### Axon TOML Configuration Example Source: https://github.com/longcipher/axon/blob/master/README.md An example TOML configuration file for the Axon API Gateway. This illustrates how to define listening addresses, enable protocols, configure health checks, set up routes for proxying and static file serving, and implement rate limiting. It demonstrates key features like host-based routing and path rewriting. ```toml listen_addr = "127.0.0.1:3000" [protocols] http2_enabled = true websocket_enabled = true # enable websocket proxy http3_enabled = false # set true + provide TLS cert/key when built with --features http3 [health_check] enabled = true interval_secs = 30 timeout_secs = 5 path = "/health" unhealthy_threshold = 3 healthy_threshold = 2 [routes."/api/v1"] type = "proxy" target = "http://backend-service:8080" path_rewrite = "/" [routes."/api/v1".rate_limit] by = "ip" requests = 100 period = "1m" [routes."/static"] type = "static" root = "./public" [routes."/health"] type = "proxy" target = "http://backend-service:8080/health" ``` -------------------------------- ### Run Axon API Gateway (Rust) Source: https://github.com/longcipher/axon/blob/master/README.md Starts the Axon API Gateway with a specified configuration file. This is the primary command to launch the gateway in a production or testing environment. It requires the Rust toolchain and the Axon binary. ```bash cargo run -- serve --config config.toml ``` -------------------------------- ### Run Axon Server (Bash) Source: https://github.com/longcipher/axon/blob/master/README.md Starts the Axon server with a specified configuration file. This command launches the gateway, enabling it to serve traffic according to the settings in the TOML file. ```bash ./target/release/axon serve --config config.toml ``` -------------------------------- ### Manage Axon Gateway via CLI Source: https://context7.com/longcipher/axon/llms.txt Commands to start the Axon gateway server and validate configuration files. These commands utilize the Cargo build system or pre-compiled binaries. ```bash # Start the gateway cargo run -- serve --config config.toml # Or with release build ./target/release/axon serve --config config.toml # Set log level via environment RUST_LOG=info ./target/release/axon serve --config config.toml # Validate configuration cargo run -- validate --config config.toml ``` -------------------------------- ### Manage Axon Systemd Service (Bash) Source: https://github.com/longcipher/axon/blob/master/README.md Commands to manage the Axon systemd service. These commands allow enabling the service to start on boot, starting it immediately, and checking its current status. ```bash sudo systemctl enable axon sudo systemctl start axon sudo systemctl status axon ``` -------------------------------- ### Complete Axon Configuration Example Source: https://context7.com/longcipher/axon/llms.txt This comprehensive TOML configuration file demonstrates various Axon features, including health checks, protocol enablement, security settings, load balancing, rate limiting, request header manipulation, static file serving, redirects, and WebSocket proxying. ```toml # config.example.toml listen_addr = "0.0.0.0:8080" [health_check] enabled = true path = "/health" interval_secs = 30 timeout_secs = 5 [protocols] http2_enabled = true websocket_enabled = true http3_enabled = false [security.management] health_policy = "local_only" metrics_enabled = false status_enabled = false [security.remote_config] allow_insecure_http = false [security.forwarded_headers] trust_client_forwarded_headers = false # Load balanced API route [routes."/api/v1/"] type = "load_balance" strategy = "round_robin" targets = [ "http://backend1:3000", "http://backend2:3000", "http://backend3:3000", ] [routes."/api/v1/".rate_limit] requests_per_minute = 100 burst_size = 20 [routes."/api/v1/".request_headers.add] "X-Gateway" = "axon" # Auth service proxy [routes."/auth/"] type = "proxy" target = "http://auth-service:4000" path_rewrite = "/auth/(.*)" [routes."/auth/".rate_limit] requests_per_minute = 50 burst_size = 10 # Static files [routes."/static/"] type = "static" root = "/var/www/static" # Redirect old API [routes."/old-api/"] type = "redirect" target = "/api/v1/" status_code = 301 # WebSocket endpoint [routes."