Update netty to 4.2.12

.gitea/workflows/build-dev.yaml

@@ -9,8 +9,6 @@ jobs:
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v3
       - name: Execute Gradle build
         run: ./gradlew build
       - name: Prepare Docker image build
@@ -18,12 +16,6 @@ jobs:
       - name: Get project version
         id: retrieve-version
         run: ./gradlew -q version >> "$GITHUB_OUTPUT"
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: docker-container
       - name: Login to Gitea container registry
         uses: docker/login-action@v3
         with:
@@ -34,6 +26,7 @@ jobs:
         name: Build rbcs Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64,linux/arm64
           push: true
@@ -41,11 +34,11 @@ jobs:
           tags: |
             gitea.woggioni.net/woggioni/rbcs:vanilla-dev
           target: release-vanilla
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rbcs:buildx
       -
         name: Build rbcs memcache Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64,linux/arm64
           push: true
@@ -53,12 +46,23 @@ jobs:
           tags: |
             gitea.woggioni.net/woggioni/rbcs:memcache-dev
           target: release-memcache
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rbcs:buildx
+      -
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/rbcs:buildx
+        name: Build rbcs redis Docker image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          builder: "multiplatform-builder"
+          context: "docker/build/docker"
+          platforms: linux/amd64,linux/arm64
+          push: true
+          pull: true
+          tags: |
+            gitea.woggioni.net/woggioni/rbcs:redis-dev
+          target: release-redis
       -
         name: Build rbcs native Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64
           push: true
@@ -70,6 +74,7 @@ jobs:
         name: Build rbcs jlink Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64
           push: true

.gitea/workflows/build.yaml

@@ -5,12 +5,10 @@ on:
       - '*'
 jobs:
   build:
-    runs-on: hostinger
+    runs-on: woryzen
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v3
       - name: Execute Gradle build
         run: ./gradlew build
       - name: Prepare Docker image build
@@ -18,12 +16,6 @@ jobs:
       - name: Get project version
         id: retrieve-version
         run: ./gradlew -q version >> "$GITHUB_OUTPUT"
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: docker-container
       - name: Login to Gitea container registry
         uses: docker/login-action@v3
         with:
@@ -34,19 +26,7 @@ jobs:
         name: Build rbcs Docker image
         uses: docker/build-push-action@v5.3.0
         with:
-          context: "docker/build/docker"
+          builder: "multiplatform-builder"
-          platforms: linux/amd64,linux/arm64
-          push: true
-          pull: true
-          tags: |
-            gitea.woggioni.net/woggioni/rbcs:vanilla
-            gitea.woggioni.net/woggioni/rbcs:vanilla-${{ steps.retrieve-version.outputs.VERSION }}
-          target: release-vanilla
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rbcs:buildx
-      -
-        name: Build rbcs memcache Docker image
-        uses: docker/build-push-action@v5.3.0
-        with:
           context: "docker/build/docker"
           platforms: linux/amd64,linux/arm64
           push: true
@@ -54,34 +34,58 @@ jobs:
           tags: |
             gitea.woggioni.net/woggioni/rbcs:latest
             gitea.woggioni.net/woggioni/rbcs:${{ steps.retrieve-version.outputs.VERSION }}
+          target: release-vanilla
+      -
+        name: Build rbcs memcache Docker image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          builder: "multiplatform-builder"
+          context: "docker/build/docker"
+          platforms: linux/amd64,linux/arm64
+          push: true
+          pull: true
+          tags: |
             gitea.woggioni.net/woggioni/rbcs:memcache
-            gitea.woggioni.net/woggioni/rbcs:memcache-${{ steps.retrieve-version.outputs.VERSION }}
+            gitea.woggioni.net/woggioni/rbcs:${{ steps.retrieve-version.outputs.VERSION }}-memcache
           target: release-memcache
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rbcs:buildx
+      -
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/rbcs:buildx
+        name: Build rbcs redis Docker image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          builder: "multiplatform-builder"
+          context: "docker/build/docker"
+          platforms: linux/amd64,linux/arm64
+          push: true
+          pull: true
+          tags: |
+            gitea.woggioni.net/woggioni/rbcs:redis
+            gitea.woggioni.net/woggioni/rbcs:${{ steps.retrieve-version.outputs.VERSION }}-redis
+          target: release-redis
       -
         name: Build rbcs native Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64
           push: true
           pull: true
           tags: |
             gitea.woggioni.net/woggioni/rbcs:native
-            gitea.woggioni.net/woggioni/rbcs:native-${{ steps.retrieve-version.outputs.VERSION }}
+            gitea.woggioni.net/woggioni/rbcs:${{ steps.retrieve-version.outputs.VERSION }}-native
           target: release-native
       -
         name: Build rbcs jlink Docker image
         uses: docker/build-push-action@v5.3.0
         with:
+          builder: "multiplatform-builder"
           context: "docker/build/docker"
           platforms: linux/amd64
           push: true
           pull: true
           tags: |
             gitea.woggioni.net/woggioni/rbcs:jlink
-            gitea.woggioni.net/woggioni/rbcs:jlink-${{ steps.retrieve-version.outputs.VERSION }}-jlink
+            gitea.woggioni.net/woggioni/rbcs:${{ steps.retrieve-version.outputs.VERSION }}-jlink
           target: release-jlink
       - name: Publish artifacts
         env:

AGENTS.md

@@ -0,0 +1,173 @@
+# AGENTS.md — Coding Agent Guide for RBCS
+
+## Project Overview
+
+RBCS (Remote Build Cache Server) is a Kotlin/Java multi-module Gradle project built on Netty.
+It serves as a remote build cache for Gradle and Maven. Java is used for the public API layer
+(with Lombok); Kotlin is used for all implementation modules. All modules use JPMS
+(`module-info.java`). The project is built on Netty with Java 25.
+
+**Modules:** `rbcs-api`, `rbcs-common`, `rbcs-server`, `rbcs-server-memcache`, `rbcs-client`,
+`rbcs-cli`, `rbcs-servlet`, `docker`
+
+## Build Commands
+
+```bash
+./gradlew build                          # Full build: compile + test + assemble
+./gradlew assemble                       # Build JARs without running tests
+./gradlew compileJava compileKotlin      # Compile only
+./gradlew clean                          # Clean build outputs
+./gradlew :rbcs-server:compileKotlin     # Compile a single module
+./gradlew -q version                     # Print project version
+```
+
+## Test Commands
+
+```bash
+./gradlew test                           # Run all tests (all modules)
+./gradlew :rbcs-server:test              # Run tests for a single module
+./gradlew :rbcs-server:test --tests "net.woggioni.rbcs.server.test.NoAuthServerTest"
+                                         # Run a single test class
+./gradlew :rbcs-server:test --tests "net.woggioni.rbcs.server.test.NoAuthServerTest.putWithNoAuthorizationHeader"
+                                         # Run a single test method
+./gradlew test --tests "*TlsServer*"     # Run tests matching a pattern
+./gradlew :rbcs-server:jacocoTestReport  # Generate code coverage (rbcs-server only)
+```
+
+**Test framework:** JUnit 5 (Jupiter). Tests are integration-style — they start real Netty
+servers and use `java.net.http.HttpClient` to make HTTP requests. Netty leak detection is
+set to `PARANOID` in test configurations.
+
+**Test locations:** `src/test/kotlin/` and `src/test/java/` following standard Gradle layout.
+Test resources (XML configs, logback) are in `src/test/resources/`.
+
+## Lint / Format
+
+No linting or formatting tools are configured (no Checkstyle, Detekt, ktlint, Spotless, or
+similar). Follow the existing code style described below.
+
+## Code Style Guidelines
+
+### Language Split
+
+- **Java** for `rbcs-api` (public API consumed by Java clients) with Lombok annotations
+- **Kotlin** for all implementation modules
+- **`module-info.java`** in every module (JPMS)
+
+### Import Ordering (Kotlin)
+
+Three groups separated by blank lines, each alphabetically sorted:
+1. External/third-party (`io.netty.*`, `org.slf4j.*`)
+2. Java standard library (`java.*`, `javax.*`)
+3. Internal project (`net.woggioni.rbcs.*`)
+
+Import aliases are rare; used only to resolve conflicts:
+`import io.netty.util.concurrent.Future as NettyFuture`
+
+### Naming Conventions
+
+| Element             | Convention              | Examples                                          |
+|---------------------|-------------------------|---------------------------------------------------|
+| Classes/interfaces  | PascalCase              | `RemoteBuildCacheServer`, `CacheHandler`           |
+| Abstract classes    | `Abstract` prefix       | `AbstractServerTest`, `AbstractNettyHttpAuthenticator` |
+| Functions/methods   | camelCase               | `loadConfiguration()`, `sendShutdownSignal()`      |
+| Variables/properties| camelCase               | `bucketManager`, `sslContext`                      |
+| Constants           | SCREAMING_SNAKE_CASE    | `SSL_HANDLER_NAME`, `RBCS_NAMESPACE_URI`           |
+| Handler names       | `val NAME = ...::class.java.name` in companion object                    |
+| Packages            | lowercase dot-separated | `net.woggioni.rbcs.server.throttling`              |
+| Enum values         | PascalCase              | `Role.Reader`, `Role.Writer`                       |
+| Kotlin files        | PascalCase matching primary class; lowercase for files with only top-level functions |
+
+### Error Handling
+
+- Custom unchecked exception hierarchy rooted at `RbcsException extends RuntimeException`
+- Domain subclasses: `CacheException`, `ConfigurationException`, `ContentTooLargeException`
+- Async errors propagated via `CompletableFuture.completeExceptionally()`
+- Synchronous errors thrown directly: `throw IllegalArgumentException(...)`
+- Kotlin null safety idioms preferred over null checks: `?.let`, `?:`, `takeIf`
+- `ExceptionHandler` maps exception types to HTTP responses via exhaustive `when`
+
+### Type Annotations
+
+- **Kotlin:** Heavy use of type inference for local variables. Explicit types required on:
+  - Class properties: `private val sslContext: SslContext?`
+  - Non-trivial return types: `fun run(): ServerHandle`
+  - `lateinit var` in tests: `protected lateinit var cfg: Configuration`
+- **Java:** Lombok `@Value` for immutable data classes; modern pattern matching with `instanceof`
+- No `typealias` declarations are used in this project
+
+### Async Patterns
+
+- Primary abstraction: `CompletableFuture<T>` — **no Kotlin coroutines**
+- Netty event-driven callbacks (`ChannelFuture`, `GenericFutureListener`)
+- Custom `AsyncCloseable` interface wraps `CompletableFuture<Void>` for async shutdown
+- Retry logic uses `CompletableFuture` composition with exponential backoff + jitter
+- Virtual threads used selectively (background GC, configurable event executors)
+- Connection pooling via Netty `FixedChannelPool`
+
+### Logging
+
+- SLF4J via custom Kotlin lazy-evaluation extension functions (defined in `rbcs-common`)
+- Logger creation: `private val log = createLogger<ClassName>()` (in companion object)
+- Lazy log calls: `log.debug { "message with ${interpolation}" }` (lambda only evaluated if enabled)
+- Channel-aware variants: `log.debug(ctx) { "message" }` (adds MDC: channel-id, remote-address)
+- Java classes use Lombok `@Slf4j`
+- String templates with `${}` for Kotlin log messages
+
+### Kotlin Idioms
+
+- `apply` as builder pattern: `ServerBootstrap().apply { group(...); option(...) }`
+- `also` for side effects, `let` for transformation, `run` for scoping
+- Trailing commas in constructor parameter lists and multi-line function calls
+- `sealed class`/`sealed interface` for algebraic types (e.g., `OperationOutcome`, `Authentication`)
+- `data class` for value types; `companion object` for static members and constants
+- No trailing semicolons
+
+### Java Idioms (API module)
+
+- Lombok annotations: `@Value`, `@Getter`, `@RequiredArgsConstructor`, `@EqualsAndHashCode.Include`
+- `sealed interface` with `final` permitted subtypes (e.g., `CacheMessage`)
+- `@FunctionalInterface` on single-method interfaces
+- JPMS `module-info.java` in every module with `requires`, `exports`, `uses`, `provides`
+
+### Testing Patterns
+
+- `@TestInstance(Lifecycle.PER_CLASS)` — single instance per test class
+- `@TestMethodOrder(MethodOrderer.OrderAnnotation)` with `@Order(n)` for sequential execution
+- Abstract base class hierarchy: `AbstractServerTest` → `AbstractBasicAuthServerTest` → concrete
+- Server lifecycle in `@BeforeAll` / `@AfterAll` (start/stop real Netty server)
+- `@TempDir` for temporary directories
+- `@ParameterizedTest` with `@ValueSource` and `@ArgumentsSource` for parameterized tests
+- Assertions via `org.junit.jupiter.api.Assertions` (`assertEquals`, `assertArrayEquals`)
+- No mocking framework — all tests are integration-style against real servers
+
+### Documentation
+
+Minimal doc comments in the codebase. Inline comments used sparingly for clarification.
+When adding new public API, follow existing style — doc comments are not enforced but
+are welcome on complex logic.
+
+## Module Dependency Graph
+
+```
+rbcs-api        → (standalone, Lombok, Netty types)
+rbcs-common     → Netty, Kotlin stdlib
+rbcs-server     → rbcs-api, rbcs-common
+rbcs-server-memcache → rbcs-api, rbcs-common
+rbcs-client     → rbcs-api, rbcs-common
+rbcs-cli        → rbcs-client, rbcs-server (Picocli for CLI)
+rbcs-servlet    → rbcs-api, rbcs-common (Jakarta Servlet/CDI)
+docker          → rbcs-cli, rbcs-server-memcache
+```
+
+## Plugin System
+
+Cache backends use the `ServiceLoader` pattern via JPMS `provides`/`uses` directives.
+To add a new cache provider, implement `CacheProvider<T extends Configuration.Cache>` and
+register it in your module's `module-info.java`.
+
+## Configuration
+
+- XML-based with XSD schema validation
+- Schemas in `src/main/resources/.../schema/*.xsd`
+- Default config loaded from JPMS resources: `jpms://net.woggioni.rbcs.server/...`

