code changes, readme, workflows

Author: blind-oracle

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @dfinity/boundary-node

.github/workflows/build.yml

@@ -0,0 +1,109 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+env:
+  CARGO_TERM_COLOR: never
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+permissions:
+  contents: write
+  packages: write
+  attestations: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install repro-env
+        run: |
+          wget 'https://github.com/kpcyrd/repro-env/releases/download/v0.4.3/repro-env'
+          echo '2a00b21ac5e990e0c6a0ccbf3b91e34a073660d1f4553b5f3cda2b09cc4d4d8a  repro-env' | sha256sum -c -
+          sudo install -m755 repro-env -t /usr/bin
+
+      - name: Install deps
+        run: sudo apt-get update && sudo apt-get -y install protobuf-compiler podman
+
+      - name: Build
+        run: repro-env build -- cargo build --release --target x86_64-unknown-linux-musl
+
+      - name: Generate SHA checksum
+        run: shasum target/x86_64-unknown-linux-musl/release/ic-http-lb > ic-http-lb.shasum
+
+      - name: Remove build files
+        run: rm -rf target
+
+      - name: Build again
+        run: repro-env build -- cargo build --release --target x86_64-unknown-linux-musl
+
+      - name: Check SHA checksum
+        run: shasum -c ic-http-lb.shasum
+
+      - name: Strip
+        run: /usr/bin/strip target/x86_64-unknown-linux-musl/release/ic-http-lb
+
+      - name: Create package root
+        run: |
+          mkdir -p .debpkg/usr/sbin
+          mkdir -p .debpkg/etc/systemd/system
+          mkdir -p .debpkg/etc/default
+          mkdir -p .debpkg/DEBIAN
+
+          cp target/x86_64-unknown-linux-musl/release/ic-http-lb .debpkg/usr/sbin
+          cp deploy/ic-http-lb.service .debpkg/etc/systemd/system
+          cp deploy/ic-http-lb.env .debpkg/etc/default/ic-http-lb
+
+          chmod -R g-s .debpkg
+
+      - uses: jiro4989/build-deb-action@1bd8ed1458d3dc331f62bf50468cce9b610fd0af
+        with:
+          package: ic-http-lb
+          package_root: .debpkg
+          maintainer: "DFINITY Boundary Nodes Team"
+          version: ${{ github.ref }}
+          arch: amd64
+          desc: "IC-HTTP-LB Service"
+          homepage: "https://github.com/dfinity/ic-http-lb"
+
+      - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5
+        with:
+          makeLatest: true
+          artifacts: "target/x86_64-unknown-linux-musl/release/ic-http-lb,*.deb"
+          body: "IC-HTTP-LB release"
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: docker_meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: docker_push
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.docker_push.outputs.digest }}
+          push-to-registry: true

.github/workflows/test.yml

@@ -0,0 +1,35 @@
+name: Test
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+env:
+  CARGO_TERM_COLOR: never
+  GH_TOKEN: ${{ github.token }}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  test:
+    permissions:
+      contents: write
+
+    runs-on:
+      - namespace-profile-ubuntu-24-04-big
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6
+
+      - name: Install deps
+        run: sudo apt-get update && sudo apt-get -y install protobuf-compiler && cargo install cargo-all-features
+
+      - name: Run all unit and integration tests
+        run: |
+          ./run-tests.sh

.gitignore

@@ -19,3 +19,5 @@ target
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
+
+build-linux.sh

Cargo.lock

@@ -17,9 +17,9 @@ hostname = "0.4.0"
 http = "1.3.1"
 humantime = "2.2.0"
 ic-bn-lib = { path = "../ic-bn-lib", features = [
-    "cert_providers",
+    "cert-providers",
     "clients-hyper",
-    "acme_alpn",
+    "acme-alpn",
     "vector",
 ] }
 prometheus = "0.14.0"
@@ -41,3 +41,13 @@ tracing-subscriber = { version = "0.3.18", features = [
 ] }
 url = { version = "2.5.3", features = ["serde"] }
 serde_json = "1.0.140"
+
+[profile.release]
+strip = "symbols"
+codegen-units = 1
+lto = "fat"
+panic = "abort"
+
+[profile.profiling]
+inherits = "release"
+debug = true

Cargo.toml

@@ -1,2 +1,74 @@
 # ic-http-lb
-Load Balancer for IC HTTP Gateways
+
+`ic-http-lb` is the simple HTTP load balancer that runs in front of HTTP Gateways on the [Internet Computer](https://internetcomputer.org).
+
+## Description
+
+`ic-http-lb` enables load balancing of incoming HTTP requests over a set of backends and performs TLS termination.
+
+## Installation
+
+To install and set up `ic-http-lb`, follow the steps below.
+
+### Simple
+
+- Grab the latest package from the [releases](https://github.com/dfinity/ic-http-lb/releases) page and install it
+- Edit `/etc/default/ic-http-lb` file to configure the service using environment variables. See `Usage` section below.
+- Start the service with `systemctl start ic-http-lb`
+
+### Advanced
+
+- **Clone the repository**
+
+  ```bash
+  git clone git@github.com:dfinity/ic-http-lb.git
+  cd ic-http-lb
+  ```
+
+- **Install Rust**
+
+  Follow the [official Rust installation guide](https://www.rust-lang.org/tools/install).
+
+- **Build**
+  
+  Execute `cargo build --release` in the `ic-http-lb` folder and you'll get a binary in `target/release` subfolder.
+
+### Reproducible build
+
+ - Install [repro-env](https://github.com/kpcyrd/repro-env)
+ - Build the binary using `repro-env build -- cargo build --release --target x86_64-unknown-linux-musl`
+
+### Running in Docker
+ - Pull the container: `docker pull ghcr.io/dfinity/ic-http-lb:latest`
+ - Create the configuration file with the environment variables, e.g. `ic-http-lb.env`
+ - Run the container: `docker run --env-file ic-http-lb.env ghcr.io/dfinity/ic-http-lb`
+
+## Usage
+
+### Minimal Example
+
+To run a minimal ic-http-lb instance, use the following configuration in `/etc/default/ic-http-lb`:
+
+```
+BACKENDS_CONFIG="/etc/ic-http-lb/backends.yaml"
+```
+
+`backends.yaml` example:
+```
+- name: backend1.domain.com
+  url: https://backend1.domain.com
+  weight: 1
+  enabled: true
+```
+
+### Options
+
+`ic-http-lb` offers various options that can be configured via command-line arguments or environment variables. For a full list, run `ic-http-lb --help`.
+
+## Contributing
+
+External code contributions are currently not being accepted to this repository.
+
+## License
+
+This project is licensed under the Apache License, Version 2.0. See the [LICENSE](LICENSE) file for more details.

README.md

@@ -0,0 +1 @@
+BACKENDS_CONFIG="/etc/ic-http-lb/backends.yaml"

build-linux.sh

@@ -0,0 +1,14 @@
+[Unit]
+Description=IC-HTTP-LB
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+User=root
+Group=root
+Restart=always
+EnvironmentFile=-/etc/default/ic-http-lb
+ExecStart=/usr/sbin/ic-http-lb
+
+[Install]
+WantedBy=multi-user.target