/ws/"] type = "proxy" target = "ws://websocket-service:5000" ``` -------------------------------- ### Deploy Axon using Systemd Source: https://context7.com/longcipher/axon/llms.txt This snippet provides the necessary configuration for deploying Axon as a systemd service. It includes the systemd unit file content and bash commands to enable, start, and monitor the service and its logs. ```ini # /etc/systemd/system/axon.service [Unit] Description=Axon API Gateway After=network.target [Service] Type=simple User=axon Group=axon WorkingDirectory=/opt/axon ExecStart=/opt/axon/axon serve --config /opt/axon/config.toml Restart=always RestartSec=5 Environment=RUST_LOG=info [Install] WantedBy=multi-user.target ``` ```bash # Enable and start service sudo systemctl enable axon sudo systemctl start axon sudo systemctl status axon # View logs journalctl -u axon -f ``` -------------------------------- ### Access Axon Metrics Endpoint Source: https://context7.com/longcipher/axon/llms.txt This bash snippet shows how to scrape the Prometheus-compatible metrics endpoint provided by Axon. It includes an example of the expected output format for various metrics like request counts, latency, backend health, and active connections. ```bash # Scrape metrics endpoint curl -s http://127.0.0.1:8080/metrics # Example output: # # HELP axon_requests_total Total HTTP requests processed # # TYPE axon_requests_total counter # axon_requests_total{path="/api",method="GET",status="200"} 1523 # # # HELP axon_request_duration_seconds Request latency histogram # # TYPE axon_request_duration_seconds histogram # axon_request_duration_seconds_bucket{path="/api",method="GET",le="0.01"} 1200 # # # HELP axon_backend_health_status Backend health status (1=healthy, 0=unhealthy) # # TYPE axon_backend_health_status gauge # axon_backend_health_status{backend="http://backend1:3000"} 1 # # # HELP axon_active_connections Currently open connections # # TYPE axon_active_connections gauge # axon_active_connections 42 ``` -------------------------------- ### Build and Run Axon with HTTP/3 Feature Source: https://github.com/longcipher/axon/blob/master/README.md This bash command demonstrates how to build and run the Axon server with the experimental HTTP/3 (QUIC) feature enabled. It uses `cargo run` with the `--features http3` flag and specifies a configuration file. ```bash cargo run --features http3 -- serve --config examples/configs/http3_proxy.toml ``` -------------------------------- ### Configure Static File Serving Source: https://context7.com/longcipher/axon/llms.txt Defines how to serve static assets from a local directory. Requires a TOML configuration block specifying the route and root directory. ```toml listen_addr = "127.0.0.1:8080" [health_check] enabled = false [routes."/static/"] type = "static" root = "examples/static" ``` -------------------------------- ### Build Axon Server (Bash) Source: https://github.com/longcipher/axon/blob/master/README.md Builds the Axon server in release mode using Cargo. This command compiles the project and optimizes it for production. ```bash cargo build --release ``` -------------------------------- ### Configure and Run HTTP/3 Proxy with Axon Source: https://context7.com/longcipher/axon/llms.txt This snippet demonstrates how to configure Axon to act as an HTTP/3 proxy and how to build and run it with the necessary features. It also shows how to test the proxy using curl with HTTP/3 support. ```toml # http3_proxy.toml listen_addr = "127.0.0.1:8095" [protocols] http2_enabled = false websocket_enabled = false http3_enabled = true [tls] cert_path = "cert.pem" key_path = "key.pem" [health_check] enabled = false [routes."/api"] type = "proxy" target = "http://127.0.0.1:9095" ``` ```bash # Build with HTTP/3 feature cargo build --release --features http3 # Run with HTTP/3 enabled cargo run --features http3 -- serve --config examples/configs/http3_proxy.toml # Test with curl (requires HTTP/3 support) curl --http3 -k https://127.0.0.1:8095/api/data ``` -------------------------------- ### Implement HTTP Redirects Source: https://context7.com/longcipher/axon/llms.txt Sets up HTTP redirects using status codes and static file serving for specific paths. ```toml [routes."/old/"] type = "redirect" target = "/new/" status_code = 302 [routes."