build.gradle

@@ -28,7 +28,7 @@ allprojects { subproject ->
         mavenCentral()
     }
 
-    pluginManager.withPlugin('java-library') {
+    pluginManager.withPlugin('java') {
 
         ext {
             jpmsModuleName = subproject.group + '.' + subproject.name.replace('-', '.')
@@ -38,7 +38,7 @@ allprojects { subproject ->
             withSourcesJar()
             modularity.inferModulePath = true
             toolchain {
-                languageVersion = JavaLanguageVersion.of(21)
+                languageVersion = JavaLanguageVersion.of(25)
             }
         }
 
@@ -55,7 +55,7 @@ allprojects { subproject ->
 
         tasks.withType(JavaCompile) {
             modularity.inferModulePath = true
-            options.release = 21
+            options.release = 25
         }
 
         tasks.named(JavaPlugin.COMPILE_JAVA_TASK_NAME, JavaCompile) {
@@ -80,7 +80,7 @@ allprojects { subproject ->
 
     pluginManager.withPlugin(catalog.plugins.kotlin.jvm.get().pluginId) {
         tasks.withType(KotlinCompile.class) {
-            compilerOptions.jvmTarget = JvmTarget.JVM_21
+            compilerOptions.jvmTarget = JvmTarget.JVM_25
         }
     }
 

doc/server_configuration.md

@@ -14,8 +14,21 @@ Configures server socket settings.
 **Attributes:**
 - `host` (required): Server bind address
 - `port` (required): Server port number
+- `proxy-protocol` (optional, default: false): Enable [HAProxy proxy protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) support. When enabled, the server decodes proxy protocol headers to extract the real client IP address from proxied connections.
 - `incoming-connections-backlog-size` (optional, default: 1024): Maximum queue length for incoming connection indications
 
+**Child Elements:**
+
+##### `<trusted-proxies>`
+Restricts which proxy servers are trusted to provide accurate client IP information via the proxy protocol. Only used when `proxy-protocol` is set to `true`.
+
+If omitted or empty, all proxies are trusted. When specified, only connections originating from the listed CIDR ranges will have their forwarded client IP honored.
+
+- Contains `<allow>` elements:
+
+  **Attributes:**
+    - `cidr` (required): An IPv4 or IPv6 CIDR range identifying a trusted proxy address (e.g. `192.168.0.0/24`, `::1/128`)
+
 #### `<connection>`
 Configures connection handling parameters.
 
@@ -127,7 +140,12 @@ Configures TLS encryption.
              xmlns:rbcs="urn:net.woggioni.rbcs.server"
              xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd"
 >
-    <bind host="0.0.0.0" port="8080" incoming-connections-backlog-size="1024"/>
+    <bind host="0.0.0.0" port="8080" incoming-connections-backlog-size="1024" proxy-protocol="true">
+        <trusted-proxies>
+            <allow cidr="192.168.0.11/32"/>
+            <allow cidr="::1/128"/>
+        </trusted-proxies>
+    </bind>
     <connection
             max-request-size="67108864"
             idle-timeout="PT10S"

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:21-jre-alpine AS base-release
+FROM eclipse-temurin:25-jre-alpine AS base-release
 RUN adduser -D luser
 USER luser
 WORKDIR /home/luser
@@ -16,6 +16,15 @@ WORKDIR /home/luser
 ADD logback.xml .
 ENTRYPOINT ["java", "-Dlogback.configurationFile=logback.xml", "-XX:MaxRAMPercentage=70", "-XX:GCTimeRatio=24", "-XX:+UseZGC", "-XX:+ZGenerational", "-jar", "/home/luser/rbcs.jar"]
 
+FROM base-release AS release-redis
+ADD --chown=luser:luser rbcs-cli-envelope-*.jar rbcs.jar
+RUN mkdir plugins
+WORKDIR /home/luser/plugins
+RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/rbcs-server-redis*.tar
+WORKDIR /home/luser
+ADD logback.xml .
+ENTRYPOINT ["java", "-Dlogback.configurationFile=logback.xml", "-XX:MaxRAMPercentage=70", "-XX:GCTimeRatio=24", "-XX:+UseZGC", "-XX:+ZGenerational", "-jar", "/home/luser/rbcs.jar"]
+
 FROM busybox:musl AS base-native
 RUN mkdir -p /var/lib/rbcs /etc/rbcs
 RUN adduser -D -u 1000 rbcs -h /var/lib/rbcs
@@ -33,6 +42,7 @@ ENTRYPOINT ["/usr/bin/rbcs-cli", "-XX:MaximumHeapSizePercent=70"]
 FROM debian:12-slim AS release-jlink
 RUN mkdir -p /usr/share/java/rbcs
 RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/rbcs-cli*.tar -C /usr/share/java/rbcs
+RUN chmod 755 /usr/share/java/rbcs/bin/*
 ADD --chmod=755 rbcs-cli.sh /usr/local/bin/rbcs-cli
 RUN adduser -u 1000 luser
 USER luser

docker/README.md

@@ -5,7 +5,7 @@ There are 3 image flavours:
 - native
 
 The `vanilla` image only contains the envelope 
-jar file with no plugins and is based on `eclipse-temurin:21-jre-alpine`
+jar file with no plugins and is based on `eclipse-temurin:25-jre-alpine`
 
 The `memcache` image is similar to the `vanilla` image, except that it also contains
 the `rbcs-server-memcache` plugin in the `plugins` folder, use this image if you don't want to use the `native`

docker/build.gradle

@@ -20,6 +20,7 @@ configurations {
 dependencies {
     docker project(path: ':rbcs-cli', configuration: 'release')
     docker project(path: ':rbcs-server-memcache', configuration: 'release')
+    docker project(path: ':rbcs-server-redis', configuration: 'release')
 }
 
 Provider<Task> cleanTaskProvider = tasks.named(BasePlugin.CLEAN_TASK_NAME) {}

docker/rbcs-cli.sh

@@ -1,3 +1,3 @@
 #!/bin/sh
 DIR=/usr/share/java/rbcs
-$DIR/bin/java $JAVA_OPTS -m net.woggioni.rbcs.cli "$@"
+exec $DIR/bin/java $JAVA_OPTS -m net.woggioni.rbcs.cli $@

gradle.properties

@@ -2,9 +2,9 @@ org.gradle.configuration-cache=false
 org.gradle.parallel=true
 org.gradle.caching=true
 
-rbcs.version = 0.3.4
+rbcs.version = 0.4.0
 
-lys.version = 2025.09.30
+lys.version = 2026.03.26
 
 gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
 docker.registry.url=gitea.woggioni.net

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-9.1.0-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.3.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH="\\\"\\\""
 
 
 # Determine the Java command to use to start the JVM.
@@ -172,7 +171,6 @@ fi
 # For Cygwin or MSYS, switch paths to Windows format before running java
 if "$cygwin" || "$msys" ; then
     APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
-    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
 
     JAVACMD=$( cygpath --unix "$JAVACMD" )
 
@@ -212,7 +210,6 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
-        -classpath "$CLASSPATH" \
         -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 

gradlew.bat

@@ -70,11 +70,10 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

rbcs-api/src/main/java/net/woggioni/rbcs/api/Configuration.java

@@ -4,10 +4,12 @@ package net.woggioni.rbcs.api;
 import lombok.EqualsAndHashCode;
 import lombok.NonNull;
 import lombok.Value;
+import net.woggioni.rbcs.common.Cidr;
 
 import java.nio.file.Path;
 import java.security.cert.X509Certificate;
 import java.time.Duration;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -16,6 +18,8 @@ import java.util.stream.Collectors;
 public class Configuration {
     String host;
     int port;
+    boolean proxyProtocolEnabled;
+    List<Cidr> trustedProxyIPs;
     int incomingConnectionsBacklogSize;
     String serverPath;
     @NonNull
@@ -30,6 +34,7 @@ public class Configuration {
     Authentication authentication;
     Tls tls;
 
+
     @Value
     public static class RateLimiter {
         boolean delayRequest;
@@ -140,6 +145,8 @@ public class Configuration {
     public static Configuration of(
             String host,
             int port,
+            boolean proxyProtocolEnabled,
+            List<Cidr> trustedProxyIPs,
             int incomingConnectionsBacklogSize,
             String serverPath,
             EventExecutor eventExecutor,
@@ -154,6 +161,8 @@ public class Configuration {
         return new Configuration(
                 host,
                 port,
+                proxyProtocolEnabled,
+                trustedProxyIPs,
                 incomingConnectionsBacklogSize,
                 serverPath != null && !serverPath.isEmpty() && !serverPath.equals("/") ? serverPath : null,
                 eventExecutor,

rbcs-cli/build.gradle

@@ -50,6 +50,7 @@ configurations {
 dependencies {
     configureNativeImageImplementation project
     configureNativeImageImplementation project(':rbcs-server-memcache')
+    configureNativeImageImplementation project(':rbcs-server-redis')
 
     implementation catalog.jwo
     implementation catalog.slf4j.api
@@ -62,6 +63,7 @@ dependencies {
     runtimeOnly catalog.logback.classic
 //    runtimeOnly catalog.slf4j.simple
     nativeImage project(':rbcs-server-memcache')
+    nativeImage project(':rbcs-server-redis')
 
 }
 
@@ -89,7 +91,7 @@ Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named(EnvelopePlugin.E
 
 tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(21)
+        languageVersion = JavaLanguageVersion.of(25)
         vendor = JvmVendorSpec.GRAAL_VM
     }
     mainClass = "net.woggioni.rbcs.cli.graal.GraalNativeImageConfiguration"
@@ -107,7 +109,7 @@ tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfi
 
 nativeImage {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(23)
+        languageVersion = JavaLanguageVersion.of(25)
         vendor = JvmVendorSpec.GRAAL_VM
     }
     mainClass = mainClassName
@@ -126,7 +128,7 @@ Provider<UpxTask> upxTaskProvider = tasks.named(NativeImagePlugin.UPX_TASK_NAME,
 
 Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME, JlinkTask) {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(21)
+        languageVersion = JavaLanguageVersion.of(25)
         vendor = JvmVendorSpec.GRAAL_VM
     }
 
@@ -138,6 +140,7 @@ Provider<JlinkTask> jlinkTaskProvider = tasks.named(JlinkPlugin.JLINK_TASK_NAME,
     )
     additionalModules = [
         'net.woggioni.rbcs.server.memcache',
+        'net.woggioni.rbcs.server.redis',
         'ch.qos.logback.classic',
         'jdk.crypto.ec'
     ]

rbcs-cli/conf/rbcs-server-redis.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:rbcs="urn:net.woggioni.rbcs.server"
+             xmlns:rbcs-redis="urn:net.woggioni.rbcs.server.redis"
+             xs:schemaLocation="urn:net.woggioni.rbcs.server.redis jpms://net.woggioni.rbcs.server.redis/net/woggioni/rbcs/server/redis/schema/rbcs-redis.xsd urn:net.woggioni.rbcs.server.memcache jpms://net.woggioni.rbcs.server.memcache/net/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd"
+>
+    <bind host="127.0.0.1" port="8080" incoming-connections-backlog-size="1024"/>
+    <connection
+            max-request-size="67108864"
+            idle-timeout="PT10S"
+            read-idle-timeout="PT20S"
+            write-idle-timeout="PT20S"/>
+    <event-executor use-virtual-threads="true"/>
+    <cache xs:type="rbcs-redis:redisCacheType" max-age="P7D" digest="MD5">
+        <server host="127.0.0.1" port="6379" max-connections="256"/>
+    </cache>
+    <!--cache xs:type="rbcs:inMemoryCacheType" max-age="P7D" enable-compression="false" max-size="0x10000000" /-->
+    <!--cache xs:type="rbcs:fileSystemCacheType" max-age="P7D" enable-compression="false" /-->
+    <authorization>
+        <users>
+            <user name="woggioni" password="II+qeNLft2pZ/JVNo9F7jpjM/BqEcfsJW27NZ6dPVs8tAwHbxrJppKYsbL7J/SMl">
+                <quota calls="100" period="PT1S"/>
+            </user>
+            <user name="gitea" password="v6T9+q6/VNpvLknji3ixPiyz2YZCQMXj2FN7hvzbfc2Ig+IzAHO0iiBCH9oWuBDq"/>
+            <anonymous>
+                <quota calls="10" period="PT60S" initial-available-calls="10" max-available-calls="10"/>
+            </anonymous>
+        </users>
+        <groups>
+            <group name="readers">
+                <users>
+                    <anonymous/>
+                </users>
+                <roles>
+                    <reader/>
+                </roles>
+            </group>
+            <group name="writers">
+                <users>
+                    <user ref="woggioni"/>
+                    <user ref="gitea"/>
+                </users>
+                <roles>
+                    <reader/>
+                    <writer/>
+                </roles>
+            </group>
+        </groups>
+    </authorization>
+    <authentication>
+        <none/>
+    </authentication>
+</rbcs:server>

rbcs-cli/native-image/native-image.properties

@@ -1,2 +1,2 @@
-Args=-O3 -march=x86-64-v2 --gc=serial --install-exit-handlers --initialize-at-run-time=io.netty --enable-url-protocols=jpms --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler
+Args=-O3 -march=x86-64-v2 --gc=serial --initialize-at-run-time=io.netty --enable-url-protocols=jpms -H:+UnlockExperimentalVMOptions -H:+SharedArenaSupport --initialize-at-build-time=net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory,net.woggioni.rbcs.common.RbcsUrlStreamHandlerFactory$JpmsHandler
 #-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils

rbcs-cli/native-image/reflect-config.json

@@ -183,9 +183,6 @@
   "name":"io.netty.channel.SimpleChannelInboundHandler",
   "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
 },
-{
-  "name":"io.netty.channel.embedded.EmbeddedChannel$2"
-},
 {
   "name":"io.netty.channel.pool.SimpleChannelPool$1"
 },
@@ -195,7 +192,7 @@
 },
 {
   "name":"io.netty.handler.codec.ByteToMessageDecoder",
-  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"userEventTriggered","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
 },
 {
   "name":"io.netty.handler.codec.MessageAggregator",
@@ -214,7 +211,8 @@
   "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
 },
 {
-  "name":"io.netty.handler.codec.compression.JdkZlibDecoder"
+  "name":"io.netty.handler.codec.compression.JdkZlibDecoder",
+  "methods":[{"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
 },
 {
   "name":"io.netty.handler.codec.compression.JdkZlibEncoder",
@@ -227,6 +225,10 @@
   "name":"io.netty.handler.codec.http.HttpContentDecoder",
   "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelReadComplete","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }]
 },
+{
+  "name":"io.netty.handler.codec.http.HttpContentDecoder$ByteBufForwarder",
+  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }]
+},
 {
   "name":"io.netty.handler.codec.http.HttpContentDecompressor"
 },
@@ -278,9 +280,13 @@
   "name":"io.netty.util.concurrent.DefaultPromise",
   "fields":[{"name":"result"}]
 },
+{
+  "name":"io.netty.util.concurrent.MpscIntQueue$MpscAtomicIntegerArrayQueue",
+  "fields":[{"name":"consumerIndex"}, {"name":"producerIndex"}, {"name":"producerLimit"}]
+},
 {
   "name":"io.netty.util.concurrent.SingleThreadEventExecutor",
-  "fields":[{"name":"state"}, {"name":"threadProperties"}]
+  "fields":[{"name":"accumulatedActiveTimeNanos"}, {"name":"consecutiveBusyCycles"}, {"name":"consecutiveIdleCycles"}, {"name":"state"}, {"name":"threadProperties"}]
 },
 {
   "name":"io.netty.util.internal.shaded.org.jctools.queues.BaseMpscLinkedArrayQueueColdProducerFields",
@@ -566,7 +572,7 @@
 },
 {
   "name":"net.woggioni.rbcs.server.handler.ReadTriggerDuplexHandler",
-  "methods":[{"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
+  "methods":[{"name":"channelInactive","parameterTypes":["io.netty.channel.ChannelHandlerContext"] }, {"name":"channelRead","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object"] }, {"name":"write","parameterTypes":["io.netty.channel.ChannelHandlerContext","java.lang.Object","io.netty.channel.ChannelPromise"] }]
 },
 {
   "name":"net.woggioni.rbcs.server.handler.ServerHandler",

rbcs-cli/native-image/resource-config.json

@@ -36,6 +36,8 @@
     "pattern":"\\Qnet/woggioni/rbcs/server/memcache/schema/rbcs-memcache.xsd\\E"
   }, {
     "pattern":"\\Qnet/woggioni/rbcs/server/schema/rbcs-server.xsd\\E"
+  }, {
+    "pattern":"jdk.jfr:\\Qjdk/jfr/internal/types/metadata.bin\\E"
   }]},
   "bundles":[{
     "name":"com.sun.org.apache.xerces.internal.impl.xpath.regex.message",

rbcs-cli/src/configureNativeImage/kotlin/net/woggioni/rbcs/cli/graal/GraalNativeImageConfiguration.kt

@@ -27,16 +27,27 @@ import net.woggioni.rbcs.server.cache.FileSystemCacheConfiguration
 import net.woggioni.rbcs.server.cache.InMemoryCacheConfiguration
 import net.woggioni.rbcs.server.configuration.Parser
 import net.woggioni.rbcs.server.memcache.MemcacheCacheConfiguration
+import net.woggioni.rbcs.server.redis.RedisCacheConfiguration
 
 object GraalNativeImageConfiguration {
     @JvmStatic
     fun main(vararg args : String) {
 
-        val serverURL = URI.create("file:conf/rbcs-server.xml").toURL()
+        let {
-        val serverDoc = serverURL.openStream().use {
+            val serverURL = URI.create("file:conf/rbcs-server.xml").toURL()
-            Xml.parseXml(serverURL, it)
+            val serverDoc = serverURL.openStream().use {
+                Xml.parseXml(serverURL, it)
+            }
+            Parser.parse(serverDoc)
+        }
+
+        let {
+            val serverURL = URI.create("file:conf/rbcs-server-redis.xml").toURL()
+            val serverDoc = serverURL.openStream().use {
+                Xml.parseXml(serverURL, it)
+            }
+            Parser.parse(serverDoc)
         }
-        Parser.parse(serverDoc)
 
         val url = URI.create("file:conf/rbcs-client.xml").toURL()
         val clientDoc = url.openStream().use {
@@ -90,6 +101,18 @@ object GraalNativeImageConfiguration {
                 "MD5",
                 null,
                 1,
+            ),
+            RedisCacheConfiguration(
+                listOf(RedisCacheConfiguration.Server(
+                    HostAndPort("127.0.0.1", 6379),
+                    1000,
+                    4)
+                ),
+                Duration.ofSeconds(60),
+                "someCustomPrefix",
+                "MD5",
+                null,
+                1,
             )
         )
 
@@ -97,6 +120,8 @@ object GraalNativeImageConfiguration {
             val serverConfiguration = Configuration(
                 "127.0.0.1",
                 serverPort,
+                false,
+                emptyList(),
                 100,
                 null,
                 Configuration.EventExecutor(true),

rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/Cidr.kt

@@ -0,0 +1,62 @@
+package net.woggioni.rbcs.common
+
+import java.net.InetAddress
+
+data class Cidr private constructor(
+    val networkAddress: InetAddress,
+    val prefixLength: Int
+) {
+    companion object {
+        fun from(cidr: String) : Cidr {
+            val separator = cidr.indexOf("/")
+            if(separator < 0) {
+                throw IllegalArgumentException("Invalid CIDR format: $cidr")
+            }
+            val networkAddress = InetAddress.getByName(cidr.substring(0, separator))
+            val prefixLength = cidr.substring(separator + 1, cidr.length).toInt()
+
+
+            // Validate prefix length
+            val maxPrefix = if (networkAddress.address.size == 4) 32 else 128
+            require(prefixLength in 0..maxPrefix) { "Invalid prefix length: $prefixLength" }
+            return Cidr(networkAddress, prefixLength)
+        }
+    }
+
+    fun contains(address: InetAddress): Boolean {
+        val networkBytes = networkAddress.address
+        val addressBytes = address.address
+
+        if (networkBytes.size != addressBytes.size) {
+            return false
+        }
+
+
+        // Calculate how many full bytes and remaining bits to check
+        val fullBytes = prefixLength / 8
+        val remainingBits = prefixLength % 8
+
+
+        // Check full bytes
+        for (i in 0..<fullBytes) {
+            if (networkBytes[i] != addressBytes[i]) {
+                return false
+            }
+        }
+
+
+        // Check remaining bits if any
+        if (remainingBits > 0 && fullBytes < networkBytes.size) {
+            val mask = (0xFF shl (8 - remainingBits)).toByte()
+            if ((networkBytes[fullBytes].toInt() and mask.toInt()) != (addressBytes[fullBytes].toInt() and mask.toInt())) {
+                return false
+            }
+        }
+
+        return true
+    }
+
+    override fun toString(): String {
+        return networkAddress.hostAddress + "/" + prefixLength
+    }
+}

rbcs-common/src/main/kotlin/net/woggioni/rbcs/common/Logging.kt

@@ -81,9 +81,6 @@ inline fun Logger.log(level: Level, channel: Channel, crossinline messageBuilder
         )
         withMDC(params) {
             val builder = makeLoggingEventBuilder(level)
-//            for ((key, value) in params) {
-//                builder.addKeyValue(key, value)
-//            }
             messageBuilder(builder)
             builder.log()
         }

rbcs-common/src/test/kotlin/net/woggioni/rbcs/common/CidrTest.kt

@@ -0,0 +1,17 @@
+package net.woggioni.rbcs.common
+
+import java.net.InetAddress
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.Test
+
+class CidrTest {
+    class CidrTest {
+        @Test
+        fun test() {
+            val cidr = Cidr.from("2a02:4780:12:368b::1/128")
+            Assertions.assertTrue {
+                cidr.contains(InetAddress.ofLiteral("2a02:4780:12:368b::1"))
+            }
+        }
+    }
+}

rbcs-server-redis/build.gradle

@@ -0,0 +1,69 @@
+plugins {
+    id 'java-library'
+    id 'maven-publish'
+    alias catalog.plugins.kotlin.jvm
+}
+
+configurations {
+    bundle {
+        canBeResolved = true
+        canBeConsumed = false
+        visible = false
+        transitive = false
+
+        resolutionStrategy {
+            dependencies {
+                exclude group: 'org.slf4j', module: 'slf4j-api'
+                exclude group: 'org.jetbrains.kotlin', module: 'kotlin-stdlib'
+                exclude group: 'org.jetbrains', module: 'annotations'
+            }
+        }
+    }
+
+    release {
+        transitive = false
+        canBeConsumed = true
+        canBeResolved = true
+        visible = true
+    }
+}
+
+dependencies {
+    implementation project(':rbcs-common')
+    implementation project(':rbcs-api')
+    implementation catalog.jwo
+    implementation catalog.slf4j.api
+    implementation catalog.netty.common
+    implementation catalog.netty.handler
+    implementation catalog.netty.codec.redis
+
+    bundle catalog.netty.codec.redis
+
+    testRuntimeOnly catalog.logback.classic
+}
+
+tasks.named(JavaPlugin.TEST_TASK_NAME, Test) {
+    systemProperty("io.netty.leakDetectionLevel", "PARANOID")
+}
+
+Provider<Tar> bundleTask = tasks.register("bundle", Tar) {
+    from(tasks.named(JavaPlugin.JAR_TASK_NAME))
+    from(configurations.bundle)
+    group = BasePlugin.BUILD_GROUP
+}
+
+tasks.named(BasePlugin.ASSEMBLE_TASK_NAME) {
+    dependsOn(bundleTask)
+}
+
+artifacts {
+    release(bundleTask)
+}
+
+publishing {
+    publications {
+        maven(MavenPublication) {
+            artifact bundleTask
+        }
+    }
+}

rbcs-server-redis/src/main/java/module-info.java

@@ -0,0 +1,20 @@
+import net.woggioni.rbcs.api.CacheProvider;
+
+module net.woggioni.rbcs.server.redis {
+    requires net.woggioni.rbcs.common;
+    requires net.woggioni.rbcs.api;
+    requires net.woggioni.jwo;
+    requires java.xml;
+    requires kotlin.stdlib;
+    requires io.netty.transport;
+    requires io.netty.codec;
+    requires io.netty.codec.redis;
+    requires io.netty.common;
+    requires io.netty.buffer;
+    requires io.netty.handler;
+    requires org.slf4j;
+
+    provides CacheProvider with net.woggioni.rbcs.server.redis.RedisCacheProvider;
+
+    opens net.woggioni.rbcs.server.redis.schema;
+}

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/Exception.kt

@@ -0,0 +1,4 @@
+package net.woggioni.rbcs.server.redis
+
+class RedisException(msg: String, cause: Throwable? = null)
+    : RuntimeException(msg, cause)

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/RedisCacheConfiguration.kt

@@ -0,0 +1,107 @@
+package net.woggioni.rbcs.server.redis
+
+import io.netty.channel.ChannelFactory
+import io.netty.channel.EventLoopGroup
+import io.netty.channel.pool.FixedChannelPool
+import io.netty.channel.socket.DatagramChannel
+import io.netty.channel.socket.SocketChannel
+
+import java.time.Duration
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.atomic.AtomicInteger
+import java.util.concurrent.atomic.AtomicReference
+
+import net.woggioni.rbcs.api.CacheHandler
+import net.woggioni.rbcs.api.CacheHandlerFactory
+import net.woggioni.rbcs.api.Configuration
+import net.woggioni.rbcs.common.HostAndPort
+import net.woggioni.rbcs.common.createLogger
+import net.woggioni.rbcs.server.redis.client.RedisClient
+
+data class RedisCacheConfiguration(
+    val servers: List<Server>,
+    val maxAge: Duration = Duration.ofDays(1),
+    val keyPrefix: String? = null,
+    val digestAlgorithm: String? = null,
+    val compressionMode: CompressionMode? = null,
+    val compressionLevel: Int,
+) : Configuration.Cache {
+
+    companion object {
+        private val log = createLogger<RedisCacheConfiguration>()
+    }
+
+    enum class CompressionMode {
+        /**
+         * Deflate mode
+         */
+        DEFLATE
+    }
+
+    data class Server(
+        val endpoint: HostAndPort,
+        val connectionTimeoutMillis: Int?,
+        val maxConnections: Int,
+        val password: String? = null,
+    )
+
+    override fun materialize() = object : CacheHandlerFactory {
+
+        private val connectionPoolMap = ConcurrentHashMap<HostAndPort, FixedChannelPool>()
+
+        override fun newHandler(
+            cfg: Configuration,
+            eventLoop: EventLoopGroup,
+            socketChannelFactory: ChannelFactory<SocketChannel>,
+            datagramChannelFactory: ChannelFactory<DatagramChannel>,
+        ): CacheHandler {
+            return RedisCacheHandler(
+                RedisClient(
+                    this@RedisCacheConfiguration.servers,
+                    cfg.connection.chunkSize,
+                    eventLoop,
+                    socketChannelFactory,
+                    connectionPoolMap
+                ),
+                keyPrefix,
+                digestAlgorithm,
+                compressionMode != null,
+                compressionLevel,
+                cfg.connection.chunkSize,
+                maxAge
+            )
+        }
+
+        override fun asyncClose() = object : CompletableFuture<Void>() {
+            init {
+                val failure = AtomicReference<Throwable>(null)
+                val pools = connectionPoolMap.values.toList()
+                val npools = pools.size
+                val finished = AtomicInteger(0)
+                if (pools.isEmpty()) {
+                    complete(null)
+                } else {
+                    pools.forEach { pool ->
+                        pool.closeAsync().addListener {
+                            if (!it.isSuccess) {
+                                failure.compareAndSet(null, it.cause())
+                            }
+                            if (finished.incrementAndGet() == npools) {
+                                when (val ex = failure.get()) {
+                                    null -> complete(null)
+                                    else -> completeExceptionally(ex)
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+    }
+
+    override fun getNamespaceURI() = "urn:net.woggioni.rbcs.server.redis"
+
+    override fun getTypeName() = "redisCacheType"
+}

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/RedisCacheHandler.kt

@@ -0,0 +1,438 @@
+package net.woggioni.rbcs.server.redis
+
+import io.netty.buffer.ByteBuf
+import io.netty.buffer.ByteBufAllocator
+import io.netty.buffer.CompositeByteBuf
+import io.netty.channel.Channel as NettyChannel
+import io.netty.channel.ChannelHandlerContext
+import io.netty.handler.codec.redis.ArrayRedisMessage
+import io.netty.handler.codec.redis.ErrorRedisMessage
+import io.netty.handler.codec.redis.FullBulkStringRedisMessage
+import io.netty.handler.codec.redis.RedisMessage
+import io.netty.handler.codec.redis.SimpleStringRedisMessage
+
+import java.io.ByteArrayOutputStream
+import java.io.ObjectInputStream
+import java.io.ObjectOutputStream
+import java.nio.ByteBuffer
+import java.nio.channels.Channels
+import java.nio.channels.FileChannel
+import java.nio.channels.ReadableByteChannel
+import java.nio.charset.StandardCharsets
+import java.nio.file.Files
+import java.nio.file.StandardOpenOption
+import java.time.Duration
+import java.util.zip.Deflater
+import java.util.zip.DeflaterOutputStream
+import java.util.zip.InflaterOutputStream
+
+import net.woggioni.rbcs.api.CacheHandler
+import net.woggioni.rbcs.api.CacheValueMetadata
+import net.woggioni.rbcs.api.exception.ContentTooLargeException
+import net.woggioni.rbcs.api.message.CacheMessage
+import net.woggioni.rbcs.api.message.CacheMessage.CacheContent
+import net.woggioni.rbcs.api.message.CacheMessage.CacheGetRequest
+import net.woggioni.rbcs.api.message.CacheMessage.CachePutRequest
+import net.woggioni.rbcs.api.message.CacheMessage.CachePutResponse
+import net.woggioni.rbcs.api.message.CacheMessage.CacheValueFoundResponse
+import net.woggioni.rbcs.api.message.CacheMessage.CacheValueNotFoundResponse
+import net.woggioni.rbcs.api.message.CacheMessage.LastCacheContent
+import net.woggioni.rbcs.common.ByteBufInputStream
+import net.woggioni.rbcs.common.ByteBufOutputStream
+import net.woggioni.rbcs.common.RBCS.processCacheKey
+import net.woggioni.rbcs.common.RBCS.toIntOrNull
+import net.woggioni.rbcs.common.createLogger
+import net.woggioni.rbcs.common.debug
+import net.woggioni.rbcs.common.extractChunk
+import net.woggioni.rbcs.common.trace
+import net.woggioni.rbcs.common.warn
+import net.woggioni.rbcs.server.redis.client.RedisClient
+import net.woggioni.rbcs.server.redis.client.RedisResponseHandler
+
+class RedisCacheHandler(
+    private val client: RedisClient,
+    private val keyPrefix: String?,
+    private val digestAlgorithm: String?,
+    private val compressionEnabled: Boolean,
+    private val compressionLevel: Int,
+    private val chunkSize: Int,
+    private val maxAge: Duration,
+) : CacheHandler() {
+    companion object {
+        private val log = createLogger<RedisCacheHandler>()
+    }
+
+    private interface InProgressRequest
+
+    private inner class InProgressGetRequest(
+        val key: String,
+        private val ctx: ChannelHandlerContext,
+    ) : InProgressRequest {
+        private val chunk = ctx.alloc().compositeBuffer()
+        private val outputStream = ByteBufOutputStream(chunk).let {
+            if (compressionEnabled) {
+                InflaterOutputStream(it)
+            } else {
+                it
+            }
+        }
+
+        fun processResponse(data: ByteBuf) {
+            if (data.readableBytes() < Int.SIZE_BYTES) {
+                log.debug(ctx) {
+                    "Received empty or corrupt data from Redis for key $key"
+                }
+                sendMessageAndFlush(ctx, CacheValueNotFoundResponse(key))
+                data.release()
+                return
+            }
+
+            val metadataSize = data.readInt()
+            if (data.readableBytes() < metadataSize) {
+                log.debug(ctx) {
+                    "Received incomplete metadata from Redis for key $key"
+                }
+                sendMessageAndFlush(ctx, CacheValueNotFoundResponse(key))
+                data.release()
+                return
+            }
+
+            val metadata = ObjectInputStream(ByteBufInputStream(data)).use {
+                data.retain()
+                it.readObject() as CacheValueMetadata
+            }
+            data.readerIndex(Int.SIZE_BYTES + metadataSize)
+
+            log.trace(ctx) {
+                "Sending response from cache"
+            }
+            sendMessageAndFlush(ctx, CacheValueFoundResponse(key, metadata))
+
+            // Decompress and stream the remaining payload
+            data.readBytes(outputStream, data.readableBytes())
+            data.release()
+            commit()
+        }
+
+        private fun flush(last: Boolean) {
+            val toSend = extractChunk(chunk, ctx.alloc())
+            val msg = if (last) {
+                log.trace(ctx) {
+                    "Sending last chunk to client"
+                }
+                LastCacheContent(toSend)
+            } else {
+                log.trace(ctx) {
+                    "Sending chunk to client"
+                }
+                CacheContent(toSend)
+            }
+            sendMessageAndFlush(ctx, msg)
+        }
+
+        fun commit() {
+            chunk.retain()
+            outputStream.close()
+            flush(true)
+            chunk.release()
+        }
+
+        fun rollback() {
+            outputStream.close()
+        }
+    }
+
+    private inner class InProgressPutRequest(
+        private val ch: NettyChannel,
+        metadata: CacheValueMetadata,
+        val keyString: String,
+        val keyBytes: ByteBuf,
+        private val alloc: ByteBufAllocator,
+    ) : InProgressRequest {
+        private var totalSize = 0
+        private var tmpFile: FileChannel? = null
+        private val accumulator = alloc.compositeBuffer()
+        private val stream = ByteBufOutputStream(accumulator).let {
+            if (compressionEnabled) {
+                DeflaterOutputStream(it, Deflater(compressionLevel))
+            } else {
+                it
+            }
+        }
+
+        init {
+            ByteArrayOutputStream().let { baos ->
+                ObjectOutputStream(baos).use {
+                    it.writeObject(metadata)
+                }
+                val serializedBytes = baos.toByteArray()
+                accumulator.writeInt(serializedBytes.size)
+                accumulator.writeBytes(serializedBytes)
+            }
+        }
+
+        fun write(buf: ByteBuf) {
+            totalSize += buf.readableBytes()
+            buf.readBytes(stream, buf.readableBytes())
+            tmpFile?.let {
+                flushToDisk(it, accumulator)
+            }
+            if (accumulator.readableBytes() > 0x100000) {
+                log.debug(ch) {
+                    "Entry is too big, buffering it into a file"
+                }
+                val opts = arrayOf(
+                    StandardOpenOption.DELETE_ON_CLOSE,
+                    StandardOpenOption.READ,
+                    StandardOpenOption.WRITE,
+                    StandardOpenOption.TRUNCATE_EXISTING
+                )
+                FileChannel.open(Files.createTempFile("rbcs-server-redis", ".tmp"), *opts).let { fc ->
+                    tmpFile = fc
+                    flushToDisk(fc, accumulator)
+                }
+            }
+        }
+
+        private fun flushToDisk(fc: FileChannel, buf: CompositeByteBuf) {
+            val chunk = extractChunk(buf, alloc)
+            fc.write(chunk.nioBuffer())
+            chunk.release()
+        }
+
+        fun commit(): Pair<Int, ReadableByteChannel> {
+            keyBytes.release()
+            accumulator.retain()
+            stream.close()
+            val fileChannel = tmpFile
+            return if (fileChannel != null) {
+                flushToDisk(fileChannel, accumulator)
+                accumulator.release()
+                fileChannel.position(0)
+                val fileSize = fileChannel.size().toIntOrNull() ?: let {
+                    fileChannel.close()
+                    throw ContentTooLargeException("Request body is too large", null)
+                }
+                fileSize to fileChannel
+            } else {
+                accumulator.readableBytes() to Channels.newChannel(ByteBufInputStream(accumulator))
+            }
+        }
+
+        fun rollback() {
+            stream.close()
+            keyBytes.release()
+            tmpFile?.close()
+        }
+    }
+
+    private var inProgressRequest: InProgressRequest? = null
+
+    override fun channelRead0(ctx: ChannelHandlerContext, msg: CacheMessage) {
+        when (msg) {
+            is CacheGetRequest -> handleGetRequest(ctx, msg)
+            is CachePutRequest -> handlePutRequest(ctx, msg)
+            is LastCacheContent -> handleLastCacheContent(ctx, msg)
+            is CacheContent -> handleCacheContent(ctx, msg)
+            else -> ctx.fireChannelRead(msg)
+        }
+    }
+
+    private fun handleGetRequest(ctx: ChannelHandlerContext, msg: CacheGetRequest) {
+        log.debug(ctx) {
+            "Fetching ${msg.key} from Redis"
+        }
+        val keyBytes = processCacheKey(msg.key, keyPrefix, digestAlgorithm)
+        val keyString = String(keyBytes, StandardCharsets.UTF_8)
+        val responseHandler = object : RedisResponseHandler {
+            override fun responseReceived(response: RedisMessage) {
+                when (response) {
+                    is FullBulkStringRedisMessage -> {
+                        if (response === FullBulkStringRedisMessage.NULL_INSTANCE || response.content().readableBytes() == 0) {
+                            log.debug(ctx) {
+                                "Cache miss for key ${msg.key} on Redis"
+                            }
+                            sendMessageAndFlush(ctx, CacheValueNotFoundResponse(msg.key))
+                        } else {
+                            log.debug(ctx) {
+                                "Cache hit for key ${msg.key} on Redis"
+                            }
+                            val getRequest = InProgressGetRequest(msg.key, ctx)
+                            inProgressRequest = getRequest
+                            getRequest.processResponse(response.content())
+                            inProgressRequest = null
+                        }
+                    }
+
+                    is ErrorRedisMessage -> {
+                        this@RedisCacheHandler.exceptionCaught(
+                            ctx, RedisException("Redis error for GET ${msg.key}: ${response.content()}")
+                        )
+                    }
+
+                    else -> {
+                        log.warn(ctx) {
+                            "Unexpected response type from Redis for key ${msg.key}: ${response.javaClass.name}"
+                        }
+                        sendMessageAndFlush(ctx, CacheValueNotFoundResponse(msg.key))
+                    }
+                }
+            }
+
+            override fun exceptionCaught(ex: Throwable) {
+                this@RedisCacheHandler.exceptionCaught(ctx, ex)
+            }
+        }
+        client.sendCommand(keyBytes, ctx.alloc(), responseHandler).thenAccept { channel ->
+            log.trace(ctx) {
+                "Sending GET request for key ${msg.key} to Redis"
+            }
+            val cmd = buildRedisCommand(ctx.alloc(), "GET", keyString)
+            channel.writeAndFlush(cmd)
+        }
+    }
+
+    private fun handlePutRequest(ctx: ChannelHandlerContext, msg: CachePutRequest) {
+        val keyBytes = processCacheKey(msg.key, keyPrefix, digestAlgorithm)
+        val keyBuf = ctx.alloc().buffer().also {
+            it.writeBytes(keyBytes)
+        }
+        inProgressRequest = InProgressPutRequest(ctx.channel(), msg.metadata, msg.key, keyBuf, ctx.alloc())
+    }
+
+    private fun handleCacheContent(ctx: ChannelHandlerContext, msg: CacheContent) {
+        val request = inProgressRequest
+        when (request) {
+            is InProgressPutRequest -> {
+                log.trace(ctx) {
+                    "Received chunk of ${msg.content().readableBytes()} bytes for Redis"
+                }
+                request.write(msg.content())
+            }
+
+            is InProgressGetRequest -> {
+                msg.release()
+            }
+        }
+    }
+
+    private fun handleLastCacheContent(ctx: ChannelHandlerContext, msg: LastCacheContent) {
+        val request = inProgressRequest
+        when (request) {
+            is InProgressPutRequest -> {
+                inProgressRequest = null
+                log.trace(ctx) {
+                    "Received last chunk of ${msg.content().readableBytes()} bytes for Redis"
+                }
+                request.write(msg.content())
+                val keyBytes = processCacheKey(request.keyString, keyPrefix, digestAlgorithm)
+                val keyString = String(keyBytes, StandardCharsets.UTF_8)
+                val (payloadSize, payloadSource) = request.commit()
+
+                // Read the entire payload into a single ByteBuf for the SET command
+                val valueBuf = ctx.alloc().buffer(payloadSize)
+                payloadSource.use { source ->
+                    val bb = ByteBuffer.allocate(chunkSize)
+                    while (true) {
+                        val read = source.read(bb)
+                        if (read < 0) break
+                        bb.flip()
+                        valueBuf.writeBytes(bb)
+                        bb.clear()
+                    }
+                }
+
+                val expirySeconds = maxAge.toSeconds().toString()
+
+                val responseHandler = object : RedisResponseHandler {
+                    override fun responseReceived(response: RedisMessage) {
+                        when (response) {
+                            is SimpleStringRedisMessage -> {
+                                log.debug(ctx) {
+                                    "Inserted key ${request.keyString} into Redis"
+                                }
+                                sendMessageAndFlush(ctx, CachePutResponse(request.keyString))
+                            }
+
+                            is ErrorRedisMessage -> {
+                                this@RedisCacheHandler.exceptionCaught(
+                                    ctx, RedisException("Redis error for SET ${request.keyString}: ${response.content()}")
+                                )
+                            }
+
+                            else -> {
+                                this@RedisCacheHandler.exceptionCaught(
+                                    ctx, RedisException("Unexpected response for SET ${request.keyString}: ${response.javaClass.name}")
+                                )
+                            }
+                        }
+                    }
+
+                    override fun exceptionCaught(ex: Throwable) {
+                        this@RedisCacheHandler.exceptionCaught(ctx, ex)
+                    }
+                }
+
+                // Use a ByteBuf key for server selection
+                client.sendCommand(keyBytes, ctx.alloc(), responseHandler).thenAccept { channel ->
+                    log.trace(ctx) {
+                        "Sending SET request to Redis"
+                    }
+                    // Build SET key value EX seconds
+                    val cmd = buildRedisSetCommand(ctx.alloc(), keyString, valueBuf, expirySeconds)
+                    channel.writeAndFlush(cmd)
+                }.whenComplete { _, ex ->
+                    if (ex != null) {
+                        valueBuf.release()
+                        this@RedisCacheHandler.exceptionCaught(ctx, ex)
+                    }
+                }
+            }
+        }
+    }
+
+    override fun exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable) {
+        val request = inProgressRequest
+        when (request) {
+            is InProgressPutRequest -> {
+                inProgressRequest = null
+                request.rollback()
+            }
+
+            is InProgressGetRequest -> {
+                inProgressRequest = null
+                request.rollback()
+            }
+        }
+        super.exceptionCaught(ctx, cause)
+    }
+
+    private fun buildRedisCommand(alloc: ByteBufAllocator, vararg args: String): ArrayRedisMessage {
+        val children = args.map { arg ->
+            FullBulkStringRedisMessage(
+                alloc.buffer(arg.toByteArray(StandardCharsets.UTF_8))
+            )
+        }
+        return ArrayRedisMessage(children)
+    }
+
+    private fun ByteBufAllocator.buffer(bytes : ByteArray) = buffer().apply {
+        writeBytes(bytes)
+    }
+
+    private fun buildRedisSetCommand(
+        alloc: ByteBufAllocator,
+        key: String,
+        value: ByteBuf,
+        expirySeconds: String,
+    ): ArrayRedisMessage {
+        val children = listOf(
+            FullBulkStringRedisMessage(alloc.buffer("SET".toByteArray(StandardCharsets.UTF_8))),
+            FullBulkStringRedisMessage(alloc.buffer(key.toByteArray(StandardCharsets.UTF_8))),
+            FullBulkStringRedisMessage(value),
+            FullBulkStringRedisMessage(alloc.buffer("EX".toByteArray(StandardCharsets.UTF_8))),
+            FullBulkStringRedisMessage(alloc.buffer(expirySeconds.toByteArray(StandardCharsets.UTF_8))),
+        )
+        return ArrayRedisMessage(children)
+    }
+}

