serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7bb655974806755b9f2a64c33571b806f7a3473a
dcrouter/readme.md
T

12 KiB
Raw Blame History

@serve.zone/dcrouter

dcrouter is the serve.zone datacenter gateway runtime: a TypeScript control plane that brings HTTP/HTTPS/TCP routing, email ingress, authoritative DNS, RADIUS, VPN access control, remote ingress tunnels, certificate operations, metrics, and an Ops dashboard into one process.

Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly.

Why It Exists

Modern infrastructure often has too many tiny edge tools: a proxy here, a DNS daemon there, a separate cert worker, another dashboard, and a tunnel process bolted on later. dcrouter is designed as a cohesive gateway layer for operators who want one audited place to define public routes, domains, edge tunnels, access policy, and operational state.

Highlights:

  • 🌐 SmartProxy-backed HTTP, HTTPS, TCP, TLS/SNI, and optional HTTP/3 route handling
  • 📬 SmartMTA-backed SMTP ingress and email-domain operations
  • 🧭 SmartDNS-backed authoritative DNS plus generated DNS-over-HTTPS routes
  • 🔐 ACME, certificate state, API tokens, users, source profiles, target profiles, and security policies
  • 🛡️ RADIUS, VLAN assignment, VPN-protected routes, and remote ingress firewall snapshots
  • 🖥️ Browser Ops dashboard and TypedRequest API served by the built-in OpsServer

Runtime Areas

Area What dcrouter manages
Proxying SmartProxy routes for HTTP, HTTPS, TCP, SNI, TLS termination, passthrough, and backend forwarding
Route ownership Constructor routes, generated email/DNS routes, and API-created routes with explicit origins
DNS Authoritative scopes, generated NS records, static DNS records, provider-backed domains, and DoH endpoints
Email UnifiedEmailServer startup, email-domain management, route-backed delivery actions, received mail operations
Certificates ACME config, stored certificate metadata, provisioning backoff, and certificate status reporting
Edge access Remote ingress hub, edge registrations, derived edge ports, pushed firewall rules, VPN-only route access
Network auth RADIUS clients, MAC Authentication Bypass, VLAN mapping, and accounting sessions
Operations Dashboard views, TypedRequest handlers, metrics, logs, health, API tokens, users, and configuration views

Install

pnpm add @serve.zone/dcrouter

Quick Start

This starts the gateway on unprivileged ports and stores data under the default ~/.serve.zone/dcrouter base directory.

import { DcRouter } from '@serve.zone/dcrouter';

const router = new DcRouter({
  smartProxyConfig: {
    routes: [
      {
        name: 'local-app',
        match: {
          domains: ['localhost'],
          ports: [18080],
        },
        action: {
          type: 'forward',
          targets: [{ host: '127.0.0.1', port: 3001 }],
        },
      },
    ],
  },
  dbConfig: {
    enabled: true,
  },
  opsServerPort: 3000,
});

await router.start();

After startup:

  • open the dashboard at http://localhost:3000
  • log in with the current built-in development credentials admin / admin
  • send proxied traffic to http://localhost:18080
  • stop gracefully with await router.stop()

Configuration Model

DcRouter is configured with IDcRouterOptions from @serve.zone/dcrouter.

Option Purpose
baseDir Root directory for dcrouter runtime data. Defaults to ~/.serve.zone/dcrouter.
smartProxyConfig Main SmartProxy route configuration for HTTP/HTTPS/TCP/SNI traffic.
emailConfig UnifiedEmailServer configuration: hostname, ports, domains, and mail routes.
emailPortConfig External-to-internal email port mapping and received-email storage path.
tls Legacy/static TLS and ACME contact settings used to seed certificate config.
dnsNsDomains Nameserver hostnames used for generated NS records and DoH routes.
dnsScopes Authoritative domains served by the embedded DNS server.
dnsRecords Constructor-defined DNS records.
publicIp / proxyIps IPs used for generated A records and proxy-aware DNS exposure.
dbConfig Smartdata persistence via embedded LocalSmartDb or external MongoDB.
radiusConfig RADIUS authentication, accounting, and VLAN assignment.
remoteIngressConfig Remote ingress hub configuration for edge tunnel nodes.
vpnConfig VPN server/client definitions and VPN-only routing behavior.
http3 HTTP/3 augmentation settings for qualifying HTTPS routes.
opsServerPort Port for the Ops dashboard and /typedrequest API. Defaults to 3000.

Important runtime behavior:

  • dbConfig.enabled defaults to enabled. Without mongoDbUrl, dcrouter uses embedded LocalSmartDb.
  • If the DB is disabled, constructor-defined proxy traffic can still run, but persistent API routes, tokens, managed domains, and stored certificate state are unavailable.
  • Qualifying HTTPS forward routes on port 443 are HTTP/3-augmented unless http3.enabled === false or the route opts out.
  • DNS-over-HTTPS routes are generated on the first dnsNsDomains entry at /dns-query and /resolve.
  • Email listener ports can be remapped internally, for example public 25, 587, and 465 to unprivileged internal ports.

Route Ownership

dcrouter keeps generated and operator-created routes separate so automation can reconcile safely.

Origin Source Mutability
config Constructor smartProxyConfig.routes and seed data Toggle only
email Email listener and email-domain generated routes Toggle only
dns Generated DNS-over-HTTPS and DNS-related routes Toggle only
api Ops UI or API client Full CRUD

System routes are persisted with stable systemKey values. API-created routes are the editable route layer intended for operators and automation.

Production-Flavored Example

import { DcRouter } from '@serve.zone/dcrouter';

const router = new DcRouter({
  baseDir: '/var/lib/dcrouter',
  smartProxyConfig: {
    routes: [
      {
        name: 'web-app',
        match: { domains: ['app.example.com'], ports: [443] },
        action: {
          type: 'forward',
          targets: [{ host: '10.10.0.21', port: 8080 }],
          tls: { mode: 'terminate', certificate: 'auto' },
        },
      },
      {
        name: 'internal-admin',
        match: { domains: ['admin.example.com'], ports: [443] },
        action: {
          type: 'forward',
          targets: [{ host: '10.10.0.30', port: 9000 }],
          tls: { mode: 'terminate', certificate: 'auto' },
        },
        vpnOnly: true,
      },
    ],
  },
  emailConfig: {
    hostname: 'mail.example.com',
    ports: [25, 587, 465],
    domains: [{ domain: 'example.com', dnsMode: 'internal-dns' }],
    routes: [
      {
        name: 'inbound-example',
        match: { recipients: '*@example.com' },
        action: {
          type: 'forward',
          forward: { host: 'mail-backend.example.com', port: 25 },
        },
      },
    ],
  },
  dnsNsDomains: ['ns1.example.com', 'ns2.example.com'],
  dnsScopes: ['example.com'],
  publicIp: '203.0.113.10',
  remoteIngressConfig: {
    enabled: true,
    tunnelPort: 8443,
    hubDomain: 'ingress.example.com',
  },
  vpnConfig: {
    enabled: true,
    serverEndpoint: 'vpn.example.com',
    clients: [{ clientId: 'ops-laptop', description: 'Operations laptop' }],
  },
  opsServerPort: 3000,
});

await router.start();

Automation API

The OpsServer exposes TypedRequest handlers at /typedrequest. You can use raw contracts or the object-oriented API client.

pnpm add @serve.zone/dcrouter-apiclient

import { DcRouterApiClient } from '@serve.zone/dcrouter-apiclient';

const client = new DcRouterApiClient({
  baseUrl: 'https://dcrouter.example.com',
});

await client.login('admin', 'admin');

const route = await client.routes.build()
  .setName('api-gateway')
  .setMatch({ ports: 443, domains: ['api.example.com'] })
  .setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8081 }] })
  .save();

await route.toggle(true);

Use @serve.zone/dcrouter/interfaces or @serve.zone/dcrouter-interfaces when you want the raw TypedRequest contracts instead of resource managers.

OCI / Container Bootstrap

runCli() supports an environment-driven container mode when DCROUTER_MODE=OCI_CONTAINER.

import { runCli } from '@serve.zone/dcrouter';

await runCli();

Supported environment overrides include:

Variable Purpose
DCROUTER_CONFIG_PATH JSON file loaded as the base IDcRouterOptions object.
DCROUTER_BASE_DIR Runtime data root.
DCROUTER_TLS_EMAIL / DCROUTER_TLS_DOMAIN TLS/ACME seed settings.
DCROUTER_PUBLIC_IP / DCROUTER_PROXY_IPS Public/proxy IP exposure settings.
DCROUTER_DNS_NS_DOMAINS / DCROUTER_DNS_SCOPES DNS nameserver and authoritative scope settings.
DCROUTER_EMAIL_HOSTNAME / DCROUTER_EMAIL_PORTS Email server seed settings.
DCROUTER_CACHE_ENABLED Enables or disables DB-backed persistence.
DCROUTER_MAX_CONNECTIONS, DCROUTER_MAX_CONNECTIONS_PER_IP, DCROUTER_CONNECTION_RATE_LIMIT SmartProxy capacity and rate-limit overrides.

Published Modules

This repository intentionally publishes multiple module boundaries from one codebase.

Module Purpose Docs
@serve.zone/dcrouter Main runtime and orchestrator ./readme.md
@serve.zone/dcrouter/interfaces Shared contracts as a subpath export ./ts_interfaces/readme.md
@serve.zone/dcrouter/apiclient API client as a subpath export ./ts_apiclient/readme.md
@serve.zone/dcrouter-interfaces Standalone contracts package ./ts_interfaces/readme.md
@serve.zone/dcrouter-apiclient Standalone OO API client package ./ts_apiclient/readme.md
@serve.zone/dcrouter-migrations Standalone migration runner package ./ts_migrations/readme.md
@serve.zone/dcrouter-web Dashboard frontend module boundary ./ts_web/readme.md

Development

pnpm run build
pnpm test
pnpm run watch

Useful source entry points:

  • ts/index.ts exports DcRouter, runCli(), and public module surfaces.
  • ts/classes.dcrouter.ts owns service startup, dependency ordering, and IDcRouterOptions.
  • ts/opsserver/classes.opsserver.ts wires the dashboard server and TypedRequest handlers.
  • ts/remoteingress/ integrates @serve.zone/remoteingress with stored edge registrations.
  • ts_migrations/index.ts contains all DB schema migration steps.

License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the license file.

Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

Company Information

Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

Reference in New Issue View Git Blame Copy Permalink