/** * NFTables Integration Example * * This example demonstrates how to use the NFTables forwarding engine with SmartProxy * for high-performance network routing that operates at the kernel level. * * NOTE: This requires elevated privileges to run (sudo) as it interacts with nftables. * Also shows the new v19+ global ACME configuration. */ import { SmartProxy } from '../ts/proxies/smart-proxy/index.js'; import { createNfTablesRoute, createNfTablesTerminateRoute, createCompleteNfTablesHttpsServer } from '../ts/proxies/smart-proxy/utils/route-helpers.js'; // Simple NFTables-based HTTP forwarding example async function simpleForwardingExample() { console.log('Starting simple NFTables forwarding example...'); // Create a SmartProxy instance with a simple NFTables route const proxy = new SmartProxy({ routes: [ createNfTablesRoute('example.com', { host: 'localhost', port: 8080 }, { ports: 80, protocol: 'tcp', preserveSourceIP: true, tableName: 'smartproxy_example' }) ], enableDetailedLogging: true }); // Start the proxy await proxy.start(); console.log('NFTables proxy started. Press Ctrl+C to stop.'); // Handle shutdown process.on('SIGINT', async () => { console.log('Stopping proxy...'); await proxy.stop(); process.exit(0); }); } // HTTPS termination example with NFTables async function httpsTerminationExample() { console.log('Starting HTTPS termination with NFTables example...'); // Create a SmartProxy instance with global ACME and NFTables HTTPS termination const proxy = new SmartProxy({ // Global ACME configuration (v19+) acme: { email: 'ssl@bleu.de', useProduction: false, port: 80 // NFTables needs root, so we can use port 80 }, routes: [ createNfTablesTerminateRoute('secure.example.com', { host: 'localhost', port: 8443 }, { ports: 443, certificate: 'auto', // Uses global ACME configuration tableName: 'smartproxy_https' }) ], enableDetailedLogging: true }); // Start the proxy await proxy.start(); console.log('HTTPS termination proxy started. Press Ctrl+C to stop.'); // Handle shutdown process.on('SIGINT', async () => { console.log('Stopping proxy...'); await proxy.stop(); process.exit(0); }); } // Complete HTTPS server with HTTP redirects using NFTables async function completeHttpsServerExample() { console.log('Starting complete HTTPS server with NFTables example...'); // Create a SmartProxy instance with a complete HTTPS server const proxy = new SmartProxy({ routes: createCompleteNfTablesHttpsServer('complete.example.com', { host: 'localhost', port: 8443 }, { certificate: 'auto', tableName: 'smartproxy_complete' }), enableDetailedLogging: true }); // Start the proxy await proxy.start(); console.log('Complete HTTPS server started. Press Ctrl+C to stop.'); // Handle shutdown process.on('SIGINT', async () => { console.log('Stopping proxy...'); await proxy.stop(); process.exit(0); }); } // Load balancing example with NFTables async function loadBalancingExample() { console.log('Starting load balancing with NFTables example...'); // Create a SmartProxy instance with a load balancing configuration const proxy = new SmartProxy({ routes: [ createNfTablesRoute('lb.example.com', { // NFTables will automatically distribute connections to these hosts host: 'backend1.example.com', port: 8080 }, { ports: 80, tableName: 'smartproxy_lb' }) ], enableDetailedLogging: true }); // Start the proxy await proxy.start(); console.log('Load balancing proxy started. Press Ctrl+C to stop.'); // Handle shutdown process.on('SIGINT', async () => { console.log('Stopping proxy...'); await proxy.stop(); process.exit(0); }); } // Advanced example with QoS and security settings async function advancedExample() { console.log('Starting advanced NFTables example with QoS and security...'); // Create a SmartProxy instance with advanced settings const proxy = new SmartProxy({ routes: [ createNfTablesRoute('advanced.example.com', { host: 'localhost', port: 8080 }, { ports: 80, protocol: 'tcp', preserveSourceIP: true, maxRate: '10mbps', // QoS rate limiting priority: 2, // QoS priority (1-10, lower is higher priority) ipAllowList: ['192.168.1.0/24'], // Only allow this subnet ipBlockList: ['192.168.1.100'], // Block this specific IP useIPSets: true, // Use IP sets for more efficient rule processing useAdvancedNAT: true, // Use connection tracking for stateful NAT tableName: 'smartproxy_advanced' }) ], enableDetailedLogging: true }); // Start the proxy await proxy.start(); console.log('Advanced NFTables proxy started. Press Ctrl+C to stop.'); // Handle shutdown process.on('SIGINT', async () => { console.log('Stopping proxy...'); await proxy.stop(); process.exit(0); }); } // Run one of the examples based on the command line argument async function main() { const example = process.argv[2] || 'simple'; switch (example) { case 'simple': await simpleForwardingExample(); break; case 'https': await httpsTerminationExample(); break; case 'complete': await completeHttpsServerExample(); break; case 'lb': await loadBalancingExample(); break; case 'advanced': await advancedExample(); break; default: console.error('Unknown example:', example); console.log('Available examples: simple, https, complete, lb, advanced'); process.exit(1); } } // Check if running as root/sudo if (process.getuid && process.getuid() !== 0) { console.error('This example requires root privileges to modify nftables rules.'); console.log('Please run with sudo: sudo tsx examples/nftables-integration.ts'); process.exit(1); } main().catch(err => { console.error('Error running example:', err); process.exit(1); });