Meridian Proxy
Meridian is a high-performance L4/L7 network proxy written in Rust. It sits between clients and backend services, handling traffic routing, load balancing, TLS termination, and resilience — so your applications don’t have to.
┌─────────────┐
Clients ──────────► │ MERIDIAN │ ──────► Backend A
(browsers, apps, │ PROXY │ ──────► Backend B
other services) │ │ ──────► Backend C
└─────────────┘
Why Meridian?
Meridian is a ground-up reimplementation informed by the architectural lessons of Envoy, HAProxy, and Nginx. It exploits Rust’s ownership model, zero-cost abstractions, and Tokio’s async runtime to deliver:
- Memory safety by construction — no buffer overflows, use-after-free, or data races. These entire vulnerability classes are eliminated at compile time, not by convention.
- High performance — sub-nanosecond config reads, <20ns load balancer picks, zero-copy HTTP parsing at 2+ GB/s.
- Async filter chain — filters are
async fn, not callbacks. No manual state machines, noStopIteration/continueDecoding()dance. - Production resilience — circuit breakers, connection pooling, health checking, per-IP rate limiting, Slowloris defense.
Feature Overview
| Feature | Status |
|---|---|
| HTTP/1.1 proxy with keep-alive | Done |
| HTTP/2 downstream (h2 crate) | Done |
| TLS termination (rustls) | Done |
| Async filter chain | Done |
| Round-robin load balancing | Done |
| Circuit breaker (RAII guards) | Done |
| Connection pooling | Done |
| Active health checking (TCP/HTTP) | Done |
| Chunked transfer encoding | Done |
| Admin API (/stats, /clusters) | Done |
| Path normalization & security | Done |
| Prometheus metrics endpoint | Done |
| Fuzz-hardened parsers | Done |
Target Users
Platform engineers, SREs, and cloud-native infrastructure teams who need a proxy they can trust — one where the compiler, not code review, guarantees memory safety.