/new/"] type = "static" root = "examples/static" ``` -------------------------------- ### Enable Web Application Firewall (WAF) Source: https://context7.com/longcipher/axon/llms.txt Configures security modules to block SQL injection, XSS, command injection, and path traversal, with built-in bot detection. ```toml [waf] enabled = true [waf.sql_injection] enabled = true block_mode = true [waf.bot_detection] enabled = true block_mode = true ``` ```bash curl -s -w "%{http_code}" "http://localhost:8080/api/users?id=1' UNION SELECT * FROM users--" curl -s -w "%{http_code}" -A "Wget/1.20.3" http://localhost:8080/api/data ``` -------------------------------- ### Enable Tracing with RUST_LOG Environment Variable Source: https://github.com/longcipher/axon/blob/master/README.md This bash command shows how to enable structured logging and tracing in Axon by setting the RUST_LOG environment variable. It specifies the log level and the path to the Axon executable, directing output to standard error. ```bash RUST_LOG=info ./target/release/axon serve --config config.toml ``` -------------------------------- ### Configure TLS and HTTPS Source: https://context7.com/longcipher/axon/llms.txt Sets up manual TLS certificates or automatic ACME certificate management for secure connections. ```toml [tls] cert_path = "/path/to/cert.pem" key_path = "/path/to/key.pem" [tls.acme] domains = ["api.example.com"] email = "admin@example.com" production = true ``` -------------------------------- ### Enforce Runtime Config Validation (Rust) Source: https://github.com/longcipher/axon/blob/master/docs/superpowers/plans/2026-03-17-security-hardening.md This snippet outlines the implementation of runtime validation for configuration in a Rust application. It covers writing tests to ensure that invalid configurations are rejected during startup and hot reloads, implementing the validation logic in main.rs and config/validation.rs, and verifying that tests pass. The objective is to maintain runtime stability by preventing invalid states. ```bash cargo test main -- --nocapture git add src/main.rs src/config/validation.rs git commit -m "feat: enforce runtime config validation" ``` -------------------------------- ### Harden Management Endpoints with Policy (Rust) Source: https://github.com/longcipher/axon/blob/master/docs/superpowers/plans/2026-03-17-security-hardening.md This snippet details the process of securing management endpoints like /metrics, /status, and /health in a Rust application. It involves adding handler tests to verify default behavior, implementing policy-based access control using server configuration, and ensuring tests pass after the changes. The goal is to return 404 for disabled endpoints and 403 for unauthorized local access. ```bash cargo test http_handler -- --nocapture git add src/adapters/http_handler.rs src/config/models.rs git commit -m "feat: harden management endpoints" ``` -------------------------------- ### Rebuild Forwarding Headers Safely (Rust) Source: https://github.com/longcipher/axon/blob/master/docs/superpowers/plans/2026-03-17-security-hardening.md This snippet describes how to securely rebuild forwarding headers like X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto in a Rust application. It includes writing tests to ensure inbound headers are replaced with gateway-derived values in secure mode, implementing the header stripping and rebuilding logic, and verifying the changes with tests. Compatibility mode for preserving existing behavior is also considered. ```bash cargo test http_handler -- --nocapture git add src/adapters/http_handler.rs src/adapters/http_client.rs src/config/models.rs git commit -m "feat: rebuild forwarded headers safely" ``` -------------------------------- ### Run HTTP/3 Integration Test Source: https://github.com/longcipher/axon/blob/master/README.md This bash command executes integration tests for the HTTP/3 feature of Axon. It uses `cargo test` with the `--features http3` flag to run tests specifically related to HTTP/3 functionality. ```bash cargo test --features http3 --test http3_basic ``` -------------------------------- ### Validate Axon Configuration (Rust) Source: https://github.com/longcipher/axon/blob/master/README.md Validates the syntax and structure of an Axon configuration file. This command is useful for ensuring that your configuration is correctly formatted before deploying or running the gateway. It requires the Rust toolchain and the Axon binary. ```bash cargo run -- validate --config examples/configs/static_files.toml ``` -------------------------------- ### Configure Host-Based Routing with TOML Source: https://github.com/longcipher/axon/blob/master/README.md This TOML snippet demonstrates configuring host-based routing in Axon. It defines routes that are matched based on the Host header, allowing different backends to serve requests for different domains. A default fallback route is also included. ```toml # Route for api.example.com [routes."