One binary.
Your entire
ingress stack.

Dwaar replaces nginx + Plausible + fail2ban + certbot with a single process. Built on Cloudflare's Pingora.

6 MBRSS under load (bare)

67Kreq/s

8.5xless memory than nginx

~8 nsroute lookup

Three lines. Done.

No YAML. No JSON. No 200-line nginx.conf.
Write what you mean, Dwaar handles the rest —
TLS certificates, OCSP stapling, HTTP/3, compression.

Dwaarfile

example.com {
    reverse_proxy localhost:8080
}

api.example.com {
    reverse_proxy {
        to         backend1:3000 backend2:3000
        lb_policy  least_conn
        health_uri /healthz
    }
    rate_limit 100/s
    encode     gzip zstd br
}

Before

nginx 1.27 51 MB
Plausible Analytics ~200 MB
fail2ban ~30 MB
certbot ~15 MB

~296 MB, 4 processes

After

dwaar

One process. Everything included.

Built in, not bolted on

Automatic HTTPS

Let's Encrypt + Google Trust. HTTP-01, DNS-01. OCSP stapling. Zero config.

First-Party Analytics

Same-origin injection. HyperLogLog visitors, Web Vitals, TopK pages. ~30 KB/domain.

Pingora Engine

Cloudflare's framework. Lock-free routing, zero-copy buffers, jemalloc.

Security Suite

Rate limiting, bot detection, IP filtering, security headers, forward auth.

WASM Plugins

Extend in any language that compiles to WebAssembly. Sandboxed.

Kubernetes Native

Ingress controller. Leader election. Helm chart. Drop-in replacement.

HTTP/3

QUIC transport. 0-RTT resumption. Multiplexed streams.

Structured Logging

22+ field JSON. Batch-written. File rotation, Unix socket.

Docker Discovery

Auto-discover backends from container labels. Zero-config.

Install

shell curl -fsSL https://dwaar.dev/install.sh | sh

apt sudo apt install dwaar

docker docker run -p 443:443 ghcr.io/permanu/dwaar

brew brew install permanu/dwaar/dwaar

Ready?

Read the docs

One binary.Your entireingress stack.