DEV Community

Cover image for Zoraxy v3 - The brand new Reverse Proxy Server for Noobs
Toby Chui
Toby Chui

Posted on

Zoraxy v3 - The brand new Reverse Proxy Server for Noobs

Recently I have been working on quite some Zoraxy updates. For those who have never heard of Zoraxy, it is my open source reverse proxy server with features more than enough to run your tiny cluster in your homelab or server room.


If you don't care how Zoraxy works and just want a noobs friendly reverse proxy server that works on Windows and Linux, click here.

What is new?

Well, if you have used Zoraxy v2 before, every time you open the web management portable you will find yourself feeling depressed. It is because during the development of v2, I didn't have time to consider the color scheme or how to make it looks more attractive (as an open source project wise).

v2 homepage

v2 proxy

This is how the v3 UI looks like.


default site


virtual directory

Other than UI updates, there are also tons of new feature added to optimize the proxy core function (or I would say, trying to be as similar to Nginx Proxy Manager (NPM) as possible due to user requests). Generally speaking, this is not a NPM replacement, but more like a system that lets you easier to switch between services for testing and debugging. But anyway, I don't mind people asking for new features that feels like NPM.

Default Site

In Zoraxy v3, we added support for Default Site and multiple hostnames support.
The predecessor of Zoraxy (which is called "Web Proxy", a sub-service of the ArozOS system) was designed to handle only one domain reverse proxy only, the v2 design of adding additional support for subdomain and other host name was messy. People are confusing about "Proxy", "Subdomain Proxy" and "proxy Root". That is why in the v3 design, a new interface and setup logic was introduced. With Default Site logic, now people can easily adapt Zoraxy just like Nginx Proxy Manager.

Default site example

The default site provide 4 options to choose from. For starters, you might want to use the Internal Static Web Server and put an "index.html" file as your website homepage using the "Static Web Server" function which Zoraxy also provides. This is more like a traditional Apache kind of experience, where if no routing is match in the apache.conf, all the routing goes into the build in static web server and start serving files from your /var/www/html folder.

Redirect and 404 Not Found are also quite straight forward. For redirect, you can enter a target domain / ip address to redirect. This is useful when you are pointing your old (sub)domains to a new one or just straight out blocking those requests for unknown / out-dated subdomains that used to exists.

redirect options

Certificate for wildcard domains / SNI

In v3, we introduced SNI in TLS/SSL certificate lookup logic. What difference of Zoraxy SNI and other implementation is that it do not require user input for "linking" a certificate with a given host name.


In v2, users need to manually set each certificates to a matching domain. For example, if you have a certificate that cover and, you need to manually set it the matching keyword to "" in order for it to work. Now with the Zoraxy v3 automatic certificate lookup logic, you dont need to link anything. Just upload your certificate (or use the build in ACME tool to generate one from your prefered CA) and Zoraxy will resolve it for you automatically. The only catch is that it will be slightly slower for certificates containing multiple hostnames (e.g. and, might take O(n) time complexity to check all the certificates in the system), but for personal / homelab purpose it is good enough.

Access Filters

In the Zoraxy v3.0.2, a host rule independent access filter was introduced. This is yet another cool function in Zoraxy where each proxy rule have their own access filters, which the filter itself also include blacklist / whitelist of country code and/or ip address.

list filtering

access rule editor

selecting an access rule for proxy rule

Compare to v2 where the global filter rule is applied, the v3 uses a per proxy host rule design, which allow each proxy hostname to have different access rule filter. I personally don't use it as I only host a single domain with my server, but seems many user request for this for more than a year now. So I added this in to make other's life easier.

For those who still love to use global access rule design, you can modify the "default" filter instead. The default filter works exactly like the previous global access filter and all proxy host by default use the "default" filter as the access control policy.


Another cool feature we added in Zoraxy v3.0.2 is the ability to create alias of a given hostname. People are complaining about cannot create alias host name on Zoraxy. So now we got support for alias host names! You can edit an existing Proxy host name and add alias for router matching.


alias button

alias editor

But there is a trade-off. Using alias is a bit slower than a direct hit in host name resolving (which obviously make sense as it needs to iterate through and check if any hostname or hostname with wildcard matches the request header). So personally, as I only have one domain name, I will just add more proxy entries or redirection instead.

Redirection Regex Support

Also, due to high demands for complex rewrite rules, in Zoraxy v3.0.1 we introduced the redirection regex support. If enabled, you can use regular expression in setting up redirection URL.

regex redirect

It is not useful for me (as I am the kind of person think regex is like magic spells), but maybe someone will find it useful.

Forward Proxy

It is interesting to see Zoraxy can also be used as a forward proxy! Well if you don't want to get a VPN setup and only want to access a few site when you are traveling, you can use Zoraxy as a web-vpn-server kind of thing. This feature is called "Forward Proxy" and you can find Forward Proxy setting in most modern browser. Just make sure you have enabled port forward on your NAT router (and docker container) so you can connect to the forward proxy server with the port you assigned.

forward proxy


In the Zoraxy v3, the Wake-On-LAN helper is also introduced. This helps with kick starting your cluster in case there is a power loss and your UPS notifiy all servers to shut down. This function is design for people who have a setup that they uses a small form factor PC as software router which it will not be powered off during power outage (powered via UPS maybe?). This node will be used as the restarting node for kick starting the cluster when power resume.


Using this function and, if you have a few nodes with "ArozOS" installed, you can easily add all nodes into the Zoraxy WoL table and kick start them one by one remotely.


Anyway, that is all for today! Zoraxy v3 offers so many new features that now it has become one of my major services powering my distributed cluster. If you are interested to know more or get your hands dirty by digging into the source code, you can find everything you need on my Github repo and project homepage.

GitHub logo tobychui / zoraxy

General purpose (reverse) proxy and forwarding tool for networking noobs. Now written in Go!


General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!

Zoraxy v3 HTTP proxy config is not compatible with the older v2. If you are looking for the legacy version of Zoraxy, take a look at the v2 branch


  • Simple to use interface with detail in-system instructions

  • Reverse Proxy

    • Virtual Directory
    • Basic Auth
    • Custom Headers
  • Redirection Rules

  • TLS / SSL setup and deploy

    • ACME features like auto-renew to serve your sites in https
    • SNI support (one certificate contains multiple host names)
  • Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)

  • Global Area Network Controller Web UI (ZeroTier not included)

  • TCP Tunneling / Proxy

  • Integrated Up-time Monitor

  • Web-SSH Terminal

  • Utilities

    • CIDR IP converters
    • mDNS Scanner
    • IP Scanner
  • Others

    • Basic single-admin management mode
    • External permission management system for easy system integration
    • SMTP config for password reset



Reverse Proxy Server | Zoraxy

A reverse proxy server and cluster network gateway for noobs


See you in the next dev post!

Top comments (3)

corysus profile image

I have some questions:

  • Does the platform support HTTPS encryption with Let's Encrypt (including wildcard certificates)?
  • Does it support HTTP/2 or HTTP/3 protocols?
  • Does it support WebSockets?
tobychui profile image
Toby Chui
  • Yes (claim by the contributor developing the ACME module)
  • HTTP/2 only. As there isn't yet an official Golang HTTP/3 implementation, we are waiting for it now.
  • Yes. Zoraxy will automatically sniff the "Upgrade" header from your request and do the switch automatically from HTTP proxy to WebSocket proxy (no additional setting required!).
corysus profile image

Nice, thank you for your responses, it seems like it’s definitely worth a try. I’ve been using the NPM Proxy Manager many years, but now I’m on the lookout for alternatives, so this one is certainly a contender.