██████╗░░█████╗░██╗░░██╗███████╗██████╗░
██╔══██╗██╔══██╗██║░██╔╝██╔════╝██╔══██╗
██████╦╝███████║█████═╝░█████╗░░██████╔╝
██╔══██╗██╔══██║██╔═██╗░██╔══╝░░██╔══██╗
██████╦╝██║░░██║██║░╚██╗███████╗██║░░██║
╚═════╝░╚═╝░░╚═╝╚═╝░░╚═╝╚══════╝╚═╝░░╚═╝
Baker is a dynamic HTTP reverse proxy with a focus on extensibility and flexibility. It is designed to adapt to a variety of orchestration engines and provides dynamic configuration capabilities, eliminating the need to restart the reverse proxy when changing configurations.
| Feature | Description |
|---|---|
| 🐳 Docker Integration | Native Docker driver for real-time container event listening |
| 🔌 Pluggable Drivers | Exposed driver interface for easy integration with other orchestration engines |
| ⚡ Dynamic Config | Hot-reload configuration without restarts |
| 🌳 Fast Routing | Custom trie data structure for high-performance path pattern matching |
| 📚 Library Mode | Use as a library—implements the standard http.Handler interface |
| 🔧 Extensible | Exposed interfaces for most components |
| 🔀 Middleware | Modify incoming and outgoing traffic with built-in or custom middleware |
| ⚖️ Load Balancing | Built-in load balancing across service instances |
| 🔒 Auto SSL | Automatic certificate creation and renewal via Let's Encrypt |
| 🚦 Rate Limiting | Configurable rate limiter per domain and path |
| 📊 Metrics | Prometheus metrics available at /metrics endpoint |
| 📋 Static Config | Support for services without dynamic configuration endpoints |
| 🔄 WebSocket | Full WebSocket proxy support |
Create a docker-compose.yml for Baker:
services:
baker:
image: ellato/baker:latest
environment:
- BAKER_ACME=NO # Enable/disable ACME (Let's Encrypt)
- BAKER_ACME_PATH=/acme/cert # Certificate storage path
- BAKER_LOG_LEVEL=DEBUG # Log level: DEBUG, INFO, WARN, ERROR
- BAKER_BUFFER_SIZE=100 # Event buffer size
- BAKER_PING_DURATION=2s # Health check interval
- BAKER_METRICS_ADDR=:8089 # Metrics endpoint address
ports:
- "80:80"
- "443:443"
networks:
- baker
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme/cert:/acme/cert
networks:
baker:
name: baker
driver: bridgeAdd Baker labels to your service's docker-compose.yml:
services:
my-service:
image: my-service:latest
labels:
- "baker.enable=true"
- "baker.network=baker"
- "baker.service.port=8000"
- "baker.service.ping=/config"
# Optional: Static configuration (for non-dynamic services)
- "baker.service.static.domain=api.example.com"
- "baker.service.static.path=/*"
- "baker.service.static.headers.host=api.example.com"
networks:
- baker
networks:
baker:
name: baker
external: trueNote: Ensure both Baker and your service share the same Docker network.
| Variable | Default | Description |
|---|---|---|
BAKER_ACME |
NO |
Enable Let's Encrypt automatic SSL |
BAKER_ACME_PATH |
/acme/cert |
Directory for SSL certificates |
BAKER_LOG_LEVEL |
INFO |
Logging level |
BAKER_BUFFER_SIZE |
100 |
Docker event buffer size |
BAKER_PING_DURATION |
2s |
Service health check interval |
BAKER_METRICS_ADDR |
:8089 |
Prometheus metrics endpoint |
| Label | Required | Description |
|---|---|---|
baker.enable |
Yes | Enable Baker for this container |
baker.network |
Yes | Docker network name |
baker.service.port |
Yes | Service port to proxy to |
baker.service.ping |
Yes | Health check / config endpoint |
baker.service.static.domain |
No | Static domain (bypasses dynamic config) |
baker.service.static.path |
No | Static path pattern |
baker.service.static.headers.* |
No | Custom headers to add |
Your service should expose a REST endpoint (specified by baker.service.ping) that returns routing configuration:
[
{
"domain": "example.com",
"path": "/api/v1",
"ready": true
},
{
"domain": "example.com",
"path": "/api/v2",
"ready": false
},
{
"domain": "app.example.com",
"path": "/app/*",
"ready": true,
"rules": [
{
"type": "ReplacePath",
"args": {
"search": "/app",
"replace": "",
"times": 1
}
}
]
}
]| Field | Type | Description |
|---|---|---|
domain |
string | Domain to match |
path |
string | Path pattern (supports * wildcard) |
ready |
boolean | Whether the route is active |
rules |
array | Optional middleware rules |
Baker includes several built-in middleware for request/response modification:
Replaces or removes parts of the request path before forwarding to the backend service.
{
"type": "ReplacePath",
"args": {
"search": "/api/v1",
"replace": "",
"times": 1
}
}| Argument | Type | Description |
|---|---|---|
search |
string | Pattern to search for |
replace |
string | Replacement string |
times |
integer | Number of replacements (-1 for all) |
Example: Request to /api/v1/users → Backend receives /users
Adds prefixes and/or suffixes to the request path.
{
"type": "AppendPath",
"args": {
"begin": "/v2",
"end": ".json"
}
}| Argument | Type | Description |
|---|---|---|
begin |
string | Prefix to add |
end |
string | Suffix to add |
Example: Request to /users → Backend receives /v2/users.json
Applies rate limiting per client IP address.
{
"type": "RateLimiter",
"args": {
"request_limit": 100,
"window_duration": "60s"
}
}| Argument | Type | Description |
|---|---|---|
request_limit |
integer | Maximum requests per window |
window_duration |
string | Time window (e.g., 60s, 1m, 1h) |
When the limit is exceeded, clients receive a 429 Too Many Requests response.
Baker is licensed under the MIT LICENSE.