Secure Your Microservices: Meet Halimun, the High-Performance Encrypted Proxy

#performance #rust #security #showdev

Meet Halimun Proxy a high-performance, ultra-low latency proxy tunnel system built from the ground up in Rust.

Why Rust?

By leveraging Rust, Halimun achieves extreme efficiency. Using the Axum web framework and Tokio for non-blocking asynchronous I/O, it manages to maintain a tiny footprint—running on as little as ~15MB of RAM. It’s designed to be fast, memory-safe, and incredibly stable under load.

Core Security Features

Halimun isn't just a proxy; it’s a security layer. It enforces strict request validation to ensure your internal services are never exposed to malicious actors:

AES-256-CBC Encryption: End-to-end payload masking. Even if your traffic is intercepted, the actual API endpoint and data remain indecipherable.
HMAC-SHA256 Integrity: Validates that data hasn't been tampered with in transit.
Replay Attack Prevention: Uses Nonce and timestamp verification in-memory (via DashMap) to reject duplicate spoofed requests.
SSRF Protection: Built-in mechanisms to prevent attackers from targeting your internal network infrastructure (e.g., 127.0.0.1).
Camouflage Routing: It hides your actual API structure behind random, dummy URL segments, making traffic profiling by WAFs or human analysts nearly impossible.

Quick Start (Docker)

Halimun is "Docker-ready," making it easy to drop into any existing infrastructure.

1. Configuration

First, generate your encryption keys using the built-in generator:

# Generate keys and save to .env
docker build -t halimun-proxy .
docker run --rm halimun-proxy ./halimun-proxy --keygen --format=env > .env

2. Deployment

Configure your config.yaml to map your backend services, then launch your cluster:

docker-compose up -d

Your production proxy is now live, listening securely on port 80 while your backend services remain completely secluded within a private Docker network.

Under the Hood: Request Lifecycle

Halimun uses an encrypted tunnel approach. A typical request follows this structure:
POST /proxy/1/SEGMENT1/SEGMENT2/SEGMENT3/SEGMENT4/SEGMENT5

The actual data is sent via x-www-form-urlencoded with the body encrypted as a Base32 string. Once received, Halimun decrypts the payload, validates the HMAC, checks the Nonce for replays, and only then forwards the request to your microservice.

Monitoring & Management

Security doesn't have to be a "black box." Halimun includes a sleek, Glassmorphism-styled Admin UI accessible via your dashboard. It provides:

Live Traffic Logs: See exactly what’s happening in real-time.
Registry Hub: Overview of all your active backend mappings.
Key Management: Rotate credentials remotely to maintain high security.

Join the Community

Whether you are building a microservices mesh or simply want to add a hardened security layer to your existing API, Halimun is a fantastic, open-source choice.