Helmet

A Lightweight Cloud Native API Gateway.

Helmet is Cloud Native API Gateway that control who accesses your API whether from customer or other internal services. It also collect metrics about service calls count, latency, success rate and much more!

Here is some of the key features:

• Manage Service to Service Authentication, Authorization and Communication.
• Manage End User to Service Authentication, Authorization and Communication.
• Basic, API Key Based and OAuth2 Authentication Support.
• Multiple Backends Support with Load Balancing, Health Checks.
• Runtime Metrics for both Helmet and Backend Services exposed for Prometheus.
• CORS Support.
• HTTP/2 support.
• Rate Limiting Support.
• Circuit Breaker Support.
• Caching Layer to make it even more faster.
• Lightweight, Easy to Deploy and Operate.

Documentation

Linux Deployment

Download the latest helmet binary. Make it executable from everywhere.

$ export LATEST_VERSION=$(curl --silent "https://api.github.com/repos/norwik/Helmet/releases/latest" | jq '.tag_name' | sed -E 's/.*"([^"]+)".*/\1/' | tr -d v)

$ curl -sL https://github.com/norwik/Helmet/releases/download/v{$LATEST_VERSION}/helmet_{$LATEST_VERSION}_Linux_x86_64.tar.gz | tar xz

Then install MySQL and Redis on the server or a separate one.

Create the configs file config.yml from config.dist.yml. Something like the following:

# App configs
app:
    # App name
    name: ${HELMET_APP_NAME:-helmet}
    # Env mode (dev or prod)
    mode: ${HELMET_APP_MODE:-dev}
    # HTTP port
    port: ${HELMET_API_PORT:-8000}
    # Hostname
    hostname: ${HELMET_API_HOSTNAME:-127.0.0.1}
    # TLS configs
    tls:
        status: ${HELMET_API_TLS_STATUS:-off}
        crt_path: ${HELMET_API_TLS_PEMPATH:-cert/server.crt}
        key_path: ${HELMET_API_TLS_KEYPATH:-cert/server.key}

    # Global timeout
    timeout: ${HELMET_API_TIMEOUT:-50}

    # API Configs
    api:
        key: ${HELMET_API_KEY:-6c68b836-6f8e-465e-b59f-89c1db53afca}

    # CORS status
    cors:
        status: ${HELMET_CORS_STATUS:-off}

    # Application Database
    database:
        # Database driver (sqlite3, mysql)
        driver: ${HELMET_DATABASE_DRIVER:-sqlite3}
        # Database Host
        host: ${HELMET_DATABASE_MYSQL_HOST:-localhost}
        # Database Port
        port: ${HELMET_DATABASE_MYSQL_PORT:-3306}
        # Database Name
        name: ${HELMET_DATABASE_MYSQL_DATABASE:-helmet.db}
        # Database Username
        username: ${HELMET_DATABASE_MYSQL_USERNAME:-root}
        # Database Password
        password: ${HELMET_DATABASE_MYSQL_PASSWORD:-root}

    # Key Store Configs
    key_store:
        # Cache Driver
        driver: ${HELMET_CACHE_DRIVER:-redis}
        # Redis Driver Configs
        redis:
            # Redis Address
            address: ${HELMET_CACHE_REDIS_ADDR:-localhost:6379}
            # Redis Password
            password: ${HELMET_CACHE_REDIS_PASSWORD:-}
            # Redis Database
            database: ${HELMET_CACHE_REDIS_DB:-0}

    # Endpoint Configs
    endpoint:
        # Orders Internal Service
        - name: orders_service
          active: true
          proxy:
            listen_path: "/orders/v2/*"
            upstreams:
                balancing: roundrobin
                targets:
                    - target: https://httpbin.org/anything/orders1/v2
                    - target: https://httpbin.org/anything/orders2/v2
                    - target: https://httpbin.org/anything/orders3/v2
                    - target: https://httpbin.org/anything/orders4/v2
            http_methods:
                - ANY
            authentication:
                status: on
            # Rate limit use the key store for fast read write
            rate_limit:
                status: off
            # Circuit Breaker use the key store for fast read write
            circuit_breaker:
                status: off

        # Customers Internal Service
        - name: customers_service
          active: true
          proxy:
            listen_path: "/customer/v2/*"
            upstreams:
                balancing: random
                targets:
                    - target: https://httpbin.org/anything/customers1/v2
                    - target: https://httpbin.org/anything/customers2/v2
                    - target: https://httpbin.org/anything/customers3/v2
                    - target: https://httpbin.org/anything/customers4/v2
            http_methods:
                - GET
                - POST
                - PUT
                - DELETE
            authentication:
                status: on
            # Rate limit use the key store for fast read write
            rate_limit:
                status: off
            # Circuit Breaker use the key store for fast read write
            circuit_breaker:
                status: off

    # Log configs
    log:
        # Log level, it can be debug, info, warn, error, panic, fatal
        level: ${HELMET_LOG_LEVEL:-info}
        # Output can be stdout or abs path to log file /var/logs/helmet.log
        output: ${HELMET_LOG_OUTPUT:-stdout}
        # Format can be json
        format: ${HELMET_LOG_FORMAT:-json}

The run the helmet with systemd

$ helmet server -c /path/to/config.yml

Versioning

For transparency into our release cycle and in striving to maintain backward compatibility, Helmet is maintained under the Semantic Versioning guidelines and release process is predictable and business-friendly.

See the Releases section of our GitHub project for changelogs for each release version of Helmet. It contains summaries of the most noteworthy changes made in each release.

Bug tracker

If you have any suggestions, bug reports, or annoyances please report them to our issue tracker at https://github.com/norwik/helmet/issues

Security Issues

If you discover a security vulnerability within Helmet, please send an email to hello@clivern.com

Contributing

We are an open source, community-driven project so please feel free to join us. see the contributing guidelines for more details.

License

© 2021, Clivern. Released under MIT License.

Helmet is authored and maintained by @Clivern.