Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
94 commits
Select commit Hold shift + click to select a range
93630eb
Fix waiting on h2 upstream if downstream ended
johnhurt Mar 20, 2026
c1ca1e1
Shutdown underlying h2 connection on stream read timeout
johnhurt Mar 20, 2026
f8c86b4
Add support for exporting keying material
nbarbier-amira Nov 7, 2025
61febef
feat: Implement per-peer CA support in TLS configuration
fabian4 Jan 17, 2026
4dbd37d
Fix warnings for s2n tls integration
johnhurt Mar 9, 2026
0f7c505
fix: skip h2c preface detection on TLS streams
cph816 Mar 3, 2026
5e70344
fix: bump prometheus to fix sec vuln
JasmineLowen Oct 9, 2025
5e5a374
make prometheus as optional dependency
kumarlokesh May 12, 2025
85218ad
Bump prometheus to 0.14 in dev-dependencies
drcaramelsyrup Mar 4, 2026
5f930d2
Add user-extensible context to HttpPersistentSettings
Noah-Kennedy Mar 16, 2026
1cfc731
pingora-cache: add VarianceBuilder::add_owned_name_value()
Mar 16, 2026
b994854
Add config for tokio blocking pool options
drcaramelsyrup Mar 16, 2026
b370102
Record discovery and build durations in LoadBalancer::update()
daviscloudflare Mar 13, 2026
9a4eee3
Reinit sentry after daemonize
drcaramelsyrup Mar 17, 2026
a3b1861
expose content_type on multirangeinfo
gumpt Mar 16, 2026
21fa592
Allow adjusting upstream modules on response header recv
drcaramelsyrup Mar 6, 2026
af7dd46
Don't init body reader on HEAD 1xx
drcaramelsyrup Mar 18, 2026
d0ede94
Make tracing an optional feature in pingora-cache
drcaramelsyrup Mar 5, 2026
b633683
Fix listen fds not inherited during bootstrap_as_a_service graceful u…
johnhurt Mar 20, 2026
c29014f
Retry on new h2 connection if spawn stream broken pipe
mariiacloudflare Mar 17, 2026
63c5f21
Add abort_on_close functionality to HTTP session handling
lxga Mar 9, 2026
22ffdb8
Add comments around pend behavior for abort_on_close
drcaramelsyrup Mar 24, 2026
c4beff8
expose pipe_subrequest outcome
gumpt Mar 25, 2026
542129f
Fix flaky tests: test_tls_psk, test_conn_timeout, test_1xx_caching, l…
johnhurt Mar 23, 2026
1d93711
Replace tokio::sync::Mutex with parking_lot::Mutex for ListenFds
johnhurt Mar 25, 2026
9855feb
ci: use cargo check for MSRV instead of cargo test
zaidoon1 Apr 10, 2026
ee387f4
Add a mechanism for signalling between old and new processes when doi…
johnhurt Mar 29, 2026
d7728ca
Add cancel-safe body and header writer primitives
drcaramelsyrup Feb 28, 2026
5a82204
Add proxy task API for v1 server sessions
drcaramelsyrup Mar 20, 2026
8683056
Use proxy task API for cache-served proxy_h1 downstream writes
drcaramelsyrup Mar 2, 2026
ce16618
Add per-session toggle for the proxy task API
drcaramelsyrup Mar 20, 2026
969eb67
Use proxy task API in proxy_h2 and proxy_custom for cache-served down…
drcaramelsyrup Mar 20, 2026
e7de90a
Fix body bytes count on v1 session
drcaramelsyrup Mar 27, 2026
9267745
add peek_lru to LRU eviction manager
duke8253 Apr 2, 2026
ea9d9ec
Expose Unexpected Data Counter from Connection Pool
daviscloudflare Mar 20, 2026
d41a66b
update bench_lru with production-scale data, warn about promote_top_n
duke8253 Apr 2, 2026
842ddd9
Split out pingora-prometheus into a separate crate
drcaramelsyrup Apr 1, 2026
2114056
Make h2 stream window and conn window size configurable
drcaramelsyrup Apr 4, 2026
c0adfd3
Ignore caching stall tests for CI flakiness
drcaramelsyrup Apr 17, 2026
452813e
ci: add Semgrep OSS scanning workflow
hrushikeshdeshpande Apr 23, 2026
d4e4ae1
vary on available-dictionary
gumpt Apr 9, 2026
6ac51b3
Add upstream module system
drcaramelsyrup Apr 10, 2026
5e0f216
Return error on new conn h2 spawn stream
drcaramelsyrup Apr 11, 2026
8b2fa50
Strip H1-specific headers when downstream is a custom protocol and up…
areyia Apr 14, 2026
927a00c
Avoid hit handler finish on disabled cache
drcaramelsyrup Apr 15, 2026
f6dadf8
Syncing some mismatched internal/external changes
johnhurt Apr 24, 2026
3a95c50
RUSTSEC-2026-0098 and RUSTSEC-2026-0099 fixes
johnhurt Apr 24, 2026
1476e7a
expose pipe receiver in subrequest state
gumpt Apr 14, 2026
