30 open-source projects similar to sozu-proxy/sozu, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Sozu alternative.
This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-clu
Pingora is a Rust-based framework for building high-performance network services, including HTTP reverse proxies, layer seven load balancers, and TLS termination proxies. It serves as an asynchronous network library designed to intercept and route HTTP, gRPC, and WebSocket traffic between clients and upstream backend servers. The project enables zero-downtime service updates by handing over listening sockets between processes during binary or configuration upgrades. It utilizes a programmable multi-phase pipeline to modify request and response bodies and headers, and it provides a pluggable T
Mosn is a multi-protocol network proxy designed for cloud-native service meshes, API gateway management, and distributed load balancing. It forwards layer four and layer seven traffic across diverse network protocols to ensure interoperability between distributed cloud components. The project is distinguished by its ability to perform zero-downtime proxy updates, replacing the running binary while maintaining existing network connections. It further supports dynamic proxy extension, allowing custom request processing logic to be added via external plugins or compiled Go modules without restar
Redbird is a Node.js reverse proxy used to route external network traffic to internal servers. It functions as a layer 7 load balancer that maps incoming requests from specific domains or hosts to target upstream servers, shielding backend services from direct public exposure. The project features dynamic route management, allowing routing rules to be updated programmatically at runtime. It synchronizes these routes automatically by polling external sources such as Docker containers and etcd clusters to align proxy configurations with service lifecycles. Additional capabilities include SSL a
The NGINX Ingress Controller is a Kubernetes-native traffic manager that handles external requests and routes them to internal services. It translates Kubernetes API objects and annotations into proxy configurations to manage incoming HTTP, TCP, and UDP traffic. The controller distinguishes itself through advanced traffic steering and security integration. It supports blue-green and canary traffic splitting, as well as content-based and regex path routing. Security is handled at the edge via a web application firewall, denial-of-service protection, and a variety of authentication methods incl
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network
This project is a comprehensive library of reference implementations and patterns for building web applications using the Go Fiber framework. It provides curated templates and implementation guides for creating REST APIs, web servers, and structured backend services. The repository serves as a practical resource for applying architectural patterns, including Clean and Hexagonal architectures, as well as port-and-adapter decoupling. It offers detailed examples for integrating common web features such as OAuth2 authentication, JWT verification, WebSockets for real-time communication, and server
HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L
Envoy is a cloud-native service proxy and distributed system traffic manager designed to route and control network traffic between services and clients. It operates as an L4 and L7 network proxy, managing communication at the edge and middle levels of a distributed cloud environment. The project provides capabilities for API gateway implementation and edge proxy routing to direct external requests to internal services. It serves as a foundation for service mesh traffic management and cloud-native load balancing to ensure high availability across backend instances. The system also includes to
PgBouncer is a lightweight middleware proxy server and connection pooler for PostgreSQL. It acts as a database connection manager and load balancer, reducing system overhead by managing a pool of reusable connections and distributing incoming traffic across multiple backend servers. The project distinguishes itself through a protocol-level proxying approach that handles authentication and TLS encryption without parsing underlying SQL queries. It provides specialized support for mapping named prepared statements across different backend connections and implements a socket-sharing process model
Varnish Cache is an HTTP reverse proxy and content accelerator designed to sit in front of web servers. It functions as a caching engine that stores frequently accessed web content in memory to reduce the processing load on backend origin servers and accelerate delivery times for end users. The software distinguishes itself through a domain-specific configuration language that compiles request-handling logic into machine-level bytecode for execution at wire speed. It utilizes a multi-threaded event loop to manage concurrent connections and employs shared-memory object storage alongside virtua
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
The AWS Load Balancer Controller is a Kubernetes controller that automates the provisioning and lifecycle management of cloud-native load balancing resources. It functions as an infrastructure orchestrator, translating declarative cluster configurations into specific requests for external cloud services to route traffic into containerized workloads. By implementing standard ingress and gateway specifications, the system ensures that cluster networking adheres to official industry standards for HTTP, HTTPS, and transport-layer traffic. The controller distinguishes itself through its deep integ
