test2101

Comparing DelProxy vs. Traditional Reverse Proxies: Pros and Cons

Written by

adm

in

Deploying DelProxy: Step-by-Step Setup and Best Practices

Overview

DelProxy is a lightweight reverse-proxy designed for high-performance routing, TLS termination, and simple load balancing. This guide walks through a complete deployment: prerequisites, installation, configuration, testing, and production best practices.

Prerequisites

  • A Linux server (Ubuntu 22.04 or similar) with root or sudo access
  • Domain name pointing to the server’s public IP (A/AAAA record)
  • Basic familiarity with the command line and systemd
  • Ports 80 and 443 open in firewall (ufw, iptables, or cloud provider security group)

1. Install DelProxy

  1. Update packages: 
    bash
    sudo apt update && sudo apt upgrade -y
  2. Download latest DelProxy binary (replace with actual release URL): 
    bash
    curl -Lo /usr/local/bin/delproxy https://github.com/example/delproxy/releases/latest/download/delproxy-linux-amd64
sudo chmod +x /usr/local/bin/delproxy
  3. Create a system user: 
    bash
    sudo useradd –system –no-create-home –shell /usr/sbin/nologin delproxy

2. Basic Configuration

  1. Create config directory and file: 
    bash
    sudo mkdir -p /etc/delproxy sudo tee /etc/delproxy/delproxy.yml > /dev/null <<‘EOF’ bind_addr: 0.0.0.0:443 http_bind: 0.0.0.0:80 tls: cert_file: /etc/letsencrypt/live/example.com/fullchain.pem   keyfile: /etc/letsencrypt/live/example.com/privkey.pem routes:   - hostname: example.com     upstream: http://127.0.0.1:8080
EOF
  2. Adjust ownership: 
    bash
    sudo chown -R delproxy:delproxy /etc/delproxy

3. systemd Service

  1. Create service file: 
    bash
    sudo tee /etc/systemd/system/delproxy.service > /dev/null <<‘EOF’ [Unit] Description=DelProxy reverse proxy After=network.target 
[Service] User=delproxy Group=delproxy ExecStart=/usr/local/bin/delproxy -config /etc/delproxy/delproxy.yml Restart=on-failure 
[Install] WantedBy=multi-user.target EOF
  2. Enable and start: 
    bash
    sudo systemctl daemon-reload sudo systemctl enable –now delproxy sudo journalctl -u delproxy -f

4. TLS with Let’s Encrypt (optional automated)

  1. Install certbot and obtain cert: 
    bash
    sudo apt install -y certbot sudo certbot certonly –standalone -d example.com –non-interactive –agree-tos -m [email protected]
  2. Ensure DelProxy can read certs; add a systemd drop-in to restart DelProxy after renewal: 
    bash
    sudo tee /etc/letsencrypt/renewal-hooks/deploy/restart_delproxy.sh > /dev/null <<‘EOF’ #!/bin/bash systemctl restart delproxy EOF
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/restartdelproxy.sh

5. Health Checks and Load Balancing

  • Configure multiple upstreams and health checks in delproxy.yml: 
    yaml
    routes:
  - hostname: example.com     upstreams:
      - url: http://10.0.0.2:8080
      - url: http://10.0.0.3:8080
    healthcheck:
      path: /healthz       interval: 10s       timeout: 2s

6. Logging and Monitoring

  • Enable structured logs (JSON) if supported and forward to a log aggregator (Fluentd, Logstash).
  • Expose Prometheus metrics and scrape from /metrics.
  • Monitor CPU, memory, open file descriptors; set systemd resource limits if needed: 
    ini
    [Service]
LimitNOFILE=65536

7. Security Best Practices

  • Run DelProxy as a non-privileged user (already set).
  • Use strong TLS settings and HTTP Strict Transport Security (HSTS).
  • Rate-limit connections and apply WAF rules upstream when necessary.
  • Keep the binary updated and verify checksums of releases.

8. Scaling and High Availability

  • Use multiple DelProxy instances behind a TCP-level load balancer or DNS-based failover.
  • Share configuration via a CM tool (Ansible, Terraform) and automate deployments with CI/CD.
  • Persist session stickiness with consistent hashing or by using a shared session store if needed.

9. Troubleshooting Checklist

  • Confirm DNS resolves to correct IP (dig, nslookup).
  • Check ports are open (ss -tuln, sudo ufw status).
  • View logs: sudo journalctl -u delproxy -e.
  • Test upstream reachability: curl -v http://127.0.0.1:8080/healthz.

Conclusion

Follow this checklist to deploy DelProxy for secure, performant routing. Automate cert renewals, monitor health, and apply security hardening. Adjust the configuration to your environment and scale by running multiple instances behind a load balancer.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts