Standalone Deployment
Standalone Deployment
This guide covers installing and running HeliosProxy as a standalone binary on a Linux server.
Prerequisites
- Linux (x86_64 or aarch64), macOS, or Windows
- Rust 1.82+ (for building from source)
- One or more PostgreSQL-compatible backends
Building from Source
Default Build (Connection Pooling Only)
git clone https://github.com/dimensigon/HDB-HeliosDB-Proxy.gitcd heliosdb-proxycargo build --releaseThe binary is written to target/release/heliosdb-proxy.
Production Build (All Features + PostgreSQL Topology)
cargo build --release --features "all-features,postgres-topology,observability"Lightweight HA Build
cargo build --release --features "pool-modes,ha-tr,postgres-topology"See Feature Flags for all available build options.
Installation
Copy the Binary
sudo install -m 0755 target/release/heliosdb-proxy /usr/local/bin/heliosdb-proxyVerify Installation
heliosdb-proxy --versionConfiguration File
Create a configuration directory and file:
sudo mkdir -p /etc/heliosproxyCreate /etc/heliosproxy/config.toml:
listen_address = "0.0.0.0:6432"admin_address = "0.0.0.0:9090"tr_enabled = truetr_mode = "session"write_timeout_secs = 30
[pool_mode]mode = "transaction"max_pool_size = 100min_idle = 10idle_timeout_secs = 600max_lifetime_secs = 3600acquire_timeout_secs = 5reset_query = "DISCARD ALL"prepared_statement_mode = "track"
[pool]min_connections = 5max_connections = 100idle_timeout_secs = 300max_lifetime_secs = 1800acquire_timeout_secs = 30test_on_acquire = true
[load_balancer]read_strategy = "least_connections"read_write_split = truelatency_threshold_ms = 100
[health]check_interval_secs = 5check_timeout_secs = 3failure_threshold = 3success_threshold = 2check_query = "SELECT 1"
[[nodes]]host = "db-primary.internal"port = 5432role = "primary"weight = 100enabled = truename = "primary"
[[nodes]]host = "db-standby-1.internal"port = 5432role = "standby"weight = 100enabled = truename = "standby-1"Set appropriate file permissions:
sudo chmod 640 /etc/heliosproxy/config.tomlsudo chown root:heliosproxy /etc/heliosproxy/config.tomlRunning Manually
With Configuration File
heliosdb-proxy --config /etc/heliosproxy/config.tomlWith Command-Line Arguments
heliosdb-proxy \ --listen 0.0.0.0:6432 \ --admin 0.0.0.0:9090 \ --primary db-primary:5432 \ --standby db-standby-1:5432 \ --standby db-standby-2:5432 \ --log-level infoWith Debug Logging
heliosdb-proxy --config /etc/heliosproxy/config.toml --log-level debugWith JSON Structured Logging
heliosdb-proxy --config /etc/heliosproxy/config.toml --json-logsWith Environment Variable Log Control
RUST_LOG=heliosdb_proxy=debug heliosdb-proxy --config /etc/heliosproxy/config.tomlSystemd Service
Create a Service User
sudo useradd --system --no-create-home --shell /usr/sbin/nologin heliosproxyCreate the Unit File
Create /etc/systemd/system/heliosproxy.service:
[Unit]Description=HeliosProxy - Intelligent Database Connection RouterDocumentation=https://github.com/dimensigon/HDB-HeliosDB-ProxyAfter=network-online.targetWants=network-online.target
[Service]Type=simpleUser=heliosproxyGroup=heliosproxy
ExecStart=/usr/local/bin/heliosdb-proxy --config /etc/heliosproxy/config.tomlExecReload=/bin/kill -HUP $MAINPID
Restart=alwaysRestartSec=5TimeoutStartSec=30TimeoutStopSec=30
# Security hardeningNoNewPrivileges=yesProtectSystem=strictProtectHome=yesPrivateTmp=yesPrivateDevices=yesProtectKernelTunables=yesProtectKernelModules=yesProtectControlGroups=yesReadOnlyPaths=/etc/heliosproxy
# Resource limitsLimitNOFILE=65536LimitNPROC=4096
# LoggingStandardOutput=journalStandardError=journalSyslogIdentifier=heliosproxy
# EnvironmentEnvironment="RUST_LOG=heliosdb_proxy=info"
[Install]WantedBy=multi-user.targetEnable and Start
sudo systemctl daemon-reloadsudo systemctl enable heliosproxysudo systemctl start heliosproxyVerify Status
sudo systemctl status heliosproxyView Logs
# Follow logssudo journalctl -u heliosproxy -f
# View last 100 linessudo journalctl -u heliosproxy -n 100
# View logs since last bootsudo journalctl -u heliosproxy -bFile Layout
After installation, the recommended file layout is:
/usr/local/bin/heliosdb-proxy # Binary/etc/heliosproxy/config.toml # Configuration/etc/heliosproxy/server.crt # TLS certificate (optional)/etc/heliosproxy/server.key # TLS private key (optional)/etc/heliosproxy/ca.crt # CA certificate (optional)/etc/systemd/system/heliosproxy.service # Systemd unitHealth Verification
After starting the proxy, verify it is healthy:
# Check livenesscurl http://localhost:9090/health
# Check readiness (backend connectivity)curl http://localhost:9090/health/ready
# View backend node statuscurl http://localhost:9090/nodes | jq .
# Test a PostgreSQL connection through the proxypsql -h localhost -p 6432 -U myuser -d mydb -c "SELECT 1"Upgrades
To upgrade HeliosProxy to a new version:
# 1. Build the new versioncd heliosdb-proxygit pullcargo build --release --features "all-features,postgres-topology"
# 2. Stop the servicesudo systemctl stop heliosproxy
# 3. Replace the binarysudo install -m 0755 target/release/heliosdb-proxy /usr/local/bin/heliosdb-proxy
# 4. Start the servicesudo systemctl start heliosproxy
# 5. Verifycurl http://localhost:9090/versioncurl http://localhost:9090/health/readyActive client connections will be terminated during the restart. For zero-downtime upgrades, deploy multiple proxy instances behind a TCP load balancer and perform rolling restarts.
Firewall Configuration
The proxy requires the following ports:
| Port | Protocol | Purpose | Exposure |
|---|---|---|---|
| 6432 (configurable) | TCP | PostgreSQL client connections | Clients / application servers |
| 9090 (configurable) | TCP | Admin API, health checks, metrics | Monitoring systems, operators |
Example firewalld configuration:
sudo firewall-cmd --permanent --add-port=6432/tcpsudo firewall-cmd --permanent --add-port=9090/tcpsudo firewall-cmd --reloadExample iptables configuration:
sudo iptables -A INPUT -p tcp --dport 6432 -j ACCEPTsudo iptables -A INPUT -p tcp --dport 9090 -j ACCEPT