Flagger is a Kubernetes operator designed to automate the lifecycle of application deployments through progressive delivery. It functions as a controller that monitors custom resource definitions to orchestrate complex release strategies, including canary, blue/green, and A/B testing. By continuously reconciling the desired cluster state with the actual environment, it ensures that deployments adhere to defined specifications while managing the underlying infrastructure required for traffic routing. The project distinguishes itself through a sophisticated metric-driven analysis loop that eval
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit
Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using cust
Envoy is a high-performance, cloud-native service proxy designed for service-to-service communication in distributed architectures. It functions as a service mesh data plane, providing a centralized mechanism for managing, securing, and observing network traffic between microservices. The project is distinguished by its ability to perform dynamic traffic management and configuration updates in real-time without requiring service restarts or downtime. It utilizes a non-blocking, event-driven architecture to handle high-concurrency connections and supports hot-restart process management, which
libhv is a high-performance C/C++ network library and event-driven I/O framework used to build TCP, UDP, SSL, HTTP, WebSocket, and MQTT clients and servers. It provides a non-blocking event loop for managing network sockets, timers, and system signals across multiple threads. The project is distinguished by its integrated support for specialized network roles, including a full HTTP web server with RESTful routing and middleware, an MQTT messaging client for IoT communication, and the ability to implement SOCKS5 and HTTP proxies. It also features a reliable UDP implementation to ensure ordered
This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the requ
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
This project is a collection of automated deployment tools centered around a Shadowsocks server auto-installer for Linux distributions. It provides a specialized SOCKS5 proxy manager and a web-based proxy control panel to administer secure network tunneling. The toolkit distinguishes itself by integrating a Linux kernel optimizer that enables congestion control algorithms to increase network throughput. It also includes a dedicated deployer for HTTP/3 web servers and a management interface capable of generating connection QR codes and monitoring real-time performance. The software covers a b
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Uptrace is an OpenTelemetry-based observability platform designed to collect, store, and analyze distributed traces, metrics, and logs. It functions as a centralized logging backend, a distributed tracing system, and a metrics engine to monitor application performance and system health. The platform is distinguished by AI-powered operational capabilities, allowing users to query telemetry data and manage monitoring dashboards using natural language. It specifically includes specialized monitoring for generative AI pipelines, tracking token usage and response quality for LLM interactions and r
Agones is a Kubernetes game server orchestrator designed for hosting, scaling, and managing dedicated multiplayer game servers. It extends the Kubernetes control plane using custom resource definitions to define game server and fleet objects, utilizing a dedicated fleet manager to maintain pools of warm server instances. The system provides a game server SDK and language-specific client libraries that allow server processes to signal readiness, health, and shutdown states directly to the controller. It distinguishes itself through specialized scaling logic, including the use of WebAssembly mo
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
node-http-proxy is a Node.js HTTP proxy library used for forwarding requests to target servers. It functions as reverse proxy middleware capable of mapping incoming routes to target destinations and transforming request and response data streams. The library includes a WebSocket proxy gateway that upgrades standard HTTP connections into bidirectional streams between clients and backend servers. It also provides a response transformer for modifying bodies, location headers, and cookie domains. The project covers traffic routing management via rule-based translation tables and secure connectio
This project is a Node.js HTTP reverse proxy middleware designed to route incoming HTTP and WebSocket traffic to target backend services. It functions as a dynamic routing engine and API gateway tool, providing the capability to consolidate multiple backend services behind a single entry point. The middleware features a WebSocket proxy bridge that manages protocol upgrade handshakes to maintain persistent bidirectional communication. It also includes a request and response transformer used to intercept and modify headers, bodies, and URL paths during transit. The system provides broad traffi
oauth2_proxy is an OAuth2 reverse proxy and authentication gateway that protects upstream services by requiring users to authenticate through external identity providers. It acts as a secure login layer for backend applications that lack built-in user authentication. The project provides centralized access control by restricting entry based on email domains, organization membership, or approved user lists. It integrates with identity providers via issuer URLs and client secrets, and supports additional authentication methods such as htpasswd files. The gateway manages secure identity forward