DEV Community

Zayd Mulani
Zayd Mulani

Posted on

I built a self-hosted reverse proxy for MCP servers in Rust

The problem

Every AI tool that talks to MCP servers (Claude, Cursor, etc.)
connects directly — no auth, no rate limiting, no observability.
You have no idea what's hitting your servers or how often.

What I built

MCP Gateway sits in front of all your MCP servers and handles:

  • Routing — /mcp/server-name/* proxies to the right backend
  • Auth — per-server API keys encrypted AES-256-GCM in memory
  • Rate limiting — token bucket per client, 429 + Retry-After
  • Logging — SQLite log of every request with latency + status
  • Usage tracking — token counts from Anthropic/OpenAI responses
  • CLI — mcpgw server add/list/remove, mcpgw logs show, mcpgw stats

Quickstart

MCPGW_MASTER_SECRET=your-secret docker compose up --build

Stack

Rust, Axum, SQLite (rusqlite), DashMap, AES-GCM

GitHub: https://github.com/zaydmulani09/mcp-gateway

Top comments (1)

Collapse
 
topstar_ai profile image
Luis

This is a great systems-level project—building a self-hosted reverse proxy for MCP servers in Rust immediately signals a strong focus on performance and control. I like the architectural direction here, especially the idea of centralizing routing, auth, and observability instead of pushing those concerns into individual services. Rust feels like a solid choice given the need for low-latency request handling and safety in concurrent workloads. One thing I’d be curious about is how you handle dynamic service discovery and hot reloads without downtime. Also interesting to see how this scales when multiple MCP servers have different protocol or latency characteristics.