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/RedisCacheProvider.kt

@@ -0,0 +1,108 @@
+package net.woggioni.rbcs.server.redis
+
+import java.time.Duration
+import java.time.temporal.ChronoUnit
+
+import net.woggioni.rbcs.api.CacheProvider
+import net.woggioni.rbcs.api.exception.ConfigurationException
+import net.woggioni.rbcs.common.HostAndPort
+import net.woggioni.rbcs.common.RBCS
+import net.woggioni.rbcs.common.Xml
+import net.woggioni.rbcs.common.Xml.Companion.asIterable
+import net.woggioni.rbcs.common.Xml.Companion.renderAttribute
+
+import org.w3c.dom.Document
+import org.w3c.dom.Element
+
+
+class RedisCacheProvider : CacheProvider<RedisCacheConfiguration> {
+    override fun getXmlSchemaLocation() = "jpms://net.woggioni.rbcs.server.redis/net/woggioni/rbcs/server/redis/schema/rbcs-redis.xsd"
+
+    override fun getXmlType() = "redisCacheType"
+
+    override fun getXmlNamespace() = "urn:net.woggioni.rbcs.server.redis"
+
+    val xmlNamespacePrefix: String
+        get() = "rbcs-redis"
+
+    override fun deserialize(el: Element): RedisCacheConfiguration {
+        val servers = mutableListOf<RedisCacheConfiguration.Server>()
+        val maxAge = el.renderAttribute("max-age")
+            ?.let(Duration::parse)
+            ?: Duration.ofDays(1)
+        val compressionLevel = el.renderAttribute("compression-level")
+            ?.let(Integer::decode)
+            ?: -1
+        val compressionMode = el.renderAttribute("compression-mode")
+            ?.let {
+                when (it) {
+                    "deflate" -> RedisCacheConfiguration.CompressionMode.DEFLATE
+                    else -> RedisCacheConfiguration.CompressionMode.DEFLATE
+                }
+            }
+        val keyPrefix = el.renderAttribute("key-prefix")
+        val digestAlgorithm = el.renderAttribute("digest")
+        for (child in el.asIterable()) {
+            when (child.nodeName) {
+                "server" -> {
+                    val host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
+                    val port = child.renderAttribute("port")?.toInt() ?: throw ConfigurationException("port attribute is required")
+                    val maxConnections = child.renderAttribute("max-connections")?.toInt() ?: 1
+                    val connectionTimeout = child.renderAttribute("connection-timeout")
+                        ?.let(Duration::parse)
+                        ?.let(Duration::toMillis)
+                        ?.let(Long::toInt)
+                        ?: 10000
+                    val password = child.renderAttribute("password")
+                    servers.add(RedisCacheConfiguration.Server(HostAndPort(host, port), connectionTimeout, maxConnections, password))
+                }
+            }
+        }
+        return RedisCacheConfiguration(
+            servers,
+            maxAge,
+            keyPrefix,
+            digestAlgorithm,
+            compressionMode,
+            compressionLevel
+        )
+    }
+
+    override fun serialize(doc: Document, cache: RedisCacheConfiguration) = cache.run {
+        val result = doc.createElement("cache")
+        Xml.of(doc, result) {
+            attr("xmlns:${xmlNamespacePrefix}", xmlNamespace, namespaceURI = "http://www.w3.org/2000/xmlns/")
+            attr("xs:type", "${xmlNamespacePrefix}:$xmlType", RBCS.XML_SCHEMA_NAMESPACE_URI)
+            for (server in servers) {
+                node("server") {
+                    attr("host", server.endpoint.host)
+                    attr("port", server.endpoint.port.toString())
+                    server.connectionTimeoutMillis?.let { connectionTimeoutMillis ->
+                        attr("connection-timeout", Duration.of(connectionTimeoutMillis.toLong(), ChronoUnit.MILLIS).toString())
+                    }
+                    attr("max-connections", server.maxConnections.toString())
+                    server.password?.let { password ->
+                        attr("password", password)
+                    }
+                }
+
+            }
+            attr("max-age", maxAge.toString())
+            keyPrefix?.let {
+                attr("key-prefix", it)
+            }
+            digestAlgorithm?.let { digestAlgorithm ->
+                attr("digest", digestAlgorithm)
+            }
+            compressionMode?.let { compressionMode ->
+                attr(
+                    "compression-mode", when (compressionMode) {
+                        RedisCacheConfiguration.CompressionMode.DEFLATE -> "deflate"
+                    }
+                )
+            }
+            attr("compression-level", compressionLevel.toString())
+        }
+        result
+    }
+}

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/client/RedisClient.kt

@@ -0,0 +1,204 @@
+package net.woggioni.rbcs.server.redis.client
+
+import io.netty.bootstrap.Bootstrap
+import io.netty.buffer.ByteBufAllocator
+import io.netty.buffer.Unpooled
+import io.netty.channel.Channel
+import io.netty.channel.ChannelFactory
+import io.netty.channel.ChannelFutureListener
+import io.netty.channel.ChannelHandlerContext
+import io.netty.channel.ChannelOption
+import io.netty.channel.ChannelPipeline
+import io.netty.channel.EventLoopGroup
+import io.netty.channel.SimpleChannelInboundHandler
+import io.netty.channel.pool.AbstractChannelPoolHandler
+import io.netty.channel.pool.FixedChannelPool
+import io.netty.channel.socket.SocketChannel
+import io.netty.handler.codec.redis.ArrayRedisMessage
+import io.netty.handler.codec.redis.ErrorRedisMessage
+import io.netty.handler.codec.redis.FullBulkStringRedisMessage
+import io.netty.handler.codec.redis.RedisArrayAggregator
+import io.netty.handler.codec.redis.RedisBulkStringAggregator
+import io.netty.handler.codec.redis.RedisDecoder
+import io.netty.handler.codec.redis.RedisEncoder
+import io.netty.handler.codec.redis.RedisMessage
+import io.netty.util.concurrent.Future as NettyFuture
+import io.netty.util.concurrent.GenericFutureListener
+
+import java.io.IOException
+import java.net.InetSocketAddress
+import java.nio.charset.StandardCharsets
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.ConcurrentHashMap
+
+import net.woggioni.rbcs.common.HostAndPort
+import net.woggioni.rbcs.common.createLogger
+import net.woggioni.rbcs.common.trace
+import net.woggioni.rbcs.server.redis.RedisCacheConfiguration
+import net.woggioni.rbcs.server.redis.RedisCacheHandler
+
+
+class RedisClient(
+    private val servers: List<RedisCacheConfiguration.Server>,
+    private val chunkSize: Int,
+    private val group: EventLoopGroup,
+    private val channelFactory: ChannelFactory<SocketChannel>,
+    private val connectionPool: ConcurrentHashMap<HostAndPort, FixedChannelPool>,
+) : AutoCloseable {
+
+    private companion object {
+        private val log = createLogger<RedisCacheHandler>()
+    }
+
+    private fun newConnectionPool(server: RedisCacheConfiguration.Server): FixedChannelPool {
+        val bootstrap = Bootstrap().apply {
+            group(group)
+            channelFactory(channelFactory)
+            option(ChannelOption.SO_KEEPALIVE, true)
+            remoteAddress(InetSocketAddress(server.endpoint.host, server.endpoint.port))
+            server.connectionTimeoutMillis?.let {
+                option(ChannelOption.CONNECT_TIMEOUT_MILLIS, it)
+            }
+        }
+        val channelPoolHandler = object : AbstractChannelPoolHandler() {
+
+            override fun channelCreated(ch: Channel) {
+                val pipeline: ChannelPipeline = ch.pipeline()
+                pipeline.addLast(RedisEncoder())
+                pipeline.addLast(RedisDecoder())
+                pipeline.addLast(RedisBulkStringAggregator())
+                pipeline.addLast(RedisArrayAggregator())
+                server.password?.let { password ->
+                    // Send AUTH command synchronously on new connections
+                    val authCmd = buildCommand("AUTH", password)
+                    ch.writeAndFlush(authCmd).addListener(ChannelFutureListener { future ->
+                        if (!future.isSuccess) {
+                            ch.close()
+                        }
+                    })
+                    // Install a one-shot handler to consume the AUTH response
+                    pipeline.addLast(object : SimpleChannelInboundHandler<RedisMessage>() {
+                        override fun channelRead0(ctx: ChannelHandlerContext, msg: RedisMessage) {
+                            when (msg) {
+                                is ErrorRedisMessage -> {
+                                    ctx.close()
+                                }
+                                else -> {
+                                    // AUTH succeeded, remove this one-shot handler
+                                    ctx.pipeline().remove(this)
+                                }
+                            }
+                        }
+                    })
+                }
+            }
+        }
+        return FixedChannelPool(bootstrap, channelPoolHandler, server.maxConnections)
+    }
+
+    private fun buildCommand(vararg args: String): ArrayRedisMessage {
+        val children = args.map { arg ->
+            FullBulkStringRedisMessage(
+                Unpooled.wrappedBuffer(arg.toByteArray(StandardCharsets.UTF_8))
+            )
+        }
+        return ArrayRedisMessage(children)
+    }
+
+    fun sendCommand(
+        key: ByteArray,
+        alloc: ByteBufAllocator,
+        responseHandler: RedisResponseHandler,
+    ): CompletableFuture<Channel> {
+        val server = if (servers.size > 1) {
+            val keyBuffer = alloc.buffer(key.size)
+            keyBuffer.writeBytes(key)
+            var checksum = 0
+            while (keyBuffer.readableBytes() > 4) {
+                val byte = keyBuffer.readInt()
+                checksum = checksum xor byte
+            }
+            while (keyBuffer.readableBytes() > 0) {
+                val byte = keyBuffer.readByte()
+                checksum = checksum xor byte.toInt()
+            }
+            keyBuffer.release()
+            servers[Math.floorMod(checksum, servers.size)]
+        } else {
+            servers.first()
+        }
+
+        val response = CompletableFuture<Channel>()
+        val pool = connectionPool.computeIfAbsent(server.endpoint) {
+            newConnectionPool(server)
+        }
+        pool.acquire().addListener(object : GenericFutureListener<NettyFuture<Channel>> {
+            override fun operationComplete(channelFuture: NettyFuture<Channel>) {
+                if (channelFuture.isSuccess) {
+                    val channel = channelFuture.now
+                    var connectionClosedByTheRemoteServer = true
+                    val closeCallback = {
+                        if (connectionClosedByTheRemoteServer) {
+                            val ex = IOException("The Redis server closed the connection")
+                            val completed = response.completeExceptionally(ex)
+                            if (!completed) responseHandler.exceptionCaught(ex)
+                        }
+                    }
+                    val closeListener = ChannelFutureListener {
+                        closeCallback()
+                    }
+                    channel.closeFuture().addListener(closeListener)
+                    val pipeline = channel.pipeline()
+                    val handler = object : SimpleChannelInboundHandler<RedisMessage>(false) {
+
+                        override fun handlerAdded(ctx: ChannelHandlerContext) {
+                            channel.closeFuture().removeListener(closeListener)
+                        }
+
+                        override fun channelRead0(
+                            ctx: ChannelHandlerContext,
+                            msg: RedisMessage,
+                        ) {
+                            pipeline.remove(this)
+                            pool.release(channel)
+                            log.trace(channel) {
+                                "Channel released"
+                            }
+                            responseHandler.responseReceived(msg)
+                        }
+
+                        override fun channelInactive(ctx: ChannelHandlerContext) {
+                            closeCallback()
+                            ctx.fireChannelInactive()
+                        }
+
+                        override fun exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable) {
+                            connectionClosedByTheRemoteServer = false
+                            pipeline.remove(this)
+                            ctx.close()
+                            pool.release(channel)
+                            log.trace(channel) {
+                                "Channel released after exception"
+                            }
+                            responseHandler.exceptionCaught(cause)
+                        }
+                    }
+
+                    channel.pipeline().addLast(handler)
+                    response.complete(channel)
+                } else {
+                    response.completeExceptionally(channelFuture.cause())
+                }
+            }
+        })
+        return response
+    }
+
+    fun shutDown(): NettyFuture<*> {
+        return group.shutdownGracefully()
+    }
+
+    override fun close() {
+        shutDown().sync()
+    }
+}

rbcs-server-redis/src/main/kotlin/net/woggioni/rbcs/server/redis/client/RedisResponseHandler.kt