1f83d3c
Changing type of PeerOptions curve to Cow to allow for dynamically de…
icrutche Apr 13, 2026
6c523ee
Add support for fractional delta seconds that are floored (optional R…
andrewhavck Apr 21, 2026
a95f8c4
feat: make rustls cert public
shaneutt Apr 12, 2026
bc9870d
Fix flaky test_connector_bind_to on macOS/CI
johnhurt Apr 28, 2026
aece993
let h2 accept loop drain in-flight streams on shutdown
gumpt May 1, 2026
06cbc1c
Derive Clone and Debug on HttpServerOptions
areyia May 1, 2026
043f1f6
Use power-of-two selection to balance eviction
drcaramelsyrup Apr 30, 2026
2536867
Adding curves and second keyshare setting to httppeer hash
icrutche May 1, 2026
ab48509
Add working_directory option for daemon mode
drcaramelsyrup May 6, 2026
7d3677d
Ignore test_upload_connection_die due to timing dependency
johnhurt May 7, 2026
77cce2c
Add cancel-safe proxy task API for Subrequest server sessions
drcaramelsyrup May 4, 2026
c0845a8
Add per-listener L4 buffer configuration
drcaramelsyrup May 5, 2026
5e78b4d
Add Tokio runtime poll-time histogram option
drcaramelsyrup May 5, 2026
38216d8
Add proxy warn log suppression hook
drcaramelsyrup May 10, 2026
eb9259a
Add keepalive_pool_callback allowing callers to track ages of connect…
andrewhavck May 11, 2026
b803372
only set evicted on true evictions
andrewhavck May 13, 2026
cb397dd
apply write_timeout before health check writes
areyia May 13, 2026
d64bf93
Tolerate per-shard errors in LRU shard save and load
drcaramelsyrup May 13, 2026
3c55518
Allow adjusting LRU weight limits
drcaramelsyrup May 14, 2026
ae96f7e
replace daemonize with daemonix, as it's more maintained
alexanderkjall Apr 3, 2026
600c5c0
Add pre-TLS callback for PROXY protocol support
jaw-sh Apr 3, 2026
e0219e6
Quickstart docs fix
will-x86 Mar 7, 2026
d28dbbc
Fix connection filter example signature
drcaramelsyrup May 7, 2026
db10ac4
Add export_keying_material support to pingora-s2n
nbarbier-265 Apr 10, 2026
af5f72a
Bump year in copyright
johnhurt Apr 10, 2026
5c2bfcd
Add Tokio alternative timer runtime knob
drcaramelsyrup May 18, 2026
7fa8d39
Use Tokio timeout for long fast timeouts
drcaramelsyrup May 18, 2026
5220b5a
Ensure watch_use also polls notify_evicted so we do not miss eviction…
andrewhavck May 19, 2026
309b262
Remove async_write_vec module
duke8253 May 19, 2026
3d55df5
Shard connection pool and use a true global LRU rather than ThreadLoc…
andrewhavck Jan 5, 2026
c238f56
Add dial9 runtime telemetry config
drcaramelsyrup May 18, 2026
6e2158d
Fix PoolNode race window
andrewhavck May 21, 2026
318d354
allow proxy services to override runtime opts
drcaramelsyrup May 21, 2026
4a9a34c
Support HTTP/1.1 request pipelining on the downstream session
CodyPubNub May 13, 2026
b9257e7
Do not treat replaced connections as evicted
andrewhavck May 22, 2026
7e29246
Updated `nix` versio to `0.31.1`
antoncxx Feb 17, 2026
a9e4c42
Gate CONNECT tests on patched HTTP/1 support
drcaramelsyrup May 30, 2026
d9e6d7a
Use valid paths in header serialization tests
drcaramelsyrup May 30, 2026
922df3c
add
molocule Jun 10, 2026
81be571
Update proxy_h2.rs
molocule Jun 10, 2026
2d8db2a
add unit test
molocule Jun 11, 2026
27aefe1
caching path
molocule Jun 13, 2026
6adf921
add test
molocule Jun 13, 2026
c093a91
Merge branch 'main' into rst-stream-fix
molocule Jun 13, 2026
6fb2e5c
Update test_basic.rs
molocule Jun 15, 2026
050f826
address comments
molocule Jun 23, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .bleep
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5a1cf681f7e2691687623b60387a88076493015f
faf3f5b20af8cf4f1c8038ba48d44880674ca9ec
13 changes: 9 additions & 4 deletions .cargo/audit.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
# Advisories against rustls-webpki 0.101.7, pulled in transitively by
# aws-sdk-s3-transfer-manager through the legacy rustls 0.21 chain used by
# dial9's worker-s3 feature. No patch exists in 0.101.x; not reachable in
# our usage because this is TLS client use only and does not parse CRLs.
# Remove once the upstream aws-s3-transfer-manager-rs fix ships.

