serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
896 Commits 1 Branch 381 Tags
c5ca95b6f57a17bfe8b86bff46cffa1a75f2501b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Juergen Kunz c5ca95b6f5 fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
.gitea/workflows
feat(docker): add OCI container startup configuration and migrate Docker release pipeline to tsdocker
2026-03-18 16:22:02 +00:00
.vscode
fix(build): rename smart tooling config to .smartconfig.json and update package references
2026-03-26 07:10:59 +00:00
html
feat(ops-dashboard): implement OpsServer and dashboard component with initial rendering
2025-06-01 19:46:10 +00:00
test
feat(routes): add remote ingress controls and preserve-port targeting for route configuration
2026-04-17 06:17:49 +00:00
test_watch
BREAKING CHANGE(vpn): replace tag-based VPN access control with source and target profiles
2026-04-05 00:37:37 +00:00
ts
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
ts_apiclient
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
ts_interfaces
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
ts_migrations
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
ts_oci_container
BREAKING CHANGE(db): replace StorageManager and CacheDb with a unified smartdata-backed database layer
2026-03-31 15:31:16 +00:00
ts_web
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
.dockerignore
feat(config): add reusable security profiles and network targets with route reference resolution
2026-04-02 15:44:36 +00:00
.gitignore
fix(playwright-mcp): remove committed Playwright artifacts and add .playwright-mcp/ to .gitignore
2026-03-05 11:35:09 +00:00
.smartconfig.json
fix(build): rename smart tooling config to .smartconfig.json and update package references
2026-03-26 07:10:59 +00:00
AGENTS.md
fix(migrations): use exact smartdata collection names in route unification migration
2026-04-13 18:08:36 +00:00
changelog.md
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
cli.child.js
update
2025-05-19 17:34:48 +00:00
cli.child.ts
fix(core): update
2024-02-15 20:30:38 +01:00
cli.js
fix(core): update
2024-02-15 20:30:38 +01:00
cli.ts.js
fix(core): update
2024-02-15 20:30:38 +01:00
Dockerfile
feat(docker,cache,proxy): improve container runtime defaults and add configurable connection limits
2026-03-26 16:21:45 +00:00
license
fix(typescript): tighten TypeScript null safety and error handling across backend and ops UI
2026-03-26 07:40:56 +00:00
package.json
v13.20.0
2026-04-17 06:17:49 +00:00
pnpm-lock.yaml
feat(email): add persistent smartmta storage and runtime-managed email domain syncing
2026-04-14 13:11:48 +00:00
readme.hints.md
fix(build): rename smart tooling config to .smartconfig.json and update package references
2026-03-26 07:10:59 +00:00
readme.md
fix(docs): refresh package readmes with clearer runtime, API client, interfaces, migrations, and dashboard guidance
2026-04-17 13:43:13 +00:00
readme.storage.md
BREAKING CHANGE(db): replace StorageManager and CacheDb with a unified smartdata-backed database layer
2026-03-31 15:31:16 +00:00
tsconfig.json
feat(cache): add persistent smartdata-backed cache with LocalTsmDb, cache cleaner, and DcRouter integration
2026-02-10 11:22:15 +00:00

readme.md

@serve.zone/dcrouter

dcrouter banner

dcrouter is a TypeScript control plane for running a serious multi-protocol edge or datacenter gateway from one process. It wires together SmartProxy for HTTP/HTTPS/TCP routing, smartmta for email, smartdns for authoritative DNS and DNS-over-HTTPS, smartradius, smartvpn, remote ingress tunnels, a TypedRequest API, and the Ops dashboard.

Use it when you want one place to define routes, manage domains and certificates, protect internal services, automate changes over an API, and operate the whole stack from a browser.

Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly.

Why It Works

  • 🌐 One runtime for HTTP/HTTPS/TCP, SMTP, authoritative DNS + DoH, RADIUS, VPN, and remote ingress.
  • 🧠 Constructor config becomes system-managed routes, while API-created routes stay editable and clearly separated.
  • 🔐 Certificates, DNS providers, domains, records, API tokens, access profiles, and protected routes live in one management plane.
  • 🖥️ The OpsServer UI and TypedRequest API are first-class parts of the package, not an afterthought.
  • Qualifying HTTPS forward routes on port 443 get HTTP/3 augmentation by default unless you opt out.

