https://github.com/tobychui/zoraxy

General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!

Zoraxy v3 HTTP proxy config is not compatible with the older v2. If you are looking for the legacy version of Zoraxy, take a look at the v2 branch

Features

• Simple to use interface with detail in-system instructions
• Reverse Proxy (HTTP/2)
  • Virtual Directory
  • WebSocket Proxy (automatic, no set-up needed)
  • Basic Auth
  • Alias Hostnames
  • Custom Headers
• Redirection Rules
• TLS / SSL setup and deploy
  • ACME features like auto-renew to serve your sites in https
  • SNI support (and SAN certs)
• Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
• Global Area Network Controller Web UI (ZeroTier not included)
• TCP Tunneling / Proxy
• Integrated Up-time Monitor
• Web-SSH Terminal
• Utilities
  • CIDR IP converters
  • mDNS Scanner
  • IP Scanner
• Others
  • Basic single-admin management mode
  • External permission management system for easy system integration
  • SMTP config for password reset

Downloads

Windows /Linux (amd64) /Linux (arm64)

For other systems or architectures, please see Release

Build from Source

Requires Go 1.22 or higher

git clone https://github.com/tobychui/zoraxy
cd ./zoraxy/src/
go mod tidy
go build

sudo ./zoraxy -port=:8000

Usage

Zoraxy provides basic authentication system for standalone mode. To use it in standalone mode, follow the instructionss below for your desired deployment platform.

Standalone Mode

Standalone mode is the default mode for Zoraxy. This allows a single account to manage your reverse proxy server, just like a home router. This mode is suitable for new owners to homelabs or makers starting growing their web services into multiple servers.

Linux

sudo ./zoraxy -port=:8000

Windows

Download the binary executable and double click the binary file to start it.

Raspberry Pi

The installation method is same as Linux. If you are using a Raspberry Pi 4 or newer models, pick the arm64 release. For older version of Pis, use the arm (armv6) version instead.

Other ARM SBCs or Android phone with Termux

The installation method is same as Linux. For other ARM SBCs, please refer to your SBC’s CPU architecture and pick the one that is suitable for your device.

Docker

See the /docker folder for more details.

Start Paramters

Usage of zoraxy:
  -autorenew int
        ACME auto TLS/SSL certificate renew check interval (seconds) (default 86400)
  -fastgeoip
        Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)
  -info
        Show information about this program in JSON
  -log
        Log terminal output to file (default true)
  -mdns
        Enable mDNS scanner and transponder (default true)
  -noauth
        Disable authentication for management interface
  -port string
        Management web interface listening port (default ":8000")
  -sshlb
        Allow loopback web ssh connection (DANGER)
  -version
        Show version of this server
  -webfm
        Enable web file manager for static web server root folder (default true)
  -webroot string
        Static web server root folder. Only allow chnage in start paramters (default "./www")
  -ztauth string
        ZeroTier authtoken for the local node
  -ztport int
        ZeroTier controller API port (default 9993)

External Permission Management Mode

If you already have an upstream reverse proxy server in place with permission management, you can use Zoraxy in noauth mode. To enable noauth mode, start Zoraxy with the following flag:

./zoraxy -noauth=true

Note: For security reaons, you should only enable no-auth if you are running Zoraxy in a trusted environment or with another authentication management proxy in front.