serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7bb655974806755b9f2a64c33571b806f7a3473a
dcrouter/readme.md
T

288 lines
12 KiB
Markdown
Raw Blame History

# @serve.zone/dcrouter
`dcrouter` is the serve.zone datacenter gateway runtime: a TypeScript control plane that brings HTTP/HTTPS/TCP routing, email ingress, authoritative DNS, RADIUS, VPN access control, remote ingress tunnels, certificate operations, metrics, and an Ops dashboard into one process.
## Issue Reporting and Security
For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
## Why It Exists
Modern infrastructure often has too many tiny edge tools: a proxy here, a DNS daemon there, a separate cert worker, another dashboard, and a tunnel process bolted on later. `dcrouter` is designed as a cohesive gateway layer for operators who want one audited place to define public routes, domains, edge tunnels, access policy, and operational state.
Highlights:
- 🌐 SmartProxy-backed HTTP, HTTPS, TCP, TLS/SNI, and optional HTTP/3 route handling
- 📬 SmartMTA-backed SMTP ingress and email-domain operations
- 🧭 SmartDNS-backed authoritative DNS plus generated DNS-over-HTTPS routes
- 🔐 ACME, certificate state, API tokens, users, source profiles, target profiles, and security policies
- 🛡️ RADIUS, VLAN assignment, VPN-protected routes, and remote ingress firewall snapshots
- 🖥️ Browser Ops dashboard and TypedRequest API served by the built-in OpsServer
## Runtime Areas
| Area | What dcrouter manages |
| --- | --- |
| Proxying | SmartProxy routes for HTTP, HTTPS, TCP, SNI, TLS termination, passthrough, and backend forwarding |
| Route ownership | Constructor routes, generated email/DNS routes, and API-created routes with explicit origins |
| DNS | Authoritative scopes, generated NS records, static DNS records, provider-backed domains, and DoH endpoints |
| Email | UnifiedEmailServer startup, email-domain management, route-backed delivery actions, received mail operations |
| Certificates | ACME config, stored certificate metadata, provisioning backoff, and certificate status reporting |
| Edge access | Remote ingress hub, edge registrations, derived edge ports, pushed firewall rules, VPN-only route access |
| Network auth | RADIUS clients, MAC Authentication Bypass, VLAN mapping, and accounting sessions |
| Operations | Dashboard views, TypedRequest handlers, metrics, logs, health, API tokens, users, and configuration views |
## Install
```bash
pnpm add @serve.zone/dcrouter
```
## Quick Start
This starts the gateway on unprivileged ports and stores data under the default `~/.serve.zone/dcrouter` base directory.
```typescript
import { DcRouter } from '@serve.zone/dcrouter';
const router = new DcRouter({
smartProxyConfig: {
routes: [
{
name: 'local-app',
match: {
domains: ['localhost'],
ports: [18080],
},
action: {
type: 'forward',
targets: [{ host: '127.0.0.1', port: 3001 }],
},
},
],
},
dbConfig: {
enabled: true,
},
opsServerPort: 3000,
});
await router.start();
```
After startup:
- open the dashboard at `http://localhost:3000`
- log in with the current built-in development credentials `admin` / `admin`
- send proxied traffic to `http://localhost:18080`
- stop gracefully with `await router.stop()`
## Configuration Model
`DcRouter` is configured with `IDcRouterOptions` from `@serve.zone/dcrouter`.
| Option | Purpose |
| --- | --- |
| `baseDir` | Root directory for dcrouter runtime data. Defaults to `~/.serve.zone/dcrouter`. |
| `smartProxyConfig` | Main SmartProxy route configuration for HTTP/HTTPS/TCP/SNI traffic. |
| `emailConfig` | UnifiedEmailServer configuration: hostname, ports, domains, and mail routes. |
| `emailPortConfig` | External-to-internal email port mapping and received-email storage path. |
| `tls` | Legacy/static TLS and ACME contact settings used to seed certificate config. |
| `dnsNsDomains` | Nameserver hostnames used for generated NS records and DoH routes. |
| `dnsScopes` | Authoritative domains served by the embedded DNS server. |
| `dnsRecords` | Constructor-defined DNS records. |
| `publicIp` / `proxyIps` | IPs used for generated A records and proxy-aware DNS exposure. |
| `dbConfig` | Smartdata persistence via embedded LocalSmartDb or external MongoDB. |
| `radiusConfig` | RADIUS authentication, accounting, and VLAN assignment. |
| `remoteIngressConfig` | Remote ingress hub configuration for edge tunnel nodes. |
| `vpnConfig` | VPN server/client definitions and VPN-only routing behavior. |
| `http3` | HTTP/3 augmentation settings for qualifying HTTPS routes. |
| `opsServerPort` | Port for the Ops dashboard and `/typedrequest` API. Defaults to `3000`. |
Important runtime behavior:
- `dbConfig.enabled` defaults to enabled. Without `mongoDbUrl`, dcrouter uses embedded LocalSmartDb.
- If the DB is disabled, constructor-defined proxy traffic can still run, but persistent API routes, tokens, managed domains, and stored certificate state are unavailable.
- Qualifying HTTPS forward routes on port `443` are HTTP/3-augmented unless `http3.enabled === false` or the route opts out.
- DNS-over-HTTPS routes are generated on the first `dnsNsDomains` entry at `/dns-query` and `/resolve`.
- Email listener ports can be remapped internally, for example public `25`, `587`, and `465` to unprivileged internal ports.
## Route Ownership
dcrouter keeps generated and operator-created routes separate so automation can reconcile safely.
| Origin | Source | Mutability |
| --- | --- | --- |
| `config` | Constructor `smartProxyConfig.routes` and seed data | Toggle only |
| `email` | Email listener and email-domain generated routes | Toggle only |
| `dns` | Generated DNS-over-HTTPS and DNS-related routes | Toggle only |
| `api` | Ops UI or API client | Full CRUD |
System routes are persisted with stable `systemKey` values. API-created routes are the editable route layer intended for operators and automation.