What You Get

Area What dcrouter does
HTTP / HTTPS / TCP SmartProxy-based reverse proxying, TLS termination or passthrough, path/domain/port matching, TCP/SNI forwarding
Email SMTP ingress and delivery via UnifiedEmailServer, route-based mail actions, email-domain management, queue and resend operations
DNS Authoritative zones, nameserver bootstrap records, DNS-over-HTTPS routes on /dns-query and /resolve, provider-backed domain management
Access and Edge VPN-gated routes, RADIUS auth/accounting, remote ingress edge registrations and tunnel hub support
Operations Browser dashboard, TypedRequest API, route management, tokens, certificates, logs, metrics, and health views

Installation

pnpm add @serve.zone/dcrouter

Quick Start

This example stays on unprivileged ports so you can run it locally without root.

import { DcRouter } from '@serve.zone/dcrouter';

const router = new DcRouter({
  smartProxyConfig: {
    routes: [
      {
        name: 'local-app',
        match: {
          domains: ['localhost'],
          ports: [18080],
        },
        action: {
          type: 'forward',
          targets: [{ host: '127.0.0.1', port: 3001 }],
        },
      },
    ],
  },
  dbConfig: {
    enabled: true,
  },
  opsServerPort: 3000,
});

await router.start();

After startup:

  • open the dashboard at http://localhost:3000
  • log in with the current built-in credentials admin / admin
  • send proxied traffic to http://localhost:18080
  • stop gracefully with await router.stop()

Route Ownership Model

dcrouter keeps route ownership explicit so automation does not accidentally stomp on system-generated traffic.

Route origin Where it comes from What you can do
config Constructor smartProxyConfig.routes and related seed config View and toggle
email Email listener and mail-routing derived routes View and toggle
dns Generated DoH and DNS-related routes View and toggle
api Created through the Ops UI or API client Full CRUD

Important details:

  • system routes are persisted with stable systemKey values
  • DNS-over-HTTPS routes are persisted and then hydrated with live socket handlers at runtime
  • editing and deletion are reserved for api routes; system routes are toggle-only by design

Configuration Cheat Sheet

The main entrypoint is IDcRouterOptions.

Option Purpose
smartProxyConfig Main HTTP/HTTPS and TCP/SNI routing config
emailConfig Email hostname, ports, domains, and mail routing rules
emailPortConfig External-to-internal email port remapping and received-email storage path
tls ACME contact and static certificate paths
dnsNsDomains Nameserver hostnames used for NS bootstrap and DoH route generation
dnsScopes Domains served authoritatively by the embedded DNS server
dnsRecords Static constructor-defined DNS records
publicIp / proxyIps How A records are exposed for nameserver and service records
dbConfig Embedded LocalSmartDb or external MongoDB-backed persistence
radiusConfig RADIUS auth, VLAN assignment, and accounting
remoteIngressConfig Remote ingress hub and edge tunnel setup
vpnConfig VPN server and client definitions for protected route access
http3 Global HTTP/3 behavior for qualifying HTTPS routes
opsServerPort Ops dashboard and TypedRequest API port

Important Behavior

  • dbConfig.enabled defaults to true. If you do not provide mongoDbUrl, dcrouter starts an embedded local database automatically.
  • If you disable the DB, constructor-driven traffic can still run, but DB-backed features such as persistent routes, tokens, ACME config, and managed domains do not start.
  • Qualifying HTTPS forward routes on port 443 get HTTP/3 by default unless http3.enabled === false or the route opts out.
  • DNS-over-HTTPS endpoints are generated on the first entry of dnsNsDomains at /dns-query and /resolve.
  • Email listener ports are internally remapped by default, so common external ports such as 25, 587, and 465 end up on internal ports like 10025, 10587, and 10465.
  • Provider-backed domains can be managed in the Ops plane without being served by the embedded authoritative DNS server.

