mirror of
https://github.com/yusing/godoxy.git
synced 2026-05-25 01:00:00 -05:00
Yuzerion
5c7838bbfe
* feat(entrypoint): multiplex HTTPS TCP routes by TLS SNI with tls_termination Add an SNI router on the shared HTTPS listener that inspects TLS ClientHello SNI, matches TCP routes by alias while honoring domain filters, and either forwards TLS end-to-end without termination or terminates with autocert before plaintext upstream relay when tls_termination is enabled. Wire TCPTCPStream and idlewatcher through ConnProxy.ProxyConn instead of inline handlers. Validate tls_termination for TCP schemes only and refresh README and config examples. Bump internal/go-oidc submodule. * fix(entrypoint,route): align SNI shared HTTPS listen addrs and gate tls_termination Compare listen addresses with SplitHostPort so empty, 0.0.0.0, and :: wildcard hosts on the HTTPS port match the proxy’s shared HTTPS address for SNI route registration, keys, and passthrough eligibility. Require tls_termination TCP routes to listen on that shared HTTPS listener; add tests for address equality and validation. * refactor(net,entrypoint,route): centralize shared HTTPS listener matching helpers Move equivalence logic next to ProxyHTTPSAddr into internal/net/listen_addr.go and use it from SNI passthrough and tls_termination validation, dropping duplicated helpers. Close the SNI listener and finish the http_server task when StartServer fails after SNI Listen. Update README examples for autocert-gated tls_termination and HTTPS_ADDR-relative ports. * feat(entrypoint,net): open SNI HTTPS listener without autocert; widen wildcard host checks Remove the autocert guard so the shared HTTPS listener still starts the SNI multiplexer for passthrough when no certificate provider is configured. Extend IsWildcardListenHost for trimmed input, host:port and bracketed IPv6, using net.ParseIP and IsUnspecified for IPv4/IPv6. Add listen_addr tests, README detail, and align SNI passthrough tests with ProxyHTTPSAddr. * fix: apply CodeRabbit auto-fixes Fixed 2 file(s) based on 2 unresolved review comments. Co-authored-by: CodeRabbit <noreply@coderabbit.ai> * test(dev,compose): add TCP echo fixture and SNI passthrough smoke test Wire `cmd/tcp_echo_server` with plaintext and self-signed TLS listeners, dev.compose labels for passthrough and `tls_termination` aliases, and `scripts/tcp_echo_test.ts` invoked by `make tcp-echo-test` via bun. --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Table of content
- Table of content
- Running demo
- Key Features
- Prerequisites
- Setup
- How does GoDoxy work
- Proxmox Integration
- Update / Uninstall system agent
- Screenshots
- Manual Setup
- Build it yourself
- Star History
Running demo
Key Features
- Simple
- Effortless configuration with simple labels or WebUI
- Simple multi-node setup
- Detailed error messages for easy troubleshooting.
- ACL: connection / request level access control
- IP/CIDR
- Country (Maxmind account required)
- Timezone (Maxmind account required)
- Access logging
- Periodic notification of access summaries for number of allowed and blocked connections
- Advanced Automation
- Automatic SSL certificate management with Let's Encrypt (using DNS-01 Challenge)
- Auto-configuration for Docker containers
- Hot-reloading of configurations and container state changes
- Container Runtime Support
- Docker
- Podman
- Idle-sleep: stop and wake containers based on traffic (see screenshots)
- Docker containers
- Proxmox LXC containers
- Proxmox Integration
- Automatic route binding: Routes automatically bind to Proxmox nodes or LXC containers by matching hostname, IP, or alias
- LXC lifecycle control: Start, stop, restart containers directly from WebUI
- Real-time logs: Stream journalctl logs from nodes and LXC containers via WebSocket
- Traffic Management
- HTTP reserve proxy
- TCP/UDP port forwarding
- OpenID Connect support: SSO and secure your apps easily
- ForwardAuth support: integrate with any auth provider (e.g. TinyAuth)
- Customization
- Web UI
- App Dashboard
- Config Editor
- Uptime and System Metrics
- Docker
- Container lifecycle management (start, stop, restart)
- Real-time container logs via WebSocket
- Proxmox
- LXC container lifecycle management (start, stop, restart)
- Real-time node and LXC journalctl logs via WebSocket
- Cross-Platform support
- Supports linux/amd64 and linux/arm64
- Efficient and Performant
- Written in Go
Prerequisites
Configure Wildcard DNS Record(s) to point to machine running GoDoxy, e.g.