@@ -0,0 +1,10 @@
+package net.woggioni.rbcs.server.redis.client
+
+import io.netty.handler.codec.redis.RedisMessage
+
+interface RedisResponseHandler {
+
+    fun responseReceived(response: RedisMessage)
+
+    fun exceptionCaught(ex: Throwable)
+}

rbcs-server-redis/src/main/resources/META-INF/services/net.woggioni.rbcs.api.CacheProvider

@@ -0,0 +1 @@
+net.woggioni.rbcs.server.redis.RedisCacheProvider

rbcs-server-redis/src/main/resources/net/woggioni/rbcs/server/redis/schema/rbcs-redis.xsd

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<xs:schema targetNamespace="urn:net.woggioni.rbcs.server.redis"
+           xmlns:rbcs-redis="urn:net.woggioni.rbcs.server.redis"
+           xmlns:rbcs="urn:net.woggioni.rbcs.server"
+           xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+    <xs:import schemaLocation="jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd" namespace="urn:net.woggioni.rbcs.server"/>
+
+    <xs:complexType name="redisServerType">
+        <xs:attribute name="host" type="xs:token" use="required"/>
+        <xs:attribute name="port" type="xs:positiveInteger" use="required"/>
+        <xs:attribute name="connection-timeout" type="xs:duration"/>
+        <xs:attribute name="max-connections" type="xs:positiveInteger" default="1"/>
+        <xs:attribute name="password" type="xs:string" use="optional">
+            <xs:annotation>
+                <xs:documentation>
+                    Password for Redis AUTH command, used when the Redis server requires authentication
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+
+    <xs:complexType name="redisCacheType">
+        <xs:complexContent>
+            <xs:extension base="rbcs:cacheType">
+                <xs:sequence maxOccurs="unbounded">
+                    <xs:element name="server" type="rbcs-redis:redisServerType"/>
+                </xs:sequence>
+                <xs:attribute name="max-age" type="xs:duration" default="P1D"/>
+                <xs:attribute name="chunk-size" type="rbcs:byteSizeType" default="0x10000"/>
+                <xs:attribute name="key-prefix" type="xs:string" use="optional">
+                    <xs:annotation>
+                        <xs:documentation>
+                            Prepend this string to all the keys inserted in Redis,
+                            useful in case the caching backend is shared with other applications
+                        </xs:documentation>
+                    </xs:annotation>
+                </xs:attribute>
+                <xs:attribute name="digest" type="xs:token"/>
+                <xs:attribute name="compression-mode" type="rbcs-redis:compressionType"/>
+                <xs:attribute name="compression-level" type="rbcs:compressionLevelType" default="-1"/>
+            </xs:extension>
+        </xs:complexContent>
+    </xs:complexType>
+
+    <xs:simpleType name="compressionType">
+        <xs:restriction base="xs:token">
+            <xs:enumeration value="deflate"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+</xs:schema>

rbcs-server/build.gradle

@@ -12,6 +12,7 @@ dependencies {
     implementation catalog.netty.handler
     implementation catalog.netty.buffer
     implementation catalog.netty.transport
+    implementation catalog.netty.codec.haproxy
 
     api project(':rbcs-common')
     api project(':rbcs-api')
@@ -23,6 +24,7 @@ dependencies {
     testImplementation catalog.bcpkix.jdk18on
 
     testRuntimeOnly project(":rbcs-server-memcache")
+    testRuntimeOnly project(":rbcs-server-redis")
 }
 
 test {

rbcs-server/src/main/java/module-info.java

@@ -16,6 +16,7 @@ module net.woggioni.rbcs.server {
     requires io.netty.buffer;
     requires io.netty.common;
     requires io.netty.codec;
+    requires io.netty.codec.haproxy;
     requires org.slf4j;
 
     exports net.woggioni.rbcs.server;

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/RemoteBuildCacheServer.kt

@@ -20,6 +20,7 @@ import io.netty.channel.socket.nio.NioDatagramChannel
 import io.netty.channel.socket.nio.NioServerSocketChannel
 import io.netty.channel.socket.nio.NioSocketChannel
 import io.netty.handler.codec.compression.CompressionOptions
+import io.netty.handler.codec.haproxy.HAProxyMessageDecoder
 import io.netty.handler.codec.http.DefaultHttpContent
 import io.netty.handler.codec.http.HttpContentCompressor
 import io.netty.handler.codec.http.HttpDecoderConfig
@@ -57,6 +58,7 @@ import javax.net.ssl.SSLPeerUnverifiedException
 import net.woggioni.rbcs.api.AsyncCloseable
 import net.woggioni.rbcs.api.Configuration
 import net.woggioni.rbcs.api.exception.ConfigurationException
+import net.woggioni.rbcs.common.Cidr
 import net.woggioni.rbcs.common.PasswordSecurity.decodePasswordHash
 import net.woggioni.rbcs.common.PasswordSecurity.hashPassword
 import net.woggioni.rbcs.common.RBCS.getTrustManager
@@ -73,6 +75,7 @@ import net.woggioni.rbcs.server.configuration.Parser
 import net.woggioni.rbcs.server.configuration.Serializer
 import net.woggioni.rbcs.server.exception.ExceptionHandler
 import net.woggioni.rbcs.server.handler.MaxRequestSizeHandler
+import net.woggioni.rbcs.server.handler.ProxyProtocolHandler
 import net.woggioni.rbcs.server.handler.ReadTriggerDuplexHandler
 import net.woggioni.rbcs.server.handler.ServerHandler
 import net.woggioni.rbcs.server.throttling.BucketManager
@@ -85,6 +88,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
 
         val userAttribute: AttributeKey<Configuration.User> = AttributeKey.valueOf("user")
         val groupAttribute: AttributeKey<Set<Configuration.Group>> = AttributeKey.valueOf("group")
+        val clientIp: AttributeKey<InetSocketAddress> = AttributeKey.valueOf("client-ip")
 
         val DEFAULT_CONFIGURATION_URL by lazy { "jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/rbcs-default.xml".toUrl() }
         private const val SSL_HANDLER_NAME = "sslHandler"
@@ -234,6 +238,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                             else ClientAuth.OPTIONAL
                         } ?: ClientAuth.NONE
                         clientAuth(clientAuth)
+
                     }.build()
                 }
             }
@@ -259,6 +264,9 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
             else -> null
         }
 
+        private val proxyProtocolEnabled: Boolean = cfg.isProxyProtocolEnabled
+        private val trustedProxyIPs: List<Cidr> = cfg.trustedProxyIPs
+
         private val sslContext: SslContext? = cfg.tls?.let(Companion::createSslCtx)
 
         private fun userExtractor(authentication: Configuration.ClientCertificateAuthentication) =
@@ -290,6 +298,7 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
             }
 
         override fun initChannel(ch: Channel) {
+            ch.attr(clientIp).set(ch.remoteAddress() as InetSocketAddress)
             log.debug {
                 "Created connection ${ch.id().asShortText()} with ${ch.remoteAddress()}"
             }
@@ -338,6 +347,10 @@ class RemoteBuildCacheServer(private val cfg: Configuration) {
                     }
                 }
             })
+            if(proxyProtocolEnabled) {
+                pipeline.addLast(HAProxyMessageDecoder())
+                pipeline.addLast(ProxyProtocolHandler(trustedProxyIPs))
+            }
             sslContext?.newHandler(ch.alloc())?.also {
                 pipeline.addLast(SSL_HANDLER_NAME, it)
             }

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/auth/Authenticator.kt

@@ -72,5 +72,4 @@ abstract class AbstractNettyHttpAuthenticator(private val authorizer: Authorizer
         ReferenceCountUtil.release(msg)
         ctx.writeAndFlush(NOT_AUTHORIZED.retainedDuplicate()).addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
     }
-
 }

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/cache/InMemoryCacheHandler.kt

@@ -2,8 +2,6 @@ package net.woggioni.rbcs.server.cache
 
 import io.netty.buffer.ByteBuf
 import io.netty.channel.ChannelHandlerContext
-import java.io.ByteArrayInputStream
-import java.io.ByteArrayOutputStream
 import java.util.zip.Deflater
 import java.util.zip.DeflaterOutputStream
 import java.util.zip.InflaterOutputStream

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Parser.kt

@@ -16,6 +16,7 @@ import net.woggioni.rbcs.api.Configuration.TrustStore
 import net.woggioni.rbcs.api.Configuration.User
 import net.woggioni.rbcs.api.Role
 import net.woggioni.rbcs.api.exception.ConfigurationException
+import net.woggioni.rbcs.common.Cidr
 import net.woggioni.rbcs.common.Xml.Companion.asIterable
 import net.woggioni.rbcs.common.Xml.Companion.renderAttribute
 import org.w3c.dom.Document
@@ -38,6 +39,8 @@ object Parser {
         var cache: Cache? = null
         var host = "127.0.0.1"
         var port = 11080
+        var proxyProtocolEnabled = false
+        var trustedProxies = emptyList<Cidr>()
         var users: Map<String, User> = mapOf(anonymousUser.name to anonymousUser)
         var groups = emptyMap<String, Group>()
         var tls: Tls? = null
@@ -98,9 +101,23 @@ object Parser {
                 "bind" -> {
                     host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
                     port = Integer.parseInt(child.renderAttribute("port"))
+                    proxyProtocolEnabled = child.renderAttribute("proxy-protocol")
+                        ?.let(String::toBoolean) ?: false
                     incomingConnectionsBacklogSize = child.renderAttribute("incoming-connections-backlog-size")
                         ?.let(Integer::parseInt)
                         ?: 1024
+
+                    for(grandChild in child.asIterable()) {
+                        when(grandChild.localName) {
+                            "trusted-proxies" -> {
+                                trustedProxies = parseTrustedProxies(grandChild)
+                            }
+                        }
+                    }
+                    child.asIterable().filter {
+                        it.localName == "trusted-proxies"
+                    }.firstOrNull()?.let(::parseTrustedProxies)
+
                 }
 
                 "cache" -> {
@@ -195,6 +212,8 @@ object Parser {
         return Configuration.of(
             host,
             port,
+            proxyProtocolEnabled,
+            trustedProxies,
             incomingConnectionsBacklogSize,
             serverPath,
             eventExecutor,
@@ -217,6 +236,15 @@ object Parser {
         }
     }.toSet()
 
+    private fun parseTrustedProxies(root: Element) = root.asIterable().asSequence().map {
+        when (it.localName) {
+            "allow" -> it.renderAttribute("cidr")
+                ?.let(Cidr::from)
+                ?: throw ConfigurationException("Missing 'cidr' attribute")
+            else -> throw ConfigurationException("Unrecognized tag '${it.localName}'")
+        }
+    }.toList()
+
     private fun parseUserRefs(root: Element) = root.asIterable().asSequence().map {
         when (it.localName) {
             "user" -> it.renderAttribute("ref")

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/configuration/Serializer.kt

@@ -33,6 +33,17 @@ object Serializer {
                 attr("host", conf.host)
                 attr("port", conf.port.toString())
                 attr("incoming-connections-backlog-size", conf.incomingConnectionsBacklogSize.toString())
+                attr("proxy-protocol", conf.isProxyProtocolEnabled.toString())
+
+                if (conf.trustedProxyIPs.isNotEmpty()) {
+                    node("trusted-proxies") {
+                        for(trustedProxy in conf.trustedProxyIPs) {
+                            node("allow") {
+                                attr("cidr", trustedProxy.toString())
+                            }
+                        }
+                    }
+                }
             }
             node("connection") {
                 conf.connection.let { connection ->

