You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m opening this thread to document the architectural direction for this project and invite feedback from folks with experience in tunneling, proxies, and distributed systems.
⚠️Note on Maintenance: Active development is currently on pause due to my current IITM coursework and upcoming exams. I am actively treating this thread as an asynchronous RFC (Request for Comments) and system design review.
🎯 Goals
Primary Goal: Provide a modern local-to-remote URL tunneling service that combines URL shortening, a managed proxy layer, and AI-assisted checks (reputation/SSRF mitigation, routing optimizations).
Target Use: Local-to-mobile testing and short-lived sharing of local endpoints, with potential to scale into a production proxy service.
📊 Current Status
Backend: Django 5 + Graphene GraphQL + PostgreSQL (Neon). Core shortening, GeoLite2 async analytics, and Gemini integrations are implemented.
Ingress: Short-URL redirect endpoint + managed proxy service that forwards requests to target URLs.
Control Plane: Django/GraphQL API and admin for creating/managing short URLs, proxies, and policies.
Data Plane / Storage: PostgreSQL for metadata; considering an ephemeral KV store (Redis) for hot lookups.
AI/Security Layer: Google Gemini for content-aware metadata/slug generation; planning automated reputation scoring and SSRF heuristics.
🔍 Specific Areas For Feedback
1. Latency & Performance (Data Plane)
Beyond standard DB lookups, what are practical approaches for sub-10ms redirect times at low-thousands QPS?
Thoughts on Redis TTL strategies vs. sharded KV stores, or handling LRU caches at the edge?
How should I think about CDN usage vs. regional edge proxies when we must preserve origin-control for active tunneling?
2. Security, SSRF Mitigation & Reputation
What practical reputation checks would you recommend for proxied URLs? (e.g., DNS-RBL, passive DNS, known-bad lists, or custom heuristics).
Ideas for robust server-side SSRF hardening beyond basic VPC egress rules (e.g., request blocklists, destination IP range validation, DoH validation, or explicit egress proxies with network ACLs)?
Are Bloom filters or other probabilistic membership tests viable for fast malicious-URL reputation checks at high QPS?
3. Scalability & Connection Management
If this moves beyond local testing, what is the ideal pattern for handling many concurrent tunnels and long-lived connections (WebSocket/TCP proxying)?
Suggestions on connection pooling, worker models, or using specialized reverse proxies (Envoy, Traefik, NGINX) at the forwarding layer?
Thoughts on stateful vs. stateless designs for the proxy: what strictly belongs in the control plane vs. the data plane?
4. Observability & Graceful Degradation
Recommended metrics/logs/tracing to prioritize (latency P50/P95/P99, open connections, downstream error rates, SSRF hits).
Ideas for graceful degradation if the control plane is down (e.g., serving cached redirect rules with an explicit grace-period expiry via read-only edge caches).
5. Cost & Deployment Patterns
Lightweight approaches for a PoC vs. production (e.g., single VPS + Redis vs. Kubernetes + autoscaling + edge nodes).
Suggestions for efficient testing and load-testing strategies for tunnels and long-lived connections.
🛠️ What Would Help Me Most
Concrete design critiques or counter-examples to this plan.
Links to reference architectures, relevant academic research, or similar OSS projects.
Small configuration or code design snippets (e.g., Redis key layouts, proxy worker pool patterns).
Note: I can attach a Mermaid/SVG diagram showing the current control-plane/data-plane split if that helps clarify the flow!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Architecture Brainstorming & Feedback: AI-Powered URL Tunneling Platform
I’m opening this thread to document the architectural direction for this project and invite feedback from folks with experience in tunneling, proxies, and distributed systems.
🎯 Goals
📊 Current Status
🏗️ High-Level Architecture Overview
🔍 Specific Areas For Feedback
1. Latency & Performance (Data Plane)
2. Security, SSRF Mitigation & Reputation
3. Scalability & Connection Management
4. Observability & Graceful Degradation
5. Cost & Deployment Patterns
🛠️ What Would Help Me Most
Note: I can attach a Mermaid/SVG diagram showing the current control-plane/data-plane split if that helps clarify the flow!
Beta Was this translation helpful? Give feedback.
All reactions