A Lightweight Cloud Native API Gateway.
Helmet is Cloud Native API Gateway that control who accesses your API whether from customer or other internal services. It also collect metrics about service calls count, latency, success rate and much more!
Here is some of the key features:
- Manage Service to Service Authentication, Authorization and Communication.
- Manage End User to Service Authentication, Authorization and Communication.
- Basic, API Key Based and OAuth2 Authentication Support.
- Multiple Backends Support with Load Balancing, Health Checks.
- Runtime Metrics for both Helmet and Backend Services exposed for Prometheus.
- CORS Support.
- HTTP/2 support.
- Rate Limiting Support.
- Circuit Breaker Support.
- Caching Layer to make it even more faster.
- Lightweight, Easy to Deploy and Operate.
Download the latest helmet binary. Make it executable from everywhere.
$ export LATEST_VERSION=$(curl --silent "https://api.github.com/repos/norwik/Helmet/releases/latest" | jq '.tag_name' | sed -E 's/.*"([^"]+)".*/\1/' | tr -d v)
$ curl -sL https://github.com/norwik/Helmet/releases/download/v{$LATEST_VERSION}/helmet_{$LATEST_VERSION}_Linux_x86_64.tar.gz | tar xz
Then install MySQL
and Redis
on the server or a separate one.
Create the configs file config.yml
from config.dist.yml
. Something like the following:
# App configs
app:
# App name
name: ${HELMET_APP_NAME:-helmet}
# Env mode (dev or prod)
mode: ${HELMET_APP_MODE:-dev}
# HTTP port
port: ${HELMET_API_PORT:-8000}
# Hostname
hostname: ${HELMET_API_HOSTNAME:-127.0.0.1}
# TLS configs
tls:
status: ${HELMET_API_TLS_STATUS:-off}
crt_path: ${HELMET_API_TLS_PEMPATH:-cert/server.crt}
key_path: ${HELMET_API_TLS_KEYPATH:-cert/server.key}
# Global timeout
timeout: ${HELMET_API_TIMEOUT:-50}
# API Configs
api:
key: ${HELMET_API_KEY:-6c68b836-6f8e-465e-b59f-89c1db53afca}
# CORS status
cors:
status: ${HELMET_CORS_STATUS:-off}
# Application Database
database:
# Database driver (sqlite3, mysql)
driver: ${HELMET_DATABASE_DRIVER:-sqlite3}
# Database Host
host: ${HELMET_DATABASE_MYSQL_HOST:-localhost}
# Database Port
port: ${HELMET_DATABASE_MYSQL_PORT:-3306}
# Database Name
name: ${HELMET_DATABASE_MYSQL_DATABASE:-helmet.db}
# Database Username
username: ${HELMET_DATABASE_MYSQL_USERNAME:-root}
# Database Password
password: ${HELMET_DATABASE_MYSQL_PASSWORD:-root}
# Key Store Configs
key_store:
# Cache Driver
driver: ${HELMET_CACHE_DRIVER:-redis}
# Redis Driver Configs
redis:
# Redis Address
address: ${HELMET_CACHE_REDIS_ADDR:-localhost:6379}
# Redis Password
password: ${HELMET_CACHE_REDIS_PASSWORD:-}
# Redis Database
database: ${HELMET_CACHE_REDIS_DB:-0}
# Endpoint Configs
endpoint:
# Orders Internal Service
- name: orders_service
active: true
proxy:
listen_path: "/orders/v2/*"
upstreams:
balancing: roundrobin
targets:
- target: https://httpbin.org/anything/orders1/v2
- target: https://httpbin.org/anything/orders2/v2
- target: https://httpbin.org/anything/orders3/v2
- target: https://httpbin.org/anything/orders4/v2
http_methods:
- ANY
authentication:
status: on
# Rate limit use the key store for fast read write
rate_limit:
status: off
# Circuit Breaker use the key store for fast read write
circuit_breaker:
status: off
# Customers Internal Service
- name: customers_service
active: true
proxy:
listen_path: "/customer/v2/*"
upstreams:
balancing: random
targets:
- target: https://httpbin.org/anything/customers1/v2
- target: https://httpbin.org/anything/customers2/v2
- target: https://httpbin.org/anything/customers3/v2
- target: https://httpbin.org/anything/customers4/v2
http_methods:
- GET
- POST
- PUT
- DELETE
authentication:
status: on
# Rate limit use the key store for fast read write
rate_limit:
status: off
# Circuit Breaker use the key store for fast read write
circuit_breaker:
status: off
# Log configs
log:
# Log level, it can be debug, info, warn, error, panic, fatal
level: ${HELMET_LOG_LEVEL:-info}
# Output can be stdout or abs path to log file /var/logs/helmet.log
output: ${HELMET_LOG_OUTPUT:-stdout}
# Format can be json
format: ${HELMET_LOG_FORMAT:-json}
The run the helmet
with systemd
$ helmet server -c /path/to/config.yml
For transparency into our release cycle and in striving to maintain backward compatibility, Helmet is maintained under the Semantic Versioning guidelines and release process is predictable and business-friendly.
See the Releases section of our GitHub project for changelogs for each release version of Helmet. It contains summaries of the most noteworthy changes made in each release.
If you have any suggestions, bug reports, or annoyances please report them to our issue tracker at https://github.com/norwik/helmet/issues
If you discover a security vulnerability within Helmet, please send an email to [email protected]
We are an open source, community-driven project so please feel free to join us. see the contributing guidelines for more details.
ยฉ 2021, Clivern. Released under MIT License.
Helmet is authored and maintained by @Clivern.