Reverse Proxy
Put Fluxheim in front of an application server. Fluxheim handles TLS, headers, limits, and upstream selection.
Basic proxy
[[vhosts]]
name = "app"
hosts = ["app.example.com"]
[[vhosts.routes]]
path_prefix = "/"
action = "proxy"
upstreams = ["127.0.0.1:3000"]Route choices
| Feature | Use it when |
|---|---|
path_exact | One URL needs a precise route. |
path_prefix | A whole URL subtree goes to one backend. |
strip_prefix | The backend should not see the public prefix. |
rewrite_prefix | The backend expects a different internal prefix. |
methods | A route should only accept selected HTTP methods. |
Path rewrite example
[[vhosts.routes]]
name = "api"
path_prefix = "/api/"
strip_prefix = "/api/"
rewrite_prefix = "/internal/"
[vhosts.routes.proxy]
upstreams = ["10.0.0.20:8080"]
connect_timeout_secs = 5
read_timeout_secs = 30
send_timeout_secs = 30Production notes
- Keep the application on loopback or a private network.
- Set request body limits before exposing uploads.
- Use trusted proxy settings only for networks you control.
- Prefer explicit routes over one large fallback when different paths need different safety rules.