Project

geofiltering-thruster

0.0
No release in over 3 years
geofiltering-thrusterbagashe/geofiltering-thrusterHomepageDocumentationSource CodeWiki
A zero-config HTTP/2 proxy for lightweight production deployments with country-based request filtering
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
1,728
Stars
0
Forks
0
Watchers
0
 Releases
Current version
0.1.16
Total releases
4
First release
1980-01-02
Latest release
1980-01-02
 Development
Primary Language
Go
Licenses
MIT
Average date of last 50 commits
2025-03-28
Reverse Dependencies
0

 Dependencies
 Project Readme

GeoFiltering-Thruster

This fork adds IP based GeoFiltering capability to Thruster.

==> I'm a golang novice and these changes were made with ample help from Claude. Use it at your own risk. <==

Thruster is an HTTP/2 proxy for simple production-ready deployments of Rails applications. It runs alongside the Puma webserver to provide a few additional features that help your app run efficiently and safely on the open Internet:

  • HTTP/2 support
  • Automatic TLS certificate management with Let's Encrypt
  • Basic HTTP caching of public assets
  • X-Sendfile support and compression, to efficiently serve static files

Thruster aims to be as zero-config as possible. It has no configuration file, and most features are automatically enabled with sensible defaults. The goal is that simply running your Puma server with Thruster should be enough to get a production-ready setup.

The only exception to this is TLS provisioning: in order for Thruster to provision TLS certificates, it needs to know which domain those certificates should be for. So to use TLS, you need to set the TLS_DOMAIN environment variable. If you don't set this variable, Thruster will run in HTTP-only mode.

Thruster also wraps the Puma process so that you can use it without managing multiple processes yourself. This is particularly useful when running in a containerized environment, where you typically won't have a process manager available to coordinate the processes. Instead you can use Thruster as your CMD, and it will manage Puma for you.

Thruster was originally created for the ONCE project, where we wanted a no-fuss way to serve a Rails application from a single container, directly on the open Internet. We've since found it useful for simple deployments of other Rails applications.

Installation

Thruster is distributed as a Ruby gem. Because Thruster is written in Go, we provide several pre-built platform-specific binaries. Installing the gem will automatically fetch the appropriate binary for your platform.

To install it, add it to your application's Gemfile:

gem 'thruster'

Or install it globally:

$ gem install thruster

Usage

To run your Puma application inside Thruster, prefix your usual command string with thrust. For example:

$ thrust bin/rails server

Or with automatic TLS:

$ TLS_DOMAIN=myapp.example.com thrust bin/rails server

Custom configuration

In most cases, Thruster should work out of the box with no additional configuration. But if you need to customize its behavior, there are a few environment variables that you can set.

Variable Name Description Default Value
TLS_DOMAIN Comma-separated list of domain names to use for TLS provisioning. If not set, TLS will be disabled. None
TARGET_PORT The port that your Puma server should run on. Thruster will set PORT to this value when starting your server. 3000
CACHE_SIZE The size of the HTTP cache in bytes. 64MB
MAX_CACHE_ITEM_SIZE The maximum size of a single item in the HTTP cache in bytes. 1MB
GZIP_COMPRESSION_ENABLED Whether to enable gzip compression for static assets. Set to 0 or false to disable. Enabled
X_SENDFILE_ENABLED Whether to enable X-Sendfile support. Set to 0 or false to disable. Enabled
MAX_REQUEST_BODY The maximum size of a request body in bytes. Requests larger than this size will be refused; 0 means no maximum size is enforced. 0
STORAGE_PATH The path to store Thruster's internal state. Provisioned TLS certificates will be stored here, so that they will not need to be requested every time your application is started. ./storage/thruster
BAD_GATEWAY_PAGE Path to an HTML file to serve when the backend server returns a 502 Bad Gateway error. If there is no file at the specific path, Thruster will serve an empty 502 response instead. Because Thruster boots very quickly, a custom page can be a useful way to show that your application is starting up. ./public/502.html
HTTP_PORT The port to listen on for HTTP traffic. 80
HTTPS_PORT The port to listen on for HTTPS traffic. 443
HTTP_IDLE_TIMEOUT The maximum time in seconds that a client can be idle before the connection is closed. 60
HTTP_READ_TIMEOUT The maximum time in seconds that a client can take to send the request headers and body. 30
HTTP_WRITE_TIMEOUT The maximum time in seconds during which the client must read the response. 30
ACME_DIRECTORY The URL of the ACME directory to use for TLS certificate provisioning. https://acme-v02.api.letsencrypt.org/directory (Let's Encrypt production)
EAB_KID The EAB key identifier to use when provisioning TLS certificates, if required. None
EAB_HMAC_KEY The Base64-encoded EAB HMAC key to use when provisioning TLS certificates, if required. None
FORWARD_HEADERS Whether to forward X-Forwarded-* headers from the client. Disabled when running with TLS; enabled otherwise
LOG_REQUESTS Log all requests. Set to 0 or false to disable request logging Enabled
DEBUG Set to 1 or true to enable debug logging. Disabled
ALLOW_COUNTRIES Comma-separated list of ISO country codes to allow (e.g., "US,CA,GB"). Requests from other countries will be blocked. Automatically enables GeoIP2. None
BLOCK_COUNTRIES Comma-separated list of ISO country codes to block (e.g., "CN,RU"). Requests from these countries will be blocked. Automatically enables GeoIP2. None

To prevent naming clashes with your application's own environment variables, Thruster's environment variables can optionally be prefixed with THRUSTER_. For example, TLS_DOMAIN can also be written as THRUSTER_TLS_DOMAIN. Whenever a prefixed variable is set, it will take precedence over the unprefixed version.

GeoIP2 Integration

Thruster includes optional GeoIP2 support for geographic location detection based on client IP addresses. When enabled, Thruster adds geographic information to request headers that can be accessed by your application.

Enabling GeoIP2

GeoIP2 functionality is automatically enabled when you configure country filtering (ALLOW_COUNTRIES or BLOCK_COUNTRIES). The GeoIP2 database file should be placed in one of these common locations:

  • ./GeoLite2-Country.mmdb
  • ./data/GeoLite2-Country.mmdb
  • ./storage/GeoLite2-Country.mmdb

When a request is processed with GeoIP2 enabled, Thruster will add the following header to the request:

  • X-GeoIP-Country: ISO country code (e.g., "US", "CA")

Your Rails application can then access this information via request.headers['X-GeoIP-Country'].

Note: You'll need to obtain a GeoIP2 database file from MaxMind. The free GeoLite2 databases are available at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data.