Metadata-Version: 2.4
Name: backend.ai-appproxy-worker
Version: 26.3.1
Summary: Backend.AI AppProxy Worker
Home-page: https://github.com/lablup/backend.ai
Author: Lablup Inc. and contributors
License: LGPLv3
Project-URL: Documentation, https://docs.backend.ai/
Project-URL: Source, https://github.com/lablup/backend.ai
Classifier: Intended Audience :: Developers
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Environment :: No Input/Output (Daemon)
Classifier: Topic :: Scientific/Engineering
Classifier: Topic :: Software Development
Classifier: Development Status :: 5 - Production/Stable
Classifier: Programming Language :: Python :: 3.13
Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 or later (LGPLv3+)
Requires-Python: >=3.13,<3.14
Description-Content-Type: text/markdown
Requires-Dist: Jinja2~=3.1.6
Requires-Dist: PyJWT~=2.10.1
Requires-Dist: aiohttp_cors~=0.8.1
Requires-Dist: aiohttp_jinja2~=1.6
Requires-Dist: aiohttp~=3.13.3
Requires-Dist: aiomonitor~=0.7.0
Requires-Dist: aiotools~=2.2.3
Requires-Dist: attrs>=25.3
Requires-Dist: backend.ai-appproxy-common==26.3.1
Requires-Dist: backend.ai-common==26.3.1
Requires-Dist: backend.ai-logging==26.3.1
Requires-Dist: backend.ai-plugin==26.3.1
Requires-Dist: click~=8.1.7
Requires-Dist: memray~=1.17.2
Requires-Dist: multidict~=6.6.4
Requires-Dist: prometheus-client~=0.21.1
Requires-Dist: pydantic[email]~=2.11.3
Requires-Dist: pyroscope-io~=0.8.8
Requires-Dist: setproctitle~=1.3.5
Requires-Dist: tenacity>=9.0
Requires-Dist: tomli-w~=1.2.0
Requires-Dist: types-Jinja2
Requires-Dist: uvloop~=0.22.1; sys_platform != "Windows"
Requires-Dist: yarl~=1.19.0
Dynamic: author
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: license
Dynamic: project-url
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

# Backend.AI App Proxy Worker

## Purpose

The App Proxy Worker is a high-performance reverse proxy that routes user traffic to compute session services (Jupyter, SSH, TensorBoard, etc.) running on agents. It receives routing information from the Coordinator and handles SSL/TLS termination, load balancing, and traffic forwarding.

## Key Responsibilities

### 1. Traffic Proxying
- Proxy HTTP/HTTPS requests to session services
- Proxy WebSocket connections for interactive services
- Handle SSL/TLS termination
- Stream responses efficiently

### 2. Route Resolution
- Receive routing tables from Coordinator
- Resolve session services from URLs
- Cache routing information locally
- Update routes dynamically

### 3. Health Checking
- Monitor backend service health
- Detect failed services
- Report health status to Coordinator
- Handle service failover

## Architecture

### 1. Traffic Proxy (Main)

**Framework**: aiohttp + custom reverse proxy

**Port**: 5050 (default, HTTPS)

**Protocol**: HTTP/HTTPS, WebSocket

**Key Features**:

#### HTTP/HTTPS Proxy
- Route user requests to session services
- URL Pattern: `https://<worker-domain>/<session-id>/<service-name>/...`

#### WebSocket Proxy
- Interactive service communication (Jupyter Kernel, SSH, etc.)
- Real-time log streaming

**Key Characteristics**:
- SSL/TLS termination (Let's Encrypt auto-certificate)
- High-performance async proxy
- Connection pooling and reuse
- Streaming support (large file downloads)
- Sticky session support
- Auto-retry and failover

**Processing Flow**:

#### HTTP Proxy Flow
```
User → HTTPS Request → Worker (SSL termination)
                           ↓
                       Parse URL (extract session_id, service_name)
                           ↓
                       Lookup route from local cache
                           ↓
                       Resolve backend address (agent:port)
                           ↓
                       Proxy request to agent
                           ↓
                       Stream response back to user
```

#### WebSocket Proxy Flow
```
User → WS Upgrade Request → Worker
                               ↓
                           Establish WS connection to agent
                               ↓
                           Bidirectional message forwarding
```

### 2. REST API (Management)

**Framework**: aiohttp (async HTTP server)

**Port**: 6040 (default, separate management port)

**Key Features**:
- Communication with Coordinator
- Health check endpoints
- Metrics exposure (Prometheus)
- Internal management (no external access)

### Component Interaction

**Traffic Proxy Flow**:
```
User (Browser) → Worker (Port 5050) → Kernel (on Agent)
                    │
                    ├─ SSL/TLS termination
                    ├─ Route resolution
                    └─ Traffic proxying
```

**Management Flow**:
```
Coordinator → Worker REST API (Port 6040) → Route updates
```