[advisories]
ignore = [
# This came from the prometheus crate's protobuf encoder.
# We don't use the protobuf encoder, only the text one.
# https://rustsec.org/advisories/RUSTSEC-2024-0437
"RUSTSEC-2024-0437",
"RUSTSEC-2026-0098", # rustls-webpki: URI name constraints incorrectly accepted
"RUSTSEC-2026-0099", # rustls-webpki: name constraints accepted for wildcard certs
"RUSTSEC-2026-0104", # rustls-webpki: reachable panic in CRL parsing
]
5 changes: 5 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,17 @@ jobs:
- name: Run cargo fmt
run: cargo fmt --all -- --check

- name: Run cargo check
run: cargo check --workspace

- name: Run cargo test
if: matrix.toolchain != '1.84.0'
run: cargo test --verbose --lib --bins --tests --no-fail-fast

# Need to run doc tests separately.
# (https://github.com/rust-lang/cargo/issues/6669)
- name: Run cargo doc test
if: matrix.toolchain != '1.84.0'
run: cargo test --verbose --doc

- name: Run cargo clippy
Expand Down
40 changes: 23 additions & 17 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
@@ -1,24 +1,30 @@
name: Semgrep OSS scan
on:
pull_request: {}
push:
branches: [main, master]
workflow_dispatch: {}
push:
branches:
- main
- master
schedule:
- cron: '0 0 * * *'
name: Semgrep config
- cron: '0 0 15 * *'
concurrency:
group: semgrep-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
semgrep:
name: semgrep/ci
runs-on: ubuntu-latest
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
SEMGREP_URL: https://cloudflare.semgrep.dev
SEMGREP_APP_URL: https://cloudflare.semgrep.dev
SEMGREP_VERSION_CHECK_URL: https://cloudflare.semgrep.dev/api/check-version
container:
image: returntocorp/semgrep
name: semgrep-oss
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@v4
- run: semgrep ci
- uses: actions/checkout@v5
with:
fetch-depth: 1
- id: cache-semgrep
uses: actions/cache@v5
with:
path: ~/.local
key: semgrep-1.160.0-${{ runner.os }}
- if: steps.cache-semgrep.outputs.cache-hit != 'true'
run: pip install --user semgrep==1.160.0
- run: echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- run: semgrep scan --config=auto
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@ dhat-heap.json
.vscode
.idea
.cover
bleeper.user.toml
bleeper.user.toml
.DS_Store
5 changes: 5 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ members = [
"pingora-ketama",
"pingora-load-balancing",
"pingora-memory-cache",
"pingora-prometheus",
"tinyufo",
]

Expand All @@ -38,10 +39,14 @@ bytes = "1.0"
derivative = "2.2.0"
http = "1"
log = "0.4"
futures = "0.3"
h2 = ">=0.4.11"
once_cell = "1"
lru = "0.16.3"
ahash = ">=0.8.9"

[workspace.lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tokio_unstable)'] }

[profile.bench]
debug = true
5 changes: 3 additions & 2 deletions docs/quick_start.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ cargo new load_balancer
In your project's `cargo.toml` file add the following to your dependencies
```
async-trait="0.1"
pingora = { version = "0.3", features = [ "lb" ] }
pingora = { version = "0.8.0", features = ["openssl", "lb"] }

