resource Sharing (CORS) settings for the proxy: + +- **`origins`** (`array of strings`): List of allowed origins. +- **`headers`** (`map[string]string`): Custom headers to include in responses. + +### Additional Routes + +Define custom routes for additional flexibility: + +- **`directory`** (`string`): Directory path for serving extra routes. +- **`watch`** (`boolean`): Watch the directory for changes and update routes dynamically. + +### Routes + +Define the main routes for the Gateway, enabling routing logic for incoming requests. + +--- + +## Example Configuration ```yaml version: 1.0 @@ -72,11 +74,13 @@ gateway: # Intercept backend errors interceptErrors: - 500 + - 405 cors: origins: - http://localhost:8080 - https://example.com headers: + X-Custom-Header: "Value" Access-Control-Allow-Credentials: "true" Access-Control-Allow-Headers: Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id Access-Control-Max-Age: "1728000" diff --git a/docs/quickstart/healthcheck.md b/docs/quickstart/healthcheck.md index f92f469..3cb3cea 100644 --- a/docs/quickstart/healthcheck.md +++ b/docs/quickstart/healthcheck.md @@ -8,7 +8,9 @@ nav_order: 5 # Healthcheck -Goma comes with routes healthcheck, that can be enabled and disabled. +The proxy includes built-in health check routes, which can be easily enabled or disabled based on your requirements. + +These routes allow you to monitor the health and availability of your services. ```yaml version: 1.0 diff --git a/docs/quickstart/route.md b/docs/quickstart/route.md index a0836ea..832c020 100644 --- a/docs/quickstart/route.md +++ b/docs/quickstart/route.md @@ -10,6 +10,46 @@ nav_order: 2 The Route allows you to match on HTTP traffic and direct it to the backend. + +## Configuration Options + +This section outlines the available configuration options for defining routes in the Gateway. + +### Route Configuration + +- **`path`** (`string`): The route path (e.g., `/api/v1/resource`). +- **`name`** (`string`): A unique name for the route. +- **`hosts`** (`list of strings`): A list of allowed hostnames for the route. +- **`rewrite`** (`string`): Rewrites the incoming route path to a new path. +- **`methods`** (`array of strings`): A list of allowed HTTP methods (e.g., `GET`, `POST`). +- **`destination`** (`string`): The backend endpoint for the route. +- **`backends`** (`list of strings`): A list of backend services for load balancing. +- **`insecureSkipVerify`** (`boolean`): Disables backend TLS certificate verification. + +## Health Check Configuration + +- **`healthCheck`**: + - **`path`** (`string`): The health check path (e.g., `/health`). + - **`interval`** (`string`, default: `30s`): The interval between health checks. + - **`timeout`** (`string`, default: `10s`): The maximum time to wait for a health check response. + - **`healthyStatuses`** (`array of integers`): A list of HTTP status codes considered healthy. + +## CORS Configuration + +- **`cors`**: + - **`origins`** (`array of strings`): A list of allowed origins for Cross-Origin Resource Sharing (CORS). + - **`headers`** (`array of strings`): A list of custom headers to include in responses. + +## Additional Options + +- **`rateLimit`** (`integer`): The maximum number of requests allowed per minute. +- **`disableHostFording`** (`boolean`): Disables proxy host forwarding for improved security. +- **`interceptErrors`** (`array of integers`): A list of backend error status codes to intercept for custom handling. +- **`blockCommonExploits`** (`boolean`): Enables or disables blocking of common exploits. +- **`middlewares`** (`array of strings`): A list of middleware names applied to the route. + +--- + ### Simple route ```yaml diff --git a/examples/goma.yml b/examples/goma.yml index 06faaaf..e9e2821 100644 --- a/examples/goma.yml +++ b/examples/goma.yml @@ -16,7 +16,6 @@ gateway: logLevel: info # debug, trace, off accessLog: "/dev/Stdout" errorLog: "/dev/stderr" - ## Redis connexion for distributed rate limiting, when using multiple instances | It's optional #redis: #addr: redis:6379 # password: password