API Gateways and Reverse Proxies

Ocelot is a .NET API gateway that functions as an HTTP reverse proxy to route, balance, and secure traffic between clients and backend services. It serves as a centralized manager for incoming requests, providing a single entry point for traffic orchestration. The project differentiates itself through dynamic request orchestration, allowing it to aggregate multiple backend service responses into a single result to minimize client network round trips. It also supports dynamic gateway configuration, enabling updates to system behavior and operational parameters without requiring a service resta

Nginx is a high-performance HTTP server and reverse proxy designed to handle high-concurrency traffic through an efficient, event-driven architecture. It functions as a versatile traffic management gateway and content delivery accelerator, providing the infrastructure necessary to route client requests, balance loads across backend servers, and serve static assets with minimal resource consumption. The project distinguishes itself through a master-worker process model that separates configuration management from request processing, ensuring stable operations under heavy load. Its modular requ

Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit

HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L

Traefik is a cloud-native edge router and API gateway designed to manage service communication and traffic flow across distributed infrastructure. It functions as a dynamic service proxy that automatically discovers backend services and configures routing rules in real time, eliminating the need for manual restarts or complex configuration updates. By integrating directly with container orchestrators and service registries, it maintains a consistent state for network traffic, load balancing, and security policy enforcement. The project distinguishes itself through its deep integration with di

This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the requ

Traefik is a cloud-native load balancer and dynamic reverse proxy designed for microservices traffic routing. It automatically discovers services and generates network routes by listening to infrastructure changes in orchestrators and service registries. The project distinguishes itself through auto-configuring service routing, which eliminates manual configuration by updating routing rules in real time as infrastructure scales. It also provides automated SSL certificate management, utilizing ACME-based automation to request and renew certificates from remote authorities. Additional capabili

BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme

Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c

Dubbo is a Java RPC framework and microservices governance platform designed for high-performance remote procedure calls in distributed architectures. It provides the foundational components necessary to connect distributed services across a network, including a binary data serialization library and a distributed service registry. The platform distinguishes itself through a comprehensive governance suite that manages service discovery, load balancing, and traffic routing. It enables precise control over network traffic via conditional routing and a pluggable extension mechanism based on a ser

Eureka is a service registry and discovery server that serves as a coordination tool for microservices. It provides a distributed service registry where instances record their network locations and health status to enable dynamic communication without the use of hardcoded addresses. The system functions as a client-side load balancing framework, providing location data to consumers so they can distribute network traffic across available instances. It employs a heartbeat-based health monitor to track instance availability and automatically removes unresponsive nodes from the registry to manage

Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo

Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads netw

Nginx Proxy Manager is a containerized gateway controller that provides a graphical interface for managing web server routing, security certificates, and access control lists. It functions as a centralized dashboard for directing incoming web traffic to internal services, allowing users to map domain names to specific network ports without manual configuration file edits. The project distinguishes itself by automating the lifecycle of SSL certificates through integrated certificate authority clients and ACME challenges. It utilizes a dynamic routing engine based on high-performance web server