Bigger Example

import { DcRouter } from '@serve.zone/dcrouter';

const router = new DcRouter({
  smartProxyConfig: {
    routes: [
      {
        name: 'web-app',
        match: {
          domains: ['app.example.com'],
          ports: [443],
        },
        action: {
          type: 'forward',
          targets: [{ host: '127.0.0.1', port: 8080 }],
          tls: { mode: 'terminate', certificate: 'auto' },
        },
      },
      {
        name: 'internal-admin',
        match: {
          domains: ['internal.example.com'],
          ports: [443],
        },
        action: {
          type: 'forward',
          targets: [{ host: '127.0.0.1', port: 9090 }],
          tls: { mode: 'terminate', certificate: 'auto' },
        },
        vpnOnly: true,
      },
    ],
  },
  emailConfig: {
    hostname: 'mail.example.com',
    ports: [25, 587, 465],
    domains: [
      {
        domain: 'example.com',
        dnsMode: 'internal-dns',
      },
    ],
    routes: [
      {
        name: 'inbound-mail',
        match: { recipients: '*@example.com' },
        action: {
          type: 'forward',
          forward: { host: 'mail-backend.example.com', port: 25 },
        },
      },
    ],
  },
  dnsNsDomains: ['ns1.example.com', 'ns2.example.com'],
  dnsScopes: ['example.com'],
  publicIp: '203.0.113.10',
  vpnConfig: {
    enabled: true,
    serverEndpoint: 'vpn.example.com',
    clients: [
      {
        clientId: 'ops-laptop',
        description: 'Operations laptop',
      },
    ],
  },
  dbConfig: {
    enabled: true,
  },
  opsServerPort: 3000,
});

await router.start();

Automation

dcrouter gives you three good integration layers:

  • the browser dashboard served by OpsServer
  • raw TypedRequest contracts via @serve.zone/dcrouter/interfaces
  • a higher-level OO API client via @serve.zone/dcrouter/apiclient or @serve.zone/dcrouter-apiclient

OO API Client Example

pnpm add @serve.zone/dcrouter-apiclient

import { DcRouterApiClient } from '@serve.zone/dcrouter-apiclient';

const client = new DcRouterApiClient({
  baseUrl: 'https://dcrouter.example.com',
});

await client.login('admin', 'admin');

const { routes } = await client.routes.list();

await client.routes.build()
  .setName('api-gateway')
  .setMatch({ ports: 443, domains: ['api.example.com'] })
  .setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8081 }] })
  .save();

if (routes[0] && routes[0].origin !== 'api') {
  await routes[0].toggle(false);
}

See ./ts_apiclient/readme.md for the dedicated client package and ./ts_interfaces/readme.md for the raw contracts.

OCI / Container Bootstrap

The package also includes an environment-driven bootstrap used by runCli() when DCROUTER_MODE=OCI_CONTAINER.

import { runCli } from '@serve.zone/dcrouter';

await runCli();

Useful environment variables include:

  • DCROUTER_CONFIG_PATH
  • DCROUTER_BASE_DIR
  • DCROUTER_TLS_EMAIL
  • DCROUTER_TLS_DOMAIN
  • DCROUTER_PUBLIC_IP
  • DCROUTER_PROXY_IPS
  • DCROUTER_DNS_NS_DOMAINS
  • DCROUTER_DNS_SCOPES
  • DCROUTER_EMAIL_HOSTNAME
  • DCROUTER_EMAIL_PORTS

Published Modules

This repository ships several module boundaries from one codebase.

Module Purpose Docs
@serve.zone/dcrouter Main runtime and orchestrator ./readme.md
@serve.zone/dcrouter/interfaces Shared request and data contracts as a subpath export ./ts_interfaces/readme.md
@serve.zone/dcrouter/apiclient OO API client as a subpath export ./ts_apiclient/readme.md
@serve.zone/dcrouter-interfaces Standalone interfaces package ./ts_interfaces/readme.md
@serve.zone/dcrouter-apiclient Standalone OO API client package ./ts_apiclient/readme.md
@serve.zone/dcrouter-migrations Standalone migration runner package ./ts_migrations/readme.md
@serve.zone/dcrouter-web Standalone web dashboard package boundary ./ts_web/readme.md

Development

pnpm run build
pnpm test

Target a single test while working on one area:

tstest test/test.apiclient.ts --verbose

License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the LICENSE file.

Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

Company Information

Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

Reference in New Issue View Git Blame Copy Permalink
Description
a traffic router intended to be gating your datacenter.
ocirust
Readme 29 MiB
Languages
TypeScript 99.6%
HTML 0.3%