```

### Create a pingora server
Expand Down Expand Up @@ -321,4 +322,4 @@ The full code for this example is available in this repository under
Other examples that you may find helpful are also available here

[pingora-proxy/examples/](../pingora-proxy/examples/)
[pingora/examples](../pingora/examples/)
[pingora/examples](../pingora/examples/)
81 changes: 80 additions & 1 deletion docs/user_guide/conf.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,91 @@ group: webusers
| threads | number of threads per service | number |
| user | the user the pingora server should be run under after daemonization | string |
| group | the group the pingora server should be run under after daemonization | string |
| working_directory | the working directory for the daemonized process | string |
| client_bind_to_ipv4 | source IPv4 addresses to bind to when connecting to server | list of string |
| client_bind_to_ipv6 | source IPv6 addresses to bind to when connecting to server| list of string |
| ca_file | The path to the root CA file | string |
| s2n_config_cache_size | The maximum number of unique s2n configs to cache. A value of 0 disables the cache. Default: 10 (s2n-tls only) | number |
| work_stealing | Enable work stealing runtime (default true). See Pingora runtime (WIP) section for more info | bool |
| upstream_keepalive_pool_size | The number of total connections to keep in the connection pool | number |
| runtime_enable_alt_timer | Enable Tokio's experimental alternative timer on work-stealing service runtimes. Requires building with `--cfg tokio_unstable`. Ignored when `work_stealing` is disabled. Default: `false` | bool |
| fast_timeout_to_tokio_threshold_seconds | Timeout durations greater than this value use Tokio's native timeout instead of Pingora's fast timeout. Default: `900`. Set to `null` to disable the Tokio fallback. | number |
| runtime_metrics_poll_time_histogram | Enable Tokio poll-time histograms on service runtimes. Requires building with `--cfg tokio_unstable`; adds two timestamp reads to every task poll. Default: `false` | bool |
| runtime_metrics_poll_time_histogram_scale | Bucket scale for Tokio poll-time histograms. Valid values: `linear`, `log`. Ignored unless `runtime_metrics_poll_time_histogram` is enabled. | string |
| runtime_metrics_poll_time_histogram_resolution_micros | Width of the first Tokio poll-time histogram bucket in microseconds. Must be greater than 0. Ignored unless `runtime_metrics_poll_time_histogram` is enabled. | number |
| runtime_metrics_poll_time_histogram_buckets | Number of Tokio poll-time histogram buckets. Must be greater than 0 and at most 1024. Memory usage scales with runtimes × workers × buckets. Ignored unless `runtime_metrics_poll_time_histogram` is enabled. | number |
| upstream_keepalive_pool_size | The number of idle upstream connections to keep per tokio worker. The pool's effective ceiling is `upstream_keepalive_pool_size × threads`. Eviction is globally consistent across workers. | number |
| daemon_wait_for_ready | When `true` and `daemon` is `true`, the parent process waits for the daemon to signal readiness (via `SIGUSR1`) before exiting. This causes systemd to delay sending `SIGQUIT` to the old process until the new instance is fully bootstrapped. Default: `false` | bool |
| daemon_ready_timeout_seconds | How long (in seconds) the parent waits for the daemon to signal readiness when `daemon_wait_for_ready` is `true`. If the daemon does not signal in time the parent exits with a non-zero code, causing systemd to abort the reload. Default: `600` | number |
| daemon_notify_timeout_seconds | How long (in seconds) the daemon retries sending `SIGUSR1` to the parent when the attempt fails with a permission error. This covers the brief window after the fork where the parent has not yet dropped its UID to match the daemon. Default: `60` | number |

## dial9

dial9 Tokio runtime telemetry is configured programmatically, not through
the YAML configuration file. This avoids applying experimental telemetry to
every service runtime and lets services provide non-serializable options such
as a pre-built S3 client.

dial9 is only available when Pingora is built with the `dial9` feature and
`--cfg tokio_unstable`. Services can override the global runtime options with
`runtime_opts_override()`:

```rust
use pingora::server::{Dial9RuntimeOpts, RuntimeOpts};
use pingora::services::Service;

struct MyService;

impl Service for MyService {
fn name(&self) -> &str {
"my-service"
}

fn runtime_opts_override(&self, global: &RuntimeOpts) -> Option<RuntimeOpts> {
let mut opts = global.clone();
opts.dial9 = Some(
Dial9RuntimeOpts::new("/var/lib/pingora/dial9/my-service/trace.bin")
.with_max_file_size(100 * 1024 * 1024)
.with_max_total_size(512 * 1024 * 1024),
);
Some(opts)
}
}
```

When built with the `dial9-worker-s3` feature, sealed trace segments can also
be uploaded to an S3-compatible bucket:

```rust
use pingora::server::{Dial9RuntimeOpts, Dial9S3UploadOpts, RuntimeOpts};
use pingora::services::Service;

struct MyService {
s3_client: aws_sdk_s3::Client,
}

impl Service for MyService {
fn name(&self) -> &str {
"my-service"
}

fn runtime_opts_override(&self, global: &RuntimeOpts) -> Option<RuntimeOpts> {
let mut opts = global.clone();
opts.dial9 = Some(
Dial9RuntimeOpts::new("/var/lib/pingora/dial9/my-service/trace.bin")
.with_s3_upload(
Dial9S3UploadOpts::new("my-trace-bucket", "my-service")
.with_prefix("traces/my-service")
.with_region("us-east-1")
.with_client(self.s3_client.clone()),
),
);
Some(opts)
}
}
```

The S3 client is optional. When omitted, dial9 uses the AWS SDK default
configuration chain and its bucket-region detection.

## Extension
Any unknown settings will be ignored. This allows extending the conf file to add and pass user defined settings. See User defined configuration section.
3 changes: 1 addition & 2 deletions docs/user_guide/modify_filter.md
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,7 @@ impl ProxyHttp for MyGateway {

fn main() {
...
let mut prometheus_service_http =
pingora::services::listening::Service::prometheus_http_service();
let mut prometheus_service_http = pingora_prometheus::prometheus_http_service();
prometheus_service_http.add_tcp("127.0.0.1:6192");
my_server.add_service(prometheus_service_http);

Expand Down
15 changes: 14 additions & 1 deletion docs/user_guide/phase.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ Pingora-proxy allows users to insert arbitrary logic into the life of a request.
upstream_request_filter --> request_body_filter;
request_body_filter --> SendReq{{IO: send request to upstream}};
SendReq-->RecvResp{{IO: read response from upstream}};
RecvResp-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
RecvResp-.feature: adjust_upstream_modules.->adjust_upstream_modules;
adjust_upstream_modules-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");

fail_to_connect --can retry-->upstream_peer;
fail_to_connect --can't retry-->fail_to_proxy--send error response-->logging;
Expand Down Expand Up @@ -92,6 +93,11 @@ If the error is not retry-able, the request will end.
### `upstream_request_filter()`
This phase is to modify requests before sending to upstream.

### `adjust_upstream_modules()` _(feature: `adjust_upstream_modules`)_
This phase is triggered when the upstream response header arrives, before upstream modules (such as `upstream_compression`) process it.

Use this to configure upstream module behavior based on the response header, e.g. setting a dictionary for dictionary-based content encoding. The response header is provided as an immutable reference; to modify the response header itself, use `upstream_response_filter()` instead.

### `upstream_response_filter()/upstream_response_body_filter()/upstream_response_trailer_filter()`
This phase is triggered after an upstream response header/body/trailer is received.

Expand Down Expand Up @@ -129,6 +135,13 @@ This is also not a phase, but another callback.

`fail_to_proxy()` errors are automatically logged in the error log, but users may not be interested in every error. For example, downstream errors are logged if the client disconnects early, but these errors can become noisy if users are mainly interested in observing upstream issues. This callback can inspect the error and returns true or false. If true, the error will not be written to the log.

### `suppress_proxy_warn_log()`
This is also not a phase, but another callback.

This experimental callback can suppress proxy warning logs that do not reach `fail_to_proxy()`, such as retryable proxy upstream failures and downstream errors ignored while cache fill continues. The callback receives a `ProxyWarnLogContext` so users can distinguish these warning contexts. Final proxy errors are still handled by `suppress_error_log()`.

This API may change or be removed until indicated otherwise. Suppressing retry warning logs can remove the only per-retry audit record, so users should provide alternative observability, such as metrics or logs from this hook.

### Cache filters

To be documented
3 changes: 2 additions & 1 deletion docs/user_guide/phase_chart.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ Pingora proxy phases without caching
upstream_request_filter --> request_body_filter;
request_body_filter --> SendReq{{IO: send request to upstream}};
SendReq-->RecvResp{{IO: read response from upstream}};
RecvResp-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");
RecvResp-.feature: adjust_upstream_modules.->adjust_upstream_modules;
adjust_upstream_modules-->upstream_response_filter-->response_filter-->upstream_response_body_filter-->response_body_filter-->logging-->endreq("request done");

fail_to_connect --can retry-->upstream_peer;
fail_to_connect --can't retry-->fail_to_proxy--send error response-->logging;
Expand Down
15 changes: 13 additions & 2 deletions docs/user_guide/prom.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,21 @@
# Prometheus

Pingora has a built-in prometheus HTTP metric server for scraping.
The [`pingora-prometheus`](https://docs.rs/pingora-prometheus) crate provides a
Prometheus HTTP metrics server for scraping.

## Adding the Dependency

Add `pingora-prometheus` to your `Cargo.toml`:

```toml
pingora-prometheus = "0.8.0"
```

## Setting up a Prometheus Metrics Endpoint

```rust
...
let mut prometheus_service_http = Service::prometheus_http_service();
let mut prometheus_service_http = pingora_prometheus::prometheus_http_service();
prometheus_service_http.add_tcp("0.0.0.0:1234");
my_server.add_service(prometheus_service_http);
my_server.run_forever();
Expand Down
5 changes: 3 additions & 2 deletions docs/user_guide/rate_limiter.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ Pingora provides a crate `pingora-limits` which provides a simple and easy to us
1. Add the following dependencies to your `Cargo.toml`:
```toml
async-trait="0.1"
pingora = { version = "0.3", features = [ "lb" ] }
pingora-limits = "0.3.0"
pingora = { version = "0.8", features = [ "lb", "openssl" ] }
pingora-limits = "0.8.0"
once_cell = "1.19.0"
```
2. Declare a global rate limiter map to store the rate limiter for each client. In this example, we use `appid`.
Expand All @@ -20,6 +20,7 @@ Pingora provides a crate `pingora-limits` which provides a simple and easy to us
```rust
use async_trait::async_trait;
use once_cell::sync::Lazy;
use pingora::http::ResponseHeader;
use pingora::prelude::*;
use pingora_limits::rate::Rate;
use std::sync::Arc;
Expand Down
14 changes: 14 additions & 0 deletions pingora-boringssl/src/ext.rs
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,20 @@ pub fn clear_error_stack() {
let _ = ErrorStack::get();
}

/// Export keying material from a TLS connection
///
/// Derives keying material for application use in accordance with RFC 5705.
///
/// See [SSL_export_keying_material](https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_export_keying_material).
pub fn ssl_export_keying_material(
ssl: &SslRef,
out: &mut [u8],
label: &str,
context: Option<&[u8]>,
) -> Result<(), ErrorStack> {
ssl.export_keying_material(out, label, context)
}

/// Create a new [Ssl] from &[SslAcceptor]
///
/// This function is needed because [Ssl::new()] doesn't take `&SslContextRef` like openssl-rs
Expand Down
9 changes: 6 additions & 3 deletions pingora-cache/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ httpdate = "1.0.2"
log = { workspace = true }
async-trait = { workspace = true }
parking_lot = "0.12"
cf-rustracing = "1.0"
cf-rustracing-jaeger = "1.0"
cf-rustracing = { version = "1.0", optional = true }
cf-rustracing-jaeger = { version = "1.0", optional = true }
rmp = "0.8.14"
tokio = { workspace = true }
lru = { workspace = true }
Expand All @@ -49,11 +49,13 @@ strum = { version = "0.26", features = ["derive"] }
rand = "0.8"

[dev-dependencies]
cf-rustracing = "1.0"
cf-rustracing-jaeger = "1.0"
tokio-test = "0.4"
tokio = { workspace = true, features = ["fs"] }
env_logger = "0.11"
dhat = "0"
futures = "0.3"
futures = { workspace = true }

[[bench]]
name = "simple_lru_memory"
Expand All @@ -73,3 +75,4 @@ openssl = ["pingora-core/openssl"]
boringssl = ["pingora-core/boringssl"]
rustls = ["pingora-core/rustls"]
s2n = ["pingora-core/s2n"]
trace = ["dep:cf-rustracing", "dep:cf-rustracing-jaeger"]
Loading