## Production-Flavored Example
```typescript
import { DcRouter } from '@serve.zone/dcrouter';
const router = new DcRouter({
baseDir: '/var/lib/dcrouter',
smartProxyConfig: {
routes: [
{
name: 'web-app',
match: { domains: ['app.example.com'], ports: [443] },
action: {
type: 'forward',
targets: [{ host: '10.10.0.21', port: 8080 }],
tls: { mode: 'terminate', certificate: 'auto' },
},
},
{
name: 'internal-admin',
match: { domains: ['admin.example.com'], ports: [443] },
action: {
type: 'forward',
targets: [{ host: '10.10.0.30', port: 9000 }],
tls: { mode: 'terminate', certificate: 'auto' },
},
vpnOnly: true,
},
],
},
emailConfig: {
hostname: 'mail.example.com',
ports: [25, 587, 465],
domains: [{ domain: 'example.com', dnsMode: 'internal-dns' }],
routes: [
{
name: 'inbound-example',
match: { recipients: '*@example.com' },
action: {
type: 'forward',
forward: { host: 'mail-backend.example.com', port: 25 },
},
},
],
},
dnsNsDomains: ['ns1.example.com', 'ns2.example.com'],
dnsScopes: ['example.com'],
publicIp: '203.0.113.10',
remoteIngressConfig: {
enabled: true,
tunnelPort: 8443,
hubDomain: 'ingress.example.com',
},
vpnConfig: {
enabled: true,
serverEndpoint: 'vpn.example.com',
clients: [{ clientId: 'ops-laptop', description: 'Operations laptop' }],
},
opsServerPort: 3000,
});
await router.start();
```
## Automation API
The OpsServer exposes TypedRequest handlers at `/typedrequest`. You can use raw contracts or the object-oriented API client.
```bash
pnpm add @serve.zone/dcrouter-apiclient
```
```typescript
import { DcRouterApiClient } from '@serve.zone/dcrouter-apiclient';
const client = new DcRouterApiClient({
baseUrl: 'https://dcrouter.example.com',
});
await client.login('admin', 'admin');
const route = await client.routes.build()
.setName('api-gateway')
.setMatch({ ports: 443, domains: ['api.example.com'] })
.setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8081 }] })
.save();
await route.toggle(true);
```
Use `@serve.zone/dcrouter/interfaces` or `@serve.zone/dcrouter-interfaces` when you want the raw TypedRequest contracts instead of resource managers.
## OCI / Container Bootstrap
`runCli()` supports an environment-driven container mode when `DCROUTER_MODE=OCI_CONTAINER`.
```typescript
import { runCli } from '@serve.zone/dcrouter';
await runCli();
```
Supported environment overrides include:
| Variable | Purpose |
| --- | --- |
| `DCROUTER_CONFIG_PATH` | JSON file loaded as the base `IDcRouterOptions` object. |
| `DCROUTER_BASE_DIR` | Runtime data root. |
| `DCROUTER_TLS_EMAIL` / `DCROUTER_TLS_DOMAIN` | TLS/ACME seed settings. |
| `DCROUTER_PUBLIC_IP` / `DCROUTER_PROXY_IPS` | Public/proxy IP exposure settings. |
| `DCROUTER_DNS_NS_DOMAINS` / `DCROUTER_DNS_SCOPES` | DNS nameserver and authoritative scope settings. |
| `DCROUTER_EMAIL_HOSTNAME` / `DCROUTER_EMAIL_PORTS` | Email server seed settings. |
| `DCROUTER_CACHE_ENABLED` | Enables or disables DB-backed persistence. |
| `DCROUTER_MAX_CONNECTIONS`, `DCROUTER_MAX_CONNECTIONS_PER_IP`, `DCROUTER_CONNECTION_RATE_LIMIT` | SmartProxy capacity and rate-limit overrides. |
## Published Modules
This repository intentionally publishes multiple module boundaries from one codebase.
| Module | Purpose | Docs |
| --- | --- | --- |
| `@serve.zone/dcrouter` | Main runtime and orchestrator | `./readme.md` |
| `@serve.zone/dcrouter/interfaces` | Shared contracts as a subpath export | `./ts_interfaces/readme.md` |
| `@serve.zone/dcrouter/apiclient` | API client as a subpath export | `./ts_apiclient/readme.md` |
| `@serve.zone/dcrouter-interfaces` | Standalone contracts package | `./ts_interfaces/readme.md` |
| `@serve.zone/dcrouter-apiclient` | Standalone OO API client package | `./ts_apiclient/readme.md` |
| `@serve.zone/dcrouter-migrations` | Standalone migration runner package | `./ts_migrations/readme.md` |
| `@serve.zone/dcrouter-web` | Dashboard frontend module boundary | `./ts_web/readme.md` |
## Development
```bash
pnpm run build
pnpm test
pnpm run watch
```
Useful source entry points:
- `ts/index.ts` exports `DcRouter`, `runCli()`, and public module surfaces.
- `ts/classes.dcrouter.ts` owns service startup, dependency ordering, and `IDcRouterOptions`.
- `ts/opsserver/classes.opsserver.ts` wires the dashboard server and TypedRequest handlers.
- `ts/remoteingress/` integrates `@serve.zone/remoteingress` with stored edge registrations.
- `ts_migrations/index.ts` contains all DB schema migration steps.
## License and Legal Information
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
### Trademarks
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
### Company Information
Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany
For any legal inquiries or further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
Reference in New Issue View Git Blame Copy Permalink