Skip to content

Quick Start

Terminal window
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f mitigation-node
# Test the proxy
curl -k https://localhost:8443/
# Check metrics
curl http://localhost:9191/metrics
# Stop all services
docker-compose down
Terminal window
# Build release binaries
cargo build --release --workspace
# Run tests
cargo test --workspace
# Install
sudo cp target/release/mitigation-node /usr/local/bin/
sudo setcap cap_net_raw,cap_net_admin+ep /usr/local/bin/mitigation-node
ServiceEndpointDescription
Mitigation Nodehttp://localhost:9090/metricsPrometheus metrics
Mitigation Nodehttp://localhost:9191/metricsInternal metrics
Mitigation Nodehttp://localhost:9999/Management API
Orchestratorhttp://localhost:3030/Control API
Orchestratorhttp://localhost:9091/metricsOrchestrator metrics
Prometheushttp://localhost:9092/Metrics dashboard
NATShttp://localhost:8222/NATS monitoring
FilePurposeEnvironment
config.dev.tomlDevelopmentLocal testing
config.prod.tomlProductionLive deployment
config.l7.tomlL7 mode with WAFFull features
config.tcp.tomlTCP proxy modeMinimal overhead
config.docker.tomlDocker deploymentContainer environments
  • Basic proxy with minimal overhead
  • High performance
  • No root privileges required
  • SYN flood protection prototype
  • Requires root or CAP_NET_RAW capability
  • Experimental - use TCP mode for production
  • Full WAF + DDoS protection
  • TLS termination
  • Complete security features
[platform]
mode = "l7" # tcp, syn, l7, or auto

Before deploying to production, ensure you:

  • ✓ Change SYN_COOKIE_SECRET in production
  • ✓ Replace default API keys
  • ✓ Use valid TLS certificates
  • ✓ Configure firewall rules
  • ✓ Enable rate limiting
  • ✓ Set up monitoring alerts
  • ✓ Rotate secrets regularly
  • ✓ Review blocklist/allowlist IPs
[network]
max_connections = 100000
buffer_size = 65536
[ddos.rate_limiting]
global_requests_per_second = 100000
[network]
buffer_size = 16384
connection_timeout_seconds = 10
[network]
max_connections = 10000
buffer_size = 8192
Terminal window
# Check logs
docker-compose logs mitigation-node
# Verify ports aren't in use
sudo lsof -i :8443
Terminal window
# Check metrics
curl http://localhost:9191/metrics | grep cpu
# Reduce connection limits
# Edit config: max_connections = 5000
Terminal window
# Verify certificates
openssl x509 -in certs/cert.pem -text -noout
# Regenerate if needed
make setup-certs
Terminal window
# Set capabilities
sudo setcap cap_net_raw,cap_net_admin+ep /usr/local/bin/mitigation-node
# Or run with sudo
sudo ./target/release/mitigation-node