# Deployment Examples
Choose the deployment strategy that best fits your infrastructure. All examples assume you have already built or downloaded the soli-proxy binary.
# Multi-stage build for minimal image size
FROM rust:latest AS builder
WORKDIR /usr/src/soli-proxy
COPY . .
# Build with optional Lua scripting support
RUN cargo build --release
# Or with Lua 5.4 scripting:
# RUN cargo build --release
# --- Runtime stage ---
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates && \
rm -rf /var/lib/apt/lists/*
COPY --from=builder /usr/src/soli-proxy/target/release/soli-proxy /usr/local/bin/
COPY config.toml /etc/soli-proxy/config.toml
EXPOSE 80 443 9090
ENTRYPOINT ["soli-proxy"]
CMD ["--config", "/etc/soli-proxy/config.toml"]version: "3.8"
services:
soli-proxy:
build: .
container_name: soli-proxy
restart: unless-stopped
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "9090:9090" # Admin API
volumes:
- ./config.toml:/etc/soli-proxy/config.toml:ro
- ./certs:/etc/soli-proxy/certs
- ./sites:/etc/soli-proxy/sites
environment:
- SOLI_LOG_LEVEL=info
cap_add:
- NET_BIND_SERVICE# Start soli-proxy as a background daemon
./soli-proxy -d
# The daemon writes its PID and log files to
# configurable directories via environment variables:
# PID file location (default: /var/run)
export SOLI_PID_DIR="/var/run/soli-proxy"
# Log file location (default: /var/log)
export SOLI_LOG_DIR="/var/log/soli-proxy"
# Start as daemon with custom directories
SOLI_PID_DIR=/opt/soli/run SOLI_LOG_DIR=/opt/soli/logs ./soli-proxy -d
# Stop the daemon (reads PID from SOLI_PID_DIR)
kill $(cat /var/run/soli-proxy/soli-proxy.pid)# /etc/systemd/system/soli-proxy.service
[Unit]
Description=Soli Proxy - HTTP/2 Reverse Proxy
After=network.target
Documentation=https://proxy.solisoft.net/docs
[Service]
Type=simple
User=soli-proxy
Group=soli-proxy
ExecStart=/usr/local/bin/soli-proxy --config /etc/soli-proxy/config.toml
Restart=on-failure
RestartSec=5
# Allow binding to ports 80 and 443 without root
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
LimitNOFILE=65535
WorkingDirectory=/etc/soli-proxy
[Install]
WantedBy=multi-user.target# Privileged Ports
Binding to ports 80 and 443 normally requires root. There are two recommended approaches to avoid running the proxy as root.
1 Linux Capabilities (setcap)
Grant the binary the specific capability to bind to privileged ports. This is the simplest approach for standalone deployments.
sudo setcap 'cap_net_bind_service=+ep' soli-proxy2 systemd AmbientCapabilities
When running under systemd, the unit file can grant the capability at runtime. No need to modify the binary itself.
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true# Dev Mode
Development mode streamlines local workflows with automatic .test domain aliases, stdout logging, and dev flags for app start scripts.
# Start Soli Proxy in development mode
./soli-proxy --devDev Flag for Apps
Adds --dev flag to app start scripts, enabling framework-specific dev features like hot reload and debug logging.
.test Domain Aliases
Automatically registers .test domain aliases (e.g., app.example.test) for each configured app.
Stdout Logging
All logs go to stdout for easy viewing in your terminal. No log files to manage during development.
Use .test, Not .dev
Recommended: use the .test TLD for local development. The .dev TLD is owned by Google and forces HSTS in browsers.
# Project Roadmap
Current feature status and maturity. Soli Proxy ships with a comprehensive feature set; additional capabilities are available through Lua scripting.
| Feature | Status |
|---|---|
| HTTP/2 Proxy | Stable |
| Automatic TLS | Stable |
| Let's Encrypt (ACME) | Stable |
| Prometheus Metrics | Stable |
| Hot Config Reload | Stable |
| App Hosting | Stable |
| Blue-Green Deployment | Stable |
| WebSocket Proxy | Stable |
| Lua 5.4 Scripting | Stable |
| Circuit Breaker | Stable |
| Admin REST API | Stable |
| Rate Limiting | Via Lua |
| Authentication | Via Lua |