/api"] type = "proxy" host = "api.example.com" target = "http://api-backend:3001" # Route for admin.example.com [routes."/admin"] type = "proxy" host = "admin.example.com" target = "http://admin-backend:3002" # Default fallback (no host specified) [routes."/"] type = "proxy" target = "http://default-backend:5000" ``` -------------------------------- ### Run HTTP/3 Proxy Smoke Test Script Source: https://github.com/longcipher/axon/blob/master/README.md This bash command executes a script designed for smoke testing the HTTP/3 proxy functionality of Axon. It requires curl with HTTP/3 support and generates a self-signed certificate for local testing. ```bash examples/scripts/http3_proxy.sh ``` -------------------------------- ### Proxy WebSocket Connections Source: https://context7.com/longcipher/axon/llms.txt Configures WebSocket proxying with subprotocol negotiation and message size constraints. Includes testing methods using websocat and Python. ```toml [routes."/ws/"] type = "websocket" target = "ws://127.0.0.1:9105" path_rewrite = "/" max_message_size = 65536 max_frame_size = 65536 subprotocols = ["chat", "echo"] ``` ```python import asyncio import websockets async def test(): async with websockets.connect('ws://127.0.0.1:8090/ws/') as ws: await ws.send('Hello, WebSocket!') response = await ws.recv() print(f'Received: {response}') asyncio.run(test()) ``` -------------------------------- ### Configure Load Balancing Source: https://context7.com/longcipher/axon/llms.txt Distributes incoming traffic across multiple backend servers using strategies like round-robin or random selection. ```toml listen_addr = "127.0.0.1:8082" [health_check] enabled = false [routes."/svc/"] type = "load_balance" strategy = "round_robin" targets = [ "http://127.0.0.1:9101", "http://127.0.0.1:9102", ] ``` -------------------------------- ### Configure Reverse Proxy Source: https://context7.com/longcipher/axon/llms.txt Sets up a reverse proxy to forward traffic to a specific backend server. Supports path rewriting to modify request URIs before they reach the backend. ```toml listen_addr = "127.0.0.1:8081" [health_check] enabled = false [routes."/api"] type = "proxy" target = "http://127.0.0.1:9001" ``` -------------------------------- ### Validate Axon Configuration (Bash) Source: https://github.com/longcipher/axon/blob/master/README.md Validates the Axon server configuration file. This command checks if the provided TOML configuration file is correctly formatted and adheres to the expected structure. ```bash ./target/release/axon validate --config config.toml ``` -------------------------------- ### Configure HTTP Proxy Routes Source: https://context7.com/longcipher/axon/llms.txt Defines proxy routes with host-based matching, path rewriting, and rate limiting. The configuration uses TOML to map incoming requests to backend services. ```toml [routes."/api"] type = "proxy" host = "api.example.com" target = "http://127.0.0.1:3001" [routes."/admin"] type = "proxy" host = "admin.example.com" target = "http://127.0.0.1:3002" path_rewrite = "/" [routes."/"] type = "proxy" target = "http://127.0.0.1:5000" [routes."/".rate_limit] by = "ip" requests = 100 period = "1m" ``` ```bash curl -H "Host: api.example.com" http://localhost:8080/api/users curl -H "Host: admin.example.com" http://localhost:8080/admin/dashboard curl http://localhost:8080/default ``` -------------------------------- ### Configure Backend Health Checking Source: https://context7.com/longcipher/axon/llms.txt Configures active health monitoring for backend servers. Includes settings for check intervals, timeouts, and success/failure thresholds, with metrics exposed via Prometheus. ```toml listen_addr = "127.0.0.1:8084" [routes."