A general purpose HTTP reverse proxy and forwarding tool. Now written in Go!
AGPL-3.0 License
Bot releases are hidden (Show)
This update mainly fixed the ovh DNS challenge field generator bug and header bug when using NextCloud in container.
As a side notes, if you really want to use domain names as proxy target and you have a private DNS server, use .local
(mDNS style), .internal
(docker style) or .home.arpa.
(RFC 8375) as your domain name TLD for internal service. This can help Zoraxy to understand and automatically rewrite headers for internal networking instead of external one and prevent HTTP_HOST
rewrite errors.
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some features are missing from this build due to library & compiler limitations. This version is purely here to support legacy device and might be dropped anytime soon. Please consider to upgrade your server to a new version of Windows.
HTTP_HOST
#164Published by tobychui 5 months ago
This release tidied up the contribution by @Teifun2 and added a new way to generate DNS challenge based certificate (e.g. wildcards) from Let's Encrypt without changing any environment variables. This also fixes a few previous ACME module EAB settings bug related to concurrent save.
You can find the DNS challenge settings under TLS / SSL > ACME snippet > Generate New Certificate > (Check the "Use a DNS Challenge" checkbox)
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some DNS challenge provider like cpanel and mailinabox are missing from this build due to library & compiler limitations.
Thanks for all the contributors and developers involved testing out the DNS challenge feature ๐๐๐
Published by tobychui 6 months ago
This update primarily contains bug fixes for many of the issues introduced due to the new implementation of the access filter rule system.
For users using SMTP with older versions, you might need to update the settings by moving the domains (the part after @ in the username and domain setup field) into the username field.
Published by tobychui 6 months ago
This updates added the new alias hostname function as well as rewritten the access rule set to support per Proxy Hostname access filter architecture.
To use the alias hostname during creating a new Proxy Rule, use comma to separate the different hostname. Wildcards are also supported in the alias hostname. Here is an example.
main.example.com,*.main.example.com,alias.example.com
You can also find the alias hostname editor in the HTTP Proxy list (Edit mode)
Windows 7 support was restored due to my test bench is still running Windows 7 and I am too busy to upgrade it. If you are still using a Windows 7 machine, you can use the zoraxy_windows_amd64_NT6_1.exe
executable. Note that Windows 7 support might be discontinued anytime and as it is build with older version of Go compiler, it might also come with some minor security issues.
domain
field in json config #120Published by tobychui 7 months ago
This update fixed a few minor bugs from the v3 big updates.
Published by tobychui 8 months ago
This is a big rewrite of the original Zoraxy v2 proxy core for covering more real-life use cases based on feedback from issues.
IMPORTANT NOTES
Zoraxy v3 host rules are not compatible with v2, which the "Backup & Restore" feature is also not compatible. Please start a new installation from scratch if you are currently using Zoraxy v2.
More Screenshots
Published by tobychui 11 months ago
This version fixes bug in 2.6.7 and added "Allow plain HTTP access" options for force TLS per domain
The function is named "allow plain HTTP access" which is hidden under the advance setting tab. in "Create proxy rule" or the proxy rule inline edit interface. Once this option is enable, the subdomain defined in the rule can be accessed via plain HTTP and HTTPS.
This function is only usable with the following options enabled
Published by tobychui about 1 year ago
This version fixes bug in 2.6.6 and added the static web server features
To add templates to black / whitelist, create a html file under the blacklist / whitelist folder. By default, the templates should be placed at the following paths.
./www/templates/blacklist.html
./www/templates/whitelist.html
If the template is not found, the build in one will be used.
Web directory can only be changed via startup parameter -webroot
due to security reasons. You can manage your web directory and perform some basic file operations like rename, upload, download, copy / cut and delete via the web directory manager which is basically a trim down version of the ArozOS File Manager.
If you do not want to expose your web directory to the web interface due to security concerns, use -webfm=false in your startup parameter to disable the feature. This will disable all api related to the file manager in the back-end server.
Published by tobychui about 1 year ago
This version fixes some bugs in 2.6.5 and added a few minor new features.
By @daluntw
Zoraxy will try to resolve and store the visitors country of origin in its statistic collector. As requested by users regarding the memory usage issue, we added a low speed mode for GeoIP lookup logic to reduce memory usage by space time tradeoff. The low speed mode (default mode) of GeoIP lookup will slow down each request by around 6ms, which is not significant in homelab / self hosting environment. However, if you plan to use Zoraxy in production environment, you can enable to high speed mode by using -fastgeoip=true
. We also optimized the high speed mode data structure so it now use around 600 - 700MB of RAM instead of 1.2GB. If your server have that capacity to run in high speed mode, we generally recommend using high speed mode for better user experience.
A quick patch has been applied to the binary and fixed a minor UI bug that causes the backend to generate stating certificates (See issue #61 ). If you are using old version of v2.6.6, it is recommend that you download the new binary and overwrite the old one.
Published by tobychui over 1 year ago
This is a beta testing build for Zoraxy and already been using in my homelab environment. You can try to deploy this to your production environment at your own risk.
IMPORTANT NOTES BEFORE UPDATE
The config files are moved to the following folders in this update. You can backup the old folders and restore them in the location below if you are too lazy to set it up again.
conf/*.conf -> conf/proxy/*.conf
certs/ -> conf/certs/
rules/redirect/ -> conf/redirect/
authtoken.secret -> conf/authtoken.secret
rules/acme_conf.json -> conf/acme_conf.json
Update 25 Aug 2023
For those who are using docker, here is a message from @PassiveLemon
Breaking Changes:
File structure change requires you to update the volume mount for the configurations. It should be changed to `/opt/zoraxy/config/`
The management port is no longer changeable. This is to allow for a healthcheck.
Changes:
Healthcheck was added. See breaking changes above.
Notifier was removed.
VERSION variable is no longer configurable.
The runtime memory usage of this build should be around 1.2GB which is normal and not memory leak. We are still trying to figure out a way to reduce runtime RAM usage while keeping the web interface embedded. Ideas and PR are always welcomed!
Published by tobychui over 1 year ago
IMPORTANT NOTES BEFORE UPDATE
If you are updating from 2.6.3, your redirection rules will be gone. Please make a backup for all the json files inside rules/(rule_names).json and restore it later after update to rules/redirect/(rule_names).json
As there are many screwed up anti-virus software complains UPX compression, the upx compression workflow was removed from the build process. If you need to deploy Zoraxy on embedded machines, it is still recommend that you compress the binary with upx to save some spaces.
Published by tobychui over 1 year ago
From this version onward, releases are compressed by upx to save spaces on embedded devices (except riscv64 builds, seems upx doesn't support it yet)
Published by tobychui over 1 year ago
Change Log
Remarks
TCP Proxy is currently tested with HTTP / HTTPS proxy and Minecraft only.
If you encounter issues with the implementation, please ping @cw1997 to help fix it as I reference the design (aka copy) of the TCP proxy features from here
Published by tobychui over 1 year ago
Change Log
Published by tobychui over 1 year ago
Experimental preview of the zoraxy 2.5 nightly
DO NOT USE IN PRODUCTION
Published by tobychui over 1 year ago
Experimental preview of the zoraxy 2.4 nightly
DO NOT USE IN PRODUCTION
Published by tobychui over 1 year ago
Experimental preview of the zoraxy 2.3 nightly
DO NOT USE IN PRODUCTION
Published by tobychui over 1 year ago
Experimental preview of the zoraxy 2.2 nightly
DO NOT USE IN PRODUCTION