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/handler/ProxyProtocolHandler.kt

@@ -0,0 +1,47 @@
+package net.woggioni.rbcs.server.handler
+
+import io.netty.channel.ChannelHandlerContext
+import io.netty.channel.SimpleChannelInboundHandler
+import io.netty.handler.codec.haproxy.HAProxyMessage
+import java.net.InetAddress
+import java.net.InetSocketAddress
+import net.woggioni.rbcs.common.Cidr
+import net.woggioni.rbcs.common.createLogger
+import net.woggioni.rbcs.common.trace
+import net.woggioni.rbcs.server.RemoteBuildCacheServer
+
+
+class ProxyProtocolHandler(private val trustedProxyIPs : List<Cidr>) : SimpleChannelInboundHandler<HAProxyMessage>() {
+
+    companion object {
+        private val log = createLogger<ProxyProtocolHandler>()
+    }
+
+    override fun channelRead0(
+        ctx: ChannelHandlerContext,
+        msg: HAProxyMessage
+    ) {
+        val sourceAddress = ctx.channel().remoteAddress()
+        if (sourceAddress is InetSocketAddress &&
+            trustedProxyIPs.isEmpty() ||
+            trustedProxyIPs.any { it.contains((sourceAddress as InetSocketAddress).address) }.also {
+                if(!it && log.isTraceEnabled) {
+                    log.trace {
+                        "Received a proxied connection request from $sourceAddress which is not a trusted proxy address, " +
+                                "the proxy server address will be used instead"
+                    }
+                }
+            }) {
+            val proxiedClientAddress = InetSocketAddress(
+                InetAddress.ofLiteral(msg.sourceAddress()),
+                msg.sourcePort()
+            )
+            if(log.isTraceEnabled) {
+                log.trace {
+                    "Received proxied connection request from $sourceAddress forwarded for $proxiedClientAddress"
+                }
+            }
+            ctx.channel().attr(RemoteBuildCacheServer.clientIp).set(proxiedClientAddress)
+        }
+    }
+}

rbcs-server/src/main/kotlin/net/woggioni/rbcs/server/throttling/ThrottlingHandler.kt

@@ -197,7 +197,8 @@ class ThrottlingHandler(
             }
         }
         if (user == null && groups.isEmpty()) {
-            bucketManager.getBucketByAddress(ctx.channel().remoteAddress() as InetSocketAddress)?.let(buckets::add)
+            val clientAddress = ctx.channel().attr<InetSocketAddress>(RemoteBuildCacheServer.clientIp).get()
+            bucketManager.getBucketByAddress(clientAddress)?.let(buckets::add)
         }
 
         var nextAttempt = -1L

rbcs-server/src/main/resources/net/woggioni/rbcs/server/schema/rbcs-server.xsd

@@ -62,6 +62,9 @@
     </xs:complexType>
 
     <xs:complexType name="bindType">
+        <xs:sequence minOccurs="0">
+            <xs:element name="trusted-proxies" type="rbcs:trustedProxiesType"/>
+        </xs:sequence>
         <xs:attribute name="host" type="xs:token" use="required">
             <xs:annotation>
                 <xs:documentation>Server bind address</xs:documentation>
@@ -72,6 +75,12 @@
                 <xs:documentation>Server port number</xs:documentation>
             </xs:annotation>
         </xs:attribute>
+        <xs:attribute name="proxy-protocol" type="xs:boolean" use="optional">
+            <xs:annotation>
+                <xs:documentation>Enable proxy protocol</xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
+
         <xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024">
             <xs:annotation>
                 <xs:documentation>
@@ -83,6 +92,16 @@
         </xs:attribute>
     </xs:complexType>
 
+    <xs:complexType name="trustedProxiesType">
+        <xs:sequence minOccurs="0">
+            <xs:element name="allow" type="rbcs:allowType" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="allowType">
+        <xs:attribute name="cidr" type="rbcs:cidr"/>
+    </xs:complexType>
+
     <xs:complexType name="connectionType">
         <xs:attribute name="idle-timeout" type="xs:duration" use="optional" default="PT30S">
             <xs:annotation>
@@ -681,4 +700,20 @@
         </xs:restriction>
     </xs:simpleType>
 
+    <xs:simpleType name="cidrIPv4">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(3[0-2]|[12]?[0-9])" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="cidrIPv6">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(:([0-9A-Fa-f]{1,4}){1,7}|:)))(%[\p{L}\p{N}_-]+)?\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="cidr">
+        <xs:union memberTypes="rbcs:cidrIPv4 rbcs:cidrIPv6" />
+    </xs:simpleType>
+
 </xs:schema>

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/AbstractBasicAuthServerTest.kt

@@ -34,6 +34,8 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
         cfg = Configuration.of(
             "127.0.0.1",
             getFreePort(),
+            false,
+            emptyList(),
             50,
             serverPath,
             Configuration.EventExecutor(false),

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/AbstractTlsServerTest.kt

@@ -140,6 +140,9 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
         cfg = Configuration(
             "127.0.0.1",
             getFreePort(),
+            false,
+            emptyList(),
+
             100,
             serverPath,
             Configuration.EventExecutor(false),

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/ConfigurationTest.kt

@@ -21,6 +21,8 @@ class ConfigurationTest {
             "classpath:net/woggioni/rbcs/server/test/valid/rbcs-memcached.xml",
             "classpath:net/woggioni/rbcs/server/test/valid/rbcs-tls.xml",
             "classpath:net/woggioni/rbcs/server/test/valid/rbcs-memcached-tls.xml",
+            "classpath:net/woggioni/rbcs/server/test/valid/rbcs-redis.xml",
+            "classpath:net/woggioni/rbcs/server/test/valid/rbcs-redis-tls.xml",
         ]
     )
     @ParameterizedTest

rbcs-server/src/test/kotlin/net/woggioni/rbcs/server/test/NoAuthServerTest.kt

@@ -34,6 +34,8 @@ class NoAuthServerTest : AbstractServerTest() {
         cfg = Configuration(
             "127.0.0.1",
             getFreePort(),
+            false,
+            emptyList(),
             100,
             serverPath,
             Configuration.EventExecutor(false),

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-default.xml

@@ -2,7 +2,13 @@
 <rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:rbcs="urn:net.woggioni.rbcs.server"
              xs:schemaLocation="urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd">
-    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="22"/>
+    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="22" proxy-protocol="true">
+        <trusted-proxies>
+            <allow cidr="192.168.0.11/32"/>
+            <allow cidr="::1/128"/>
+            <allow cidr="fda7:9b54:5678::2f9/128"/>
+        </trusted-proxies>
+    </bind>
     <connection
             read-idle-timeout="PT10M"
             write-idle-timeout="PT11M"

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-redis-tls.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:rbcs="urn:net.woggioni.rbcs.server"
+             xmlns:rbcs-redis="urn:net.woggioni.rbcs.server.redis"
+             xs:schemaLocation="urn:net.woggioni.rbcs.server.redis jpms://net.woggioni.rbcs.server.redis/net/woggioni/rbcs/server/redis/schema/rbcs-redis.xsd urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd"
+>
+    <bind host="0.0.0.0" port="8443" incoming-connections-backlog-size="4096"/>
+    <connection
+            max-request-size="67108864"
+            idle-timeout="PT30S"
+            read-idle-timeout="PT60S"
+            write-idle-timeout="PT60S"
+            chunk-size="123"/>
+    <event-executor use-virtual-threads="true"/>
+    <rate-limiter delay-response="false" message-buffer-size="12000" max-queued-messages="53"/>
+    <cache xs:type="rbcs-redis:redisCacheType" max-age="P7D" key-prefix="some-prefix-string">
+        <server host="redis-server" port="6379" password="secret123"/>
+    </cache>
+    <authorization>
+        <users>
+            <user name="woggioni">
+                <quota calls="1000" period="PT1S"/>
+            </user>
+            <user name="gitea">
+                <quota calls="10" period="PT1S" initial-available-calls="100" max-available-calls="100"/>
+            </user>
+            <anonymous>
+                <quota calls="2" period="PT5S"/>
+            </anonymous>
+        </users>
+        <groups>
+            <group name="writers">
+                <users>
+                    <user ref="woggioni"/>
+                    <user ref="gitea"/>
+                </users>
+                <roles>
+                    <reader/>
+                    <writer/>
+                </roles>
+            </group>
+        </groups>
+    </authorization>
+    <authentication>
+        <client-certificate>
+            <user-extractor attribute-name="CN" pattern="(.*)"/>
+        </client-certificate>
+    </authentication>
+    <tls>
+        <keystore file="/home/luser/ssl/rbcs.woggioni.net.pfx" key-alias="rbcs.woggioni.net" password="KEYSTORE_PASSWOR" key-password="KEY_PASSWORD"/>
+        <truststore file="/home/luser/ssl/woggioni.net.pfx" check-certificate-status="false" password="TRUSTSTORE_PASSWORD"/>
+    </tls>
+</rbcs:server>

rbcs-server/src/test/resources/net/woggioni/rbcs/server/test/valid/rbcs-redis.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<rbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:rbcs="urn:net.woggioni.rbcs.server"
+             xmlns:rbcs-redis="urn:net.woggioni.rbcs.server.redis"
+             xs:schemaLocation="urn:net.woggioni.rbcs.server.redis jpms://net.woggioni.rbcs.server.redis/net/woggioni/rbcs/server/redis/schema/rbcs-redis.xsd urn:net.woggioni.rbcs.server jpms://net.woggioni.rbcs.server/net/woggioni/rbcs/server/schema/rbcs-server.xsd">
+    <bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="50"/>
+    <connection
+            read-idle-timeout="PT10M"
+            write-idle-timeout="PT11M"
+            idle-timeout="PT30M"
+            max-request-size="101325"
+            chunk-size="456"/>
+    <event-executor use-virtual-threads="false"/>
+    <rate-limiter delay-response="true" message-buffer-size="65432" max-queued-messages="21"/>
+    <cache xs:type="rbcs-redis:redisCacheType" max-age="P7D" key-prefix="some-prefix-string" digest="SHA-256" compression-mode="deflate" compression-level="7">
+        <server host="127.0.0.1" port="6379" max-connections="10" connection-timeout="PT20S"/>
+    </cache>
+    <authentication>
+        <none/>
+    </authentication>
+</rbcs:server>

settings.gradle

@@ -1,16 +1,5 @@
 pluginManagement {
     repositories {
-//        mavenLocal {
-//            content {
-//                includeGroup 'net.woggioni.gradle'
-//                includeGroup 'net.woggioni.gradle.jpms-check'
-//                includeGroup 'net.woggioni.gradle.lombok'
-//                includeGroup 'net.woggioni.gradle.jdeps'
-//                includeGroup 'net.woggioni.gradle.sambal'
-//                includeGroup 'net.woggioni.gradle.graalvm.jlink'
-//                includeGroup 'net.woggioni.gradle.graalvm.native-image'
-//            }
-//        }
         maven {
             url = getProperty('gitea.maven.url')
         }
@@ -30,8 +19,6 @@ dependencyResolutionManagement {
     versionCatalogs {
         catalog {
             from group: 'com.lys', name: 'lys-catalog', version: getProperty('lys.version')
-//            version('my-gradle-plugins', '2025.04.16')
-//            version('junit', '5.12.0')
         }
     }
 }
@@ -41,9 +28,9 @@ rootProject.name = 'rbcs'
 include 'rbcs-api'
 include 'rbcs-common'
 include 'rbcs-server-memcache'
+include 'rbcs-server-redis'
 include 'rbcs-cli'
 include 'rbcs-client'
 include 'rbcs-server'
 include 'rbcs-servlet'
 include 'docker'
-//include 'bug'