/api/"] type = "load_balance" strategy = "round_robin" targets = [ "http://127.0.0.1:9201", "http://127.0.0.1:9202", ] [health_check] enabled = true path = "/health" interval_secs = 1 timeout_secs = 1 unhealthy_threshold = 1 healthy_threshold = 1 [backend_health_paths] "http://127.0.0.1:9201" = "/health" "http://127.0.0.1:9202" = "/health" ``` -------------------------------- ### Configure Axon Security Settings Source: https://context7.com/longcipher/axon/llms.txt This TOML snippet shows how to configure security settings for Axon, including policies for management endpoints (health, metrics, status) and how to handle forwarded headers. It also includes bash commands to test the health endpoint accessibility. ```toml # config.example.toml (excerpt) [security.management] # Health endpoint visibility: disabled | local_only | public health_policy = "local_only" metrics_enabled = false status_enabled = false [security.remote_config] # Require HTTPS for remote configuration allow_insecure_http = false [security.forwarded_headers] # Trust client-provided X-Forwarded-* headers (unsafe) trust_client_forwarded_headers = false ``` ```bash # Health endpoint only accessible from localhost when local_only curl http://127.0.0.1:8080/health # 200 OK (from localhost) curl http://192.168.1.100:8080/health # 403 Forbidden (from remote) # Metrics disabled by default curl http://127.0.0.1:8080/metrics # 404 Not Found ``` -------------------------------- ### Systemd Service Configuration for Axon (INI) Source: https://github.com/longcipher/axon/blob/master/README.md Defines a systemd service unit for the Axon API Gateway. This configuration specifies how the service should be managed by systemd, including its description, dependencies, execution command, and restart policy. ```ini [Unit] Description=Axon API Gateway After=network.target [Service] Type=simple User=axon Group=axon WorkingDirectory=/opt/axon ExecStart=/opt/axon/axon serve --config /opt/axon/config.toml Restart=always RestartSec=5 Environment=RUST_LOG=info [Install] WantedBy=multi-user.target ``` -------------------------------- ### Configure Rate Limiting with TOML Source: https://github.com/longcipher/axon/blob/master/README.md This TOML snippet configures per-route rate limiting for a specific route. It specifies the limiting algorithm, the key to use for limiting (e.g., client IP), the number of requests allowed, the time period, and custom responses for rate-limited requests. ```toml [routes."/api".rate_limit] by = "ip" requests = 100 period = "1m" algorithm = "token_bucket" status_code = 429 message = "Too Many Requests" ``` -------------------------------- ### Configure Rate Limiting Source: https://context7.com/longcipher/axon/llms.txt Implements request throttling based on IP address or headers. Allows defining thresholds, time periods, and custom response codes for exceeded limits. ```toml listen_addr = "127.0.0.1:8083" [health_check] enabled = false [routes."/rl/"] type = "static" root = "examples/static" [routes."/rl/".rate_limit] by = "ip" requests = 3 period = "2s" status_code = 429 message = "Too Many Requests" ``` -------------------------------- ### Configure Per-Backend Health Check Paths with TOML Source: https://github.com/longcipher/axon/blob/master/README.md This TOML snippet allows overriding the default health check path for specific backends. It maps backend URLs to custom health check paths, enabling more granular health monitoring for individual services. ```toml [backend_health_paths] "http://service-a:8080" = "/ready" "http://service-b:8080" = "/live" ``` -------------------------------- ### Configure Backend Health Check Paths via TOML Source: https://context7.com/longcipher/axon/llms.txt Defines the health check endpoints for various backend services within the Axon configuration. This mapping allows the gateway to monitor service availability and perform automated load balancing. ```TOML [backend_health_paths] "http://backend1:3000" = "/health" "http://backend2:3000" = "/health" "http://backend3:3000" = "/health" "http://auth-service:4000" = "/health/check" ``` -------------------------------- ### Configure Health Checks with TOML Source: https://github.com/longcipher/axon/blob/master/README.md This TOML snippet configures global health checking parameters for Axon. It enables health checks, sets the check interval, timeout, the path to check, and the thresholds for determining if a backend is unhealthy or healthy. ```toml [health_check] enabled = true interval_secs = 30 timeout_secs = 5 path = "/health" unhealthy_threshold = 3 healthy_threshold = 2 ``` -------------------------------- ### Manipulate HTTP Headers Source: https://context7.com/longcipher/axon/llms.txt Modifies request and response headers during proxying, useful for load balancing and security metadata injection. ```toml [routes."/api/v1/" .request_headers.add] "X-Gateway" = "axon" [routes."/api/v1/" .request_headers] remove = ["Server"] ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.