Quick Start
Quick Commands
Section titled “Quick Commands”Development
Section titled “Development”# Start all servicesdocker-compose up -d
# View logsdocker-compose logs -f mitigation-node
# Test the proxycurl -k https://localhost:8443/
# Check metricscurl http://localhost:9191/metrics
# Stop all servicesdocker-compose downProduction Build
Section titled “Production Build”# Build release binariescargo build --release --workspace
# Run testscargo test --workspace
# Installsudo cp target/release/mitigation-node /usr/local/bin/sudo setcap cap_net_raw,cap_net_admin+ep /usr/local/bin/mitigation-nodeMonitoring Endpoints
Section titled “Monitoring Endpoints”| Service | Endpoint | Description |
|---|---|---|
| Mitigation Node | http://localhost:9090/metrics | Prometheus metrics |
| Mitigation Node | http://localhost:9191/metrics | Internal metrics |
| Mitigation Node | http://localhost:9999/ | Management API |
| Orchestrator | http://localhost:3030/ | Control API |
| Orchestrator | http://localhost:9091/metrics | Orchestrator metrics |
| Prometheus | http://localhost:9092/ | Metrics dashboard |
| NATS | http://localhost:8222/ | NATS monitoring |
Configuration Files
Section titled “Configuration Files”| File | Purpose | Environment |
|---|---|---|
config.dev.toml | Development | Local testing |
config.prod.toml | Production | Live deployment |
config.l7.toml | L7 mode with WAF | Full features |
config.tcp.toml | TCP proxy mode | Minimal overhead |
config.docker.toml | Docker deployment | Container environments |
Operation Modes
Section titled “Operation Modes”TCP Mode
Section titled “TCP Mode”- Basic proxy with minimal overhead
- High performance
- No root privileges required
SYN Mode (Beta)
Section titled “SYN Mode (Beta)”- SYN flood protection prototype
- Requires root or CAP_NET_RAW capability
- Experimental - use TCP mode for production
L7 Mode
Section titled “L7 Mode”- Full WAF + DDoS protection
- TLS termination
- Complete security features
Select Mode in Config
Section titled “Select Mode in Config”[platform]mode = "l7" # tcp, syn, l7, or autoSecurity Checklist
Section titled “Security Checklist”Before deploying to production, ensure you:
- ✓ Change
SYN_COOKIE_SECRETin production - ✓ Replace default API keys
- ✓ Use valid TLS certificates
- ✓ Configure firewall rules
- ✓ Enable rate limiting
- ✓ Set up monitoring alerts
- ✓ Rotate secrets regularly
- ✓ Review blocklist/allowlist IPs
Performance Tuning
Section titled “Performance Tuning”High Traffic (100K+ connections)
Section titled “High Traffic (100K+ connections)”[network]max_connections = 100000buffer_size = 65536
[ddos.rate_limiting]global_requests_per_second = 100000Low Latency
Section titled “Low Latency”[network]buffer_size = 16384connection_timeout_seconds = 10Memory Constrained
Section titled “Memory Constrained”[network]max_connections = 10000buffer_size = 8192Troubleshooting
Section titled “Troubleshooting”Service won’t start
Section titled “Service won’t start”# Check logsdocker-compose logs mitigation-node
# Verify ports aren't in usesudo lsof -i :8443High CPU usage
Section titled “High CPU usage”# Check metricscurl http://localhost:9191/metrics | grep cpu
# Reduce connection limits# Edit config: max_connections = 5000TLS errors
Section titled “TLS errors”# Verify certificatesopenssl x509 -in certs/cert.pem -text -noout
# Regenerate if neededmake setup-certsPermission denied (SYN mode)
Section titled “Permission denied (SYN mode)”# Set capabilitiessudo setcap cap_net_raw,cap_net_admin+ep /usr/local/bin/mitigation-node
# Or run with sudosudo ./target/release/mitigation-nodeNext Steps
Section titled “Next Steps”- Core Architecture - Understand how SecBeat works
- Installation - Detailed installation guide
- API Reference - API documentation