- A Record:
*.domain.com->10.0.10.1 - AAAA Record (if you use IPv6):
*.domain.com->::ffff:a00:a01
Setup
Note
GoDoxy is designed to be running in
hostnetwork mode, do not change it.To change listening ports, modify
.env.
-
Prepare a new directory for docker compose and config files.
-
Run setup script inside the directory, or set up manually
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/yusing/godoxy/main/scripts/setup.sh)" -
Start the docker compose service from generated
compose.yml:docker compose up -d -
You may now do some extra configuration on WebUI
https://godoxy.yourdomain.com
How does GoDoxy work
- List all the containers
- Read container name, labels and port configurations for each of them
- Create a route if applicable (a route is like a "Virtual Host" in NPM)
- Watch for container / config changes and update automatically
Note
GoDoxy uses the label
proxy.aliasesas the subdomain(s), if unset it defaults to thecontainer_namefield in docker compose.For example, with the label
proxy.aliases: qbtyou can access your app viaqbt.domain.com.
Proxmox Integration
GoDoxy can automatically discover and manage Proxmox nodes and LXC containers through configured providers.
Automatic Route Binding
Routes are automatically linked to Proxmox resources through reverse lookup:
- Node-level routes (VMID = 0): When hostname, IP, or alias matches a Proxmox node name or IP
- Container-level routes (VMID > 0): When hostname, IP, or alias matches an LXC container
This enables seamless proxy configuration without manual binding:
routes:
pve-node-01:
host: pve-node-01.internal
port: 8006
# Automatically links to Proxmox node pve-node-01
WebUI Management
From the WebUI, you can:
- LXC Lifecycle Control: Start, stop, restart containers
- Node Logs: Stream real-time journalctl or log files output from nodes
- LXC Logs: Stream real-time journalctl or log files output from containers
Update / Uninstall system agent
Update:
bash -c "$(curl -fsSL https://github.com/yusing/godoxy/raw/refs/heads/main/scripts/install-agent.sh)" -- update
Uninstall:
bash -c "$(curl -fsSL https://github.com/yusing/godoxy/raw/refs/heads/main/scripts/install-agent.sh)" -- uninstall
Screenshots
idlesleeper
Metrics and Logs
 |
 |
| Routes | Servers |
Manual Setup
-
Make
configdirectory then grabconfig.example.ymlintoconfig/config.ymlmkdir -p config && wget https://raw.githubusercontent.com/yusing/godoxy/main/config.example.yml -O config/config.yml -
Grab
.env.exampleinto.envwget https://raw.githubusercontent.com/yusing/godoxy/main/.env.example -O .env -
Grab
compose.example.ymlintocompose.ymlwget https://raw.githubusercontent.com/yusing/godoxy/main/compose.example.yml -O compose.yml
Folder structrue
├── certs
│ ├── cert.crt
│ └── priv.key
├── compose.yml
├── config
│ ├── config.yml
│ ├── middlewares
│ │ ├── middleware1.yml
│ │ ├── middleware2.yml
│ ├── provider1.yml
│ └── provider2.yml
├── data
│ ├── metrics # metrics data
│ │ ├── uptime.json
│ │ └── system_info.json
└── .env
Build it yourself
-
Clone the repository
git clone https://github.com/yusing/godoxy --depth=1 -
Install / Upgrade go (>=1.22) and
makeif not already -
Clear cache if you have built this before (go < 1.22) with
go clean -cache -
get dependencies with
make get -
build binary with
make build