Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 23 additions & 37 deletions .cargo/deny.toml
Original file line number Diff line number Diff line change
@@ -1,49 +1,35 @@
[graph]
targets = []
all-features = false
no-default-features = false
exclude-dev = true
# cargo-deny configuration (0.18+ format)
#
# NOTE: cargo-deny does not auto-discover this path — CI invokes it as
# `cargo deny check --config .cargo/deny.toml`.

[output]
feature-depth = 1
[advisories]
yanked = "deny"

# rustls-pemfile is archived — replacement is rustls-pki-types PemObject (1.9+).
# Only used in tests/dev-deps; migration tracked separately.
[[advisories.ignore]]
id = "RUSTSEC-2025-0134"

[licenses]
allow = [
"Apache-2.0",
"MIT",
"Unicode-3.0",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-2-Clause",
"BSD-3-Clause",
"ISC",
"BSD-3-Clause"
"Zlib",
"0BSD",
"CC0-1.0",
"Unicode-DFS-2016",
"Unicode-3.0",
]

confidence-threshold = 0.8
exceptions = []

[licenses.private]
ignore = true
registries = []

[bans]
multiple-versions = "allow"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
allow = []
deny = []
skip = []
skip-tree = []
multiple-versions = "warn"
wildcards = "deny"

[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []

[sources.allow-org]
github = []
gitlab = []
bitbucket = []

[advisories]
ignore = []
unknown-git = "deny"
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ jobs:
uses: taiki-e/install-action@cargo-audit

- name: cargo deny check
run: cargo deny check
run: cargo deny check --config .cargo/deny.toml

- name: cargo audit
run: cargo audit --deny warnings
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,4 @@ jobs:
uses: taiki-e/install-action@cargo-deny

- name: Check licenses
run: cargo deny check licenses
run: cargo deny check --config .cargo/deny.toml licenses
44 changes: 34 additions & 10 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed
### Added

- Hot-reload config storage: `Arc<RwLock<Config>>` → `Arc<ArcSwap<Config>>` (lock-free reads, `Arc` snapshots instead of full `Config` clones)
- `Proxy::config_snapshot()` is now synchronous and returns `Arc<Config>` (was `async fn` returning owned `Config`)
- `Proxy::update_config()` is now synchronous (was `async fn`)
- **Prometheus metrics** (optional `metrics` feature): request counters, latency
histograms, active-request gauge, and TLS handshake counters, exposed on
`/metrics` via a dedicated admin HTTP server.
- `http_requests_total{method,status,site}` — counter
- `http_request_duration_seconds{method,status}` — histogram (11 buckets, 5ms–10s)
- `http_active_requests` — gauge (in-flight requests)
- `tls_handshakes_total{status}` — counter (`ok` / `fail`)
- CLI flag `--metrics-addr` and env var `TINY_PROXY_METRICS_ADDR`
- **Lock-free hot-reload**: config storage switched to `Arc<ArcSwap<Config>>`
— reads are wait-free, snapshots return `Arc<Config>` instead of cloning.
`Proxy::config_snapshot()` and `Proxy::update_config()` are now synchronous.
- Integration tests: config hot-reload on keep-alive connections, Prometheus
`/metrics` endpoint (counters, histogram buckets, gauge, metadata).
- Dependencies: `arc-swap`, `metrics`, `metrics-exporter-prometheus` (optional)

### Fixed
### Changed

- Hot-reload now applies on every HTTP request, including subsequent requests on keep-alive connections
- Hot-reload on TLS listeners started via `start_with_addr` / `start_tls` now picks up routing changes without restart
- `hyper-rustls` is now a **core dependency** (was optional under `tls`).
HTTPS **backend** connections are always available; the `tls` feature now
controls only frontend TLS termination (rustls / tokio-rustls / rustls-pemfile).
- `cargo-deny` configuration moved from `deny.toml` to `.cargo/deny.toml`;
CI now invokes `cargo deny check --config .cargo/deny.toml`.

### Added
### Fixed

- Dependency: `arc-swap`
- Integration test: config hot-reload over a single keep-alive connection
- Hot-reload now applies on every HTTP request, including subsequent requests on
keep-alive connections (previously only the first request on a connection saw
config updates).
- Hot-reload on TLS listeners started via `start_with_addr` / `start_tls` now
picks up routing changes without a restart.
- `cargo build --no-default-features` no longer fails: `hyper-util` enables the
`client-legacy` feature, and `hyper-rustls` is no longer optional in the core
proxy module.
- Missing `#[cfg(feature = "tls")]` guards in `proxy.rs` for the redirect-port
helper and `HashSet` import.
- `rustdoc` warning: `Full<Bytes>` in a doc comment was parsed as an unclosed
HTML tag; the type names are now wrapped in backticks.

## [0.4.0] - 2026-05-25

Expand Down
Loading
Loading