Recently I have been working on quite some Zoraxy updates. For those who have never heard of Zoraxy, it is my open source reverse proxy server with features more than enough to run your tiny cluster in your homelab or server room.
TL;DR
If you don't care how Zoraxy works and just want a noobs friendly reverse proxy server that works on Windows and Linux, click here.
What is new?
Well, if you have used Zoraxy v2 before, every time you open the web management portable you will find yourself feeling depressed. It is because during the development of v2, I didn't have time to consider the color scheme or how to make it looks more attractive (as an open source project wise).
This is how the v3 UI looks like.
Other than UI updates, there are also tons of new feature added to optimize the proxy core function (or I would say, trying to be as similar to Nginx Proxy Manager (NPM) as possible due to user requests). Generally speaking, this is not a NPM replacement, but more like a system that lets you easier to switch between services for testing and debugging. But anyway, I don't mind people asking for new features that feels like NPM.
Default Site
In Zoraxy v3, we added support for Default Site and multiple hostnames support.
The predecessor of Zoraxy (which is called "Web Proxy", a sub-service of the ArozOS system) was designed to handle only one domain reverse proxy only, the v2 design of adding additional support for subdomain and other host name was messy. People are confusing about "Proxy", "Subdomain Proxy" and "proxy Root". That is why in the v3 design, a new interface and setup logic was introduced. With Default Site logic, now people can easily adapt Zoraxy just like Nginx Proxy Manager.
The default site provide 4 options to choose from. For starters, you might want to use the Internal Static Web Server and put an "index.html" file as your website homepage using the "Static Web Server" function which Zoraxy also provides. This is more like a traditional Apache kind of experience, where if no routing is match in the apache.conf, all the routing goes into the build in static web server and start serving files from your /var/www/html
folder.
Redirect and 404 Not Found are also quite straight forward. For redirect, you can enter a target domain / ip address to redirect. This is useful when you are pointing your old (sub)domains to a new one or just straight out blocking those requests for unknown / out-dated subdomains that used to exists.
Certificate for wildcard domains / SNI
In v3, we introduced SNI in TLS/SSL certificate lookup logic. What difference of Zoraxy SNI and other implementation is that it do not require user input for "linking" a certificate with a given host name.
In v2, users need to manually set each certificates to a matching domain. For example, if you have a certificate that cover a.example.com and b.example.com, you need to manually set it the matching keyword to "example.com" in order for it to work. Now with the Zoraxy v3 automatic certificate lookup logic, you dont need to link anything. Just upload your certificate (or use the build in ACME tool to generate one from your prefered CA) and Zoraxy will resolve it for you automatically. The only catch is that it will be slightly slower for certificates containing multiple hostnames (e.g. domain.com and anotherdomain.com, might take O(n) time complexity to check all the certificates in the system), but for personal / homelab purpose it is good enough.
Access Filters
In the Zoraxy v3.0.2, a host rule independent access filter was introduced. This is yet another cool function in Zoraxy where each proxy rule have their own access filters, which the filter itself also include blacklist / whitelist of country code and/or ip address.
Compare to v2 where the global filter rule is applied, the v3 uses a per proxy host rule design, which allow each proxy hostname to have different access rule filter. I personally don't use it as I only host a single domain with my server, but seems many user request for this for more than a year now. So I added this in to make other's life easier.
For those who still love to use global access rule design, you can modify the "default" filter instead. The default filter works exactly like the previous global access filter and all proxy host by default use the "default" filter as the access control policy.
Alias
Another cool feature we added in Zoraxy v3.0.2 is the ability to create alias of a given hostname. People are complaining about cannot create alias host name on Zoraxy. So now we got support for alias host names! You can edit an existing Proxy host name and add alias for router matching.
But there is a trade-off. Using alias is a bit slower than a direct hit in host name resolving (which obviously make sense as it needs to iterate through and check if any hostname or hostname with wildcard matches the request header). So personally, as I only have one domain name, I will just add more proxy entries or redirection instead.
Redirection Regex Support
Also, due to high demands for complex rewrite rules, in Zoraxy v3.0.1 we introduced the redirection regex support. If enabled, you can use regular expression in setting up redirection URL.
It is not useful for me (as I am the kind of person think regex is like magic spells), but maybe someone will find it useful.
Forward Proxy
It is interesting to see Zoraxy can also be used as a forward proxy! Well if you don't want to get a VPN setup and only want to access a few site when you are traveling, you can use Zoraxy as a web-vpn-server kind of thing. This feature is called "Forward Proxy" and you can find Forward Proxy setting in most modern browser. Just make sure you have enabled port forward on your NAT router (and docker container) so you can connect to the forward proxy server with the port you assigned.
Wake-On-LAN
In the Zoraxy v3, the Wake-On-LAN helper is also introduced. This helps with kick starting your cluster in case there is a power loss and your UPS notifiy all servers to shut down. This function is design for people who have a setup that they uses a small form factor PC as software router which it will not be powered off during power outage (powered via UPS maybe?). This node will be used as the restarting node for kick starting the cluster when power resume.
Using this function and, if you have a few nodes with "ArozOS" installed, you can easily add all nodes into the Zoraxy WoL table and kick start them one by one remotely.
Summary
Anyway, that is all for today! Zoraxy v3 offers so many new features that now it has become one of my major services powering my distributed cluster. If you are interested to know more or get your hands dirty by digging into the source code, you can find everything you need on my Github repo and project homepage.
Zoraxy
A general purpose HTTP reverse proxy and forwarding tool. Now written in Go!
Features
- Simple to use interface with detail in-system instructions
- Reverse Proxy (HTTP/2)
- Virtual Directory
- WebSocket Proxy (automatic, no set-up needed)
- Basic Auth
- Alias Hostnames
- Custom Headers
- Redirection Rules
- TLS / SSL setup and deploy
- ACME features like auto-renew to serve your sites in https
- SNI support (and SAN certs)
- DNS Challenge for Let's Encrypt and these DNS providers
- Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
- Global Area Network Controller Web UI (ZeroTier not included)
- Stream Proxy (TCP & UDP)
- Integrated Up-time Monitor
- Web-SSH Terminal
- Utilities
- CIDR IP converters
- mDNS Scanner
- Wake-On-Lan
- Debug Forward Proxy
- IP Scanner
- Others
- Basic single-admin management mode
- External permission management system for easy system integration
- SMTP config for password reset
Downloads
Windows / Linux (amd64) / Linux (arm64)
For other systems or architectures…
See you in the next dev post!
Top comments (3)
I have some questions:
Nice, thank you for your responses, it seems like it’s definitely worth a try. I’ve been using the NPM Proxy Manager many years, but now I’m on the lookout for alternatives, so this one is certainly a contender.