Simple, universal and easy to use reverse proxy for Containers.
rootless, no labels, SSL/TLS support, and more.
Inject the proxy in your docker-compose.yaml or even compose.yaml, do not change labels. Done !
Pathwae is built to do things fast.
services:
foocontainer:
# Your container here listening, for example,
# on port 5000.
# No label, no port to bind...
proxy:
# Pathwae!
image: quay.io/pathwae/proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
CONFIG: |
foo.bar.localhost:
# foocontainer port 5000
to: http://foocontainer:5000
force_ssl: true docker-compose up or podman-compose up http://foo.bar.localhostforce_ssl will automatically redirect the browser to https. Everything is declared on the proxy container environment. This is the "standard" for containers.
You also don't need to use depends_on because the proxy doesn't need to wait for backends containers.
The port 8080 provides a simple monitor view of the backend.
You're using Podman? - Good news, that works! Pathwae does not use Docker API, you don't need to mount the socket file, everthing is controlled by the environment.
You only need to allow your standard user to open 80/443 ports with this command:
That's simple:
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=0Make it permanent if you want:
sudo mkdir -p /etc/sysctl.d
echo "net.ipv4.ip_unprivileged_port_start=0" | \
sudo tee /etc/sysctl.d/99-unprivileged_port.confOK, no problem, you can create the confiuration file:
foo.bar.localhost:
to: http://foocontainer:5000
force_ssl: true
Then mount the file in Pathwae container, and indicate the configuration file path with CONFIG_FILE environment variable.
services:
proxy:
image: quay.io/pathwae/proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- CONFIG_FILE: /config/config.yaml
volumes:
- ./config.yaml:/config/config.yaml:ro,zOne solution (Docker only for the moment):
hostname on the pathwae container Docker-Domains is a nice daemon that allows you to use whatever the domain you want, even .com domains!
It will also remove the need to bind ports 80, 443 and 8080 to localhost.
Monitor your endpoints with UI. Also, you can pause a route, get certificate information or even change the endpoints addresses.
Everything is real-time.
Simply bind the 8080 port to localhost, and visit http://localhost:8080
Pathwae is not the first one. Actually there is plenty of very powerful reverse proxy. So, why to use this one?
To help you to choose our proxy, the first question to answer is:
Do you want a proxy for production or for development?
If you speak about development, so Pathwae is already a good choice. Because it's lightweight and easy to use. You will not spend time to fix the reverse proxy, you will only focus on your containers, your project, and your container stack.
Later, you'll use a real production reverse proxy like Traefik, Nginx, or HAProxy
But, because it's a fashion, let's make a table to compare some solutions.
| Pathwae | Traefik | Nginx | |
|---|---|---|---|
| TLS/SSL | |||
| Self-signed | See this section | need to declare the certificates in a configuraiton file | need to create the server configuration |
| Automatic SSL/TLS | depends on the nginx container image, some have generic SSL certificates | ||
| Route declaration | no labels, no configuration file | labels and/or configuration file | configuraiton file |
| Monitoring | Web UI | Web UI | no Web UI |
| For development very subjective, yes | |||
| For production | Actually that's OK but not the best choice | ||
| Response modification like rewrite rules, specific redirections, ... | Nothing excepting redirect to https address | some rules can be applied. | |
| Podman (rootless) compatibility | Will never work with rootless container engines |
If you don't provide certificates, Pathwae generates temporary TLS certificates.
Of course, these certificates are not "trusted", but they are "valid".
You can generate trusted certificates (with mkcert for example) and then mount the directory into /certs directory of Pathwae container.
Pathwae will automatically find the certificates and the corresponding hosts to use with.
And that works with wildcard certificates, of course.
Pathwae is opensource - developped with Go for the proxy part, and VueJS (in Typescript) for the Web UI
License is MIT
Please, star and follow the project on Github!
Resources: