Skip to content

alpe/ohttp-relay

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github
.github
 
 
cmd
cmd
 
 
dev
dev
 
 
docs
docs
 
 
internal
internal
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASE_NOTES.md
RELEASE_NOTES.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

OHTTP Relay

Go Report Card License

The OHTTP Relay is an Envoy External Processor (ext_proc) that enables privacy-preserving communication by forwarding Oblivious HTTP (OHTTP) encapsulated requests to a configured gateway.

It acts strictly as a relay: it does not decrypt or interpret the payload, ensuring that the relay sees only the source IP and the gateway sees only the encrypted message.

Official Documentation & Demo: orelay.dev

Features

  • OHTTP Encapsulation Support: Handles message/ohttp-req and message/ohttp-res content types.
  • Envoy Integration: Designed to work seamlessly with Envoy via the ext_proc filter.
  • Domain Mapping: Routes requests to different OHTTP Gateways based on the incoming request's authority/host.
  • Redis Integration: Optional dynamic configuration of gateway mappings via Redis.
  • Prometheus Metrics: Exposes operational metrics for monitoring.

Getting Started

Prerequisites

Build

make build

Run

# Run with static mappings
./bin/ohttprelay \
  --grpc-port=9006 \
  --gateway-urls="example.com:https://gateway.example.com/relay" \
  -v=1

Configuration Flags

Flag Description Default
--grpc-port Port for gRPC communication with Envoy 9006
--metrics-port Port for Prometheus metrics 9090
--gateway-urls Comma-separated domain:url mappings ""

| --timeout | Timeout for upstream gateway requests | 9s | | --redis-enable | Enable Redis for dynamic config | false |

Envoy Configuration

To use the OHTTP Relay with Envoy, configure the ext_proc filter in your Envoy configuration:

http_filters:
- name: envoy.filters.http.ext_proc
  typed_config:
    "@type": type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor
    grpc_service:
      envoy_grpc:
        cluster_name: ohttp_relay
    processing_mode:
      request_header_mode: SEND
      request_body_mode: BUFFERED
      request_trailer_mode: SKIP
      response_header_mode: SKIP
      response_body_mode: SKIP

clusters:
- name: ohttp_relay
  type: STRICT_DNS
  connect_timeout: 1s
  http2_protocol_options: {}
  load_assignment:
    cluster_name: ohttp_relay
    endpoints:
    - lb_endpoints:
      - endpoint:
          address:
            socket_address:
              address: 127.0.0.1
              port_value: 9006

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

About

ohttp relay implementation with envoy

orelay.dev

Topics

ohttp

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages