A high-performance HTTP/HTTPS forward proxy server written in Rust with advanced TLS interception, certificate management, and comprehensive logging capabilities.
- TLS Termination & Re-encryption - Full decrypt/inspect/re-encrypt capability
- Certificate Generation - Automatic domain certificate creation with CA signing
- Certificate Caching - Memory & Redis backends for 25-30x performance improvement
- Multiple Certificate Modes - Support for rootCA and Securly CA certificates
- HTTP Request Interception - Complete request/response logging and modification
- HTTPS CONNECT Tunneling - Standards-compliant tunnel for encrypted traffic
- Dual Server Mode - Simultaneous HTTP (8080) and HTTPS (8443) operation
- Production Logging - Clean INFO level for production, detailed DEBUG for development
- Async Architecture - Built on Tokio/Hyper for maximum throughput
- Connection Pooling - Efficient upstream connection management
- Smart Body Handling - Optimized request/response body processing
- Certificate Caching - Sub-millisecond certificate retrieval
- Comprehensive CLI Tools - Certificate generation, validation, and server management
- Flexible Configuration - Environment variables + configuration files
- Docker Support - Production-ready containerization with Redis
- Extensive Documentation - Complete guides for setup, deployment, and usage
# Start basic HTTP proxy
make dev
# Test HTTP request
curl -x http://127.0.0.1:8080 http://httpbin.org/get
# Test HTTPS tunneling
curl -x http://127.0.0.1:8080 https://httpbin.org/get# Setup root CA certificate for browser
make setup-ca
# Start HTTPS interception proxy
make dev
# Configure browser proxy: 127.0.0.1:8080
# Install rootCA.crt in browser (see BROWSER_SETUP.md)
# Browse to https://httpbin.org/get
# Check proxy logs - you'll see complete HTTPS content!# Production with Docker + Redis caching
make prod-docker
# Local production mode
make prodrust-forward-proxy/
โโโ ๐ฆ src/ # Core implementation
โ โโโ ๐ proxy/ # HTTP/HTTPS proxy logic
โ โ โโโ server.rs # Main server implementation
โ โ โโโ http_client.rs # Optimized upstream client
โ โ โโโ streaming.rs # Smart body handling
โ โโโ ๐ tls/ # TLS & certificate management
โ โ โโโ server.rs # HTTPS termination server
โ โ โโโ cert_gen.rs # Certificate generation
โ โ โโโ cache.rs # Certificate caching (Memory/Redis)
โ โ โโโ config.rs # TLS configuration
โ โโโ โ๏ธ config/ # Configuration management
โ โโโ ๐ logging/ # Production-grade logging
โ โโโ ๐ ๏ธ utils/ # HTTP/URL/Time utilities
โ โโโ ๐ฎ cli/ # Command-line interface
โ โโโ ๐ models/ # Data structures
โโโ ๐ docs/ # Comprehensive documentation
โโโ ๐ณ docker-compose.yml # Docker deployment
โโโ ๐ Makefile # Development commands
โโโ ๐งช scripts/ # Testing & setup scripts
Client โ [HTTP Proxy:8080] โ [Full Interception] โ [Log Everything] โ Upstream
โ โ
โ [Response Logging] โ
โ โ
โโโโโโโโโโโโโโโโโโโโ Clean Response โโโโโโโโโโโโโโโโโโโโโโโโโโโ
Client โ [HTTPS Proxy:8443] โ [TLS Terminate] โ [Decrypt] โ [Log Content] โ [Re-encrypt] โ Upstream
โ โ
โ [Certificate Cache] โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโ Encrypted Response โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Request for domain.com
โ
[Cache Check] โ Hit: Return cached cert (0ms)
โ
Miss: Generate new cert (5-10ms)
โ
[Sign with CA] โ Cache for 24h โ Return cert
# Default mode (uses rootCA)
make dev
# Securly CA mode
CERT=securly make dev
# or
make dev-securly# Proxy Configuration
PROXY_LISTEN_ADDR=127.0.0.1:8080
HTTPS_LISTEN_ADDR=127.0.0.1:8443
# TLS Configuration
TLS_ENABLED=true
TLS_INTERCEPTION_ENABLED=true
TLS_CA_CERT_PATH=ca-certs/rootCA.crt
TLS_CA_KEY_PATH=ca-certs/rootCA.key
# Logging
RUST_LOG=info # Clean production logs
RUST_LOG=debug # Verbose development logs
# Redis (for certificate caching)
REDIS_URL=redis://redis:6379- Quick Setup Guide - Get running in 5 minutes
- Browser Configuration - Setup HTTPS interception
- Certificate Management - Complete certificate guide
- Architecture Overview - System design and flow diagrams
- TLS Implementation - HTTPS termination and certificate handling
- Performance Optimization - Caching, pooling, and benchmarks
- Deployment Guide - Docker, Kubernetes, cloud deployment
- Configuration Reference - Complete config documentation
- CLI Reference - CLI commands and configuration options
# Test basic functionality
make test
# Test HTTPS interception
make test-intercept
# Test Docker deployment
make test-docker
# Run all tests
make test-all- API Development - See exactly what your applications send/receive
- Security Testing - Analyze encrypted traffic for vulnerabilities
- Network Debugging - Troubleshoot mysterious network issues
- Traffic Analysis - Monitor and log all HTTP/HTTPS traffic
- Content Filtering - Inspect and potentially modify requests/responses
- Compliance Auditing - Log all network communications
- Load Testing - Proxy traffic for performance analysis
- Caching Analysis - Understand application caching behavior
- Bandwidth Monitoring - Track data usage and patterns
- HTTP Throughput: 1000+ requests/second
- HTTPS Latency: +2-5ms overhead for interception
- Certificate Generation: 5-10ms first request, <1ms cached
- Memory Usage: ~10-50MB depending on load
- Concurrent Connections: 1000+ simultaneous HTTPS sessions
Without Caching: 25-30ms per HTTPS request
With Caching: <1ms per HTTPS request
Performance Gain: 25-30x improvement
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Rust and Tokio
- Uses Hyper for HTTP implementation
- TLS powered by rustls
- Certificate generation via rcgen
# Clone and run
git clone <your-repo-url>
cd rust-forward-proxy
make dev
# Start intercepting HTTP traffic in seconds!
curl -x http://127.0.0.1:8080 http://httpbin.org/get๐ฅ For HTTPS interception, see our Browser Setup Guide to configure certificate trust!