Be ready for production. (#7)

wi1dcard · May 13, 2024 · 3efd280 · 3efd280
1 parent 1b0d776
commit 3efd280
Showing 1 changed file with 62 additions and 28 deletions.
diff --git a/README.md b/README.md
@@ -11,48 +11,82 @@ Client ------>   Fingerproxy    ------------------------------------>  HTTP Back
                                   | X-HTTP2-Fingerprint: 3:100...|
 ```
 
-Fingerprints can be used for bot detection, DDoS mitigation, client identification, etc. To use these fingerprints, just get HTTP request headers in your backend apps.
+Fingerprints can be used for bot detection, DDoS mitigation, client identification, etc. To use these fingerprints, just extract the HTTP request headers in your backend apps.
 
-Fingerproxy is also a Go library, allows you implementing your own fingerprinting algorithm.
+Fingerproxy is also a Go library, which allows users implementing their own fingerprinting algorithm.
 
 ## Usage
 
 > [!TIP]
-> Try fingerproxy in one minute:
+> Try fingerproxy in 1 minute:
 
-Fingerproxy binary is available in GitHub releases: https://github.com/wi1dcard/fingerproxy/releases
+1. Generate a self-signed certificate `tls.crt` and `tls.key` for testing.
+    ```bash
+    openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -days 3650 \
+      -nodes -keyout tls.key -out tls.crt -subj "/CN=localhost" \
+      -addext "subjectAltName=DNS:localhost,DNS:*.localhost,IP:127.0.0.1"
+    ```
 
-```bash
-# Generate fake certificates tls.crt and tls.key
-openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -days 3650 \
-  -nodes -keyout tls.key -out tls.crt -subj "/CN=localhost" \
-  -addext "subjectAltName=DNS:localhost,DNS:*.localhost,IP:127.0.0.1"
+2. Download the [fingerproxy binary](https://github.com/wi1dcard/fingerproxy/releases) and run. The TLS server listens on `:8443`, forwarding requests to [httpbin](https://httpbin.org/).
+    ```bash
+    ./fingerproxy -listen-addr :8443 -forward-url https://httpbin.org
+    ```
 
-# TLS server listens on :8443, forwarding requests to httpbin
-./fingerproxy -listen-addr :8443 -forward-url https://httpbin.org
+3. We are ready to go. Send a request to fingerproxy:
+    ```bash
+    curl "https://localhost:8443/anything?show_env=1" --insecure
+    ```
 
-# Then test in another terminal
-curl "https://localhost:8443/anything?show_env=1" --insecure
-```
+    You will see that fingerprints are in HTTP request headers:
+
+    ```yaml
+    {
+      "headers": {
+        # ...
+        "X-Forwarded-Host": "localhost:8443",
+        "X-Forwarded-Port": "443",
+        "X-Forwarded-Proto": "https",
+        "X-Http2-Fingerprint": "3:100;4:10485760;2:0|1048510465|0|m,s,a,p",
+        "X-Ja3-Fingerprint": "0149f47eabf9a20d0893e2a44e5a6323",
+        "X-Ja4-Fingerprint": "t13d3112h2_e8f1e7e78f70_6bebaf5329ac"
+      },
+      # ...
+    }
+    ```
+
+For all available CLI options, see `fingerproxy --help`.
+
+## Production-Ready
+
+The fingerproxy binary is production-ready. [Subscan.io](https://www.subscan.io/) has 12 fingerproxy instances running in the production environment, which process almost 40,000,000 requests/day on average.
 
-Fingerprints are in the HTTP request headers:
+Unit tests, memory usage tests, E2E tests, and benchmarks have been implemented and run on GitHub Actions.
+
+And of course, fingerproxy follows SemVer.
+
+## Kubernetes and Prometheus Integration
+
+Kubernetes liveness probe support is available since [v0.3.0](https://github.com/wi1dcard/fingerproxy/releases/tag/v0.3.0). Example:
 
 ```yaml
-{
-  "headers": {
-    # ...
-    "X-Forwarded-Host": "localhost:8443",
-    "X-Forwarded-Port": "443",
-    "X-Forwarded-Proto": "https",
-    "X-Http2-Fingerprint": "3:100;4:10485760;2:0|1048510465|0|m,s,a,p",
-    "X-Ja3-Fingerprint": "0149f47eabf9a20d0893e2a44e5a6323",
-    "X-Ja4-Fingerprint": "t13d3112h2_e8f1e7e78f70_6bebaf5329ac"
-  },
-  # ...
-}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: fingerproxy
+spec:
+  containers:
+  - name: fingerproxy
+    image: fingerproxy
+    livenessProbe:
+      httpGet:
+        path: /
+        port: 443
+        scheme: https
 ```
 
-Fingerproxy supports Kubernetes liveness probe and Prometheus metrics. For the complete CLI options, see `fingerproxy --help`.
+Kubernetes probes use certain User-Agent such as `kube-probe/1.26`. Therefore, those requests with the specific user-agent header can be recognized as probing requests. Instead of forwarding to the backend app, fingerproxy will simply respond with an `HTTP 200` by itself.
+
+The default Prometheus metrics server listens on `:9035`. Once new requests come in, run `curl http://localhost:9035/` to see avaialble metrics.
 
 ## Implement Your Fingerprinting Algorithm