Releases: tobychui/zoraxy
v3.0.6
v3.0.6 Updates
This update improved the header rewrite function with a much advance version of header customization engine. The new engine support set or remove header in both direction (downstream to upstream and upstream to downstream). A new Stream Proxy module is also introduced which support both TCP and UDP forwarding.
Note: TCP Proxy modes other than forward has been removed due to "no one actually know how to use them". Now the TCP proxy module has been integrated as part of the Stream Proxy function. Configurations are partially backward compatible but there might be some minor issues with the UI. It is recommended that you delete the old rules and recreate them after update.
Change Log
- Added fastly_client_ip to X-Real-IP auto rewrite
- Added atomic accumulator to TCP proxy
- Added white logo for future dark theme
- Added multi selection for white / blacklist #176
- Moved custom header rewrite to dpcore
- Restructure dpcore header rewrite sequence
- Added advance custom header settings (zoraxy to upstream and zoraxy to downstream mode)
- Added header remove feature
- Removed password requirement for SMTP #162 #80
- Restructured TCP proxy into Stream Proxy (Support both TCP and UDP) #147
- Added stream proxy auto start #169
- Optimized UX for reminding user to click Apply after port change
- Added version number to footer #160
v3.0.5
v3.0.5 Updates
This update mainly fixed the ovh DNS challenge field generator bug and header bug when using NextCloud in container.
As a side notes, if you really want to use domain names as proxy target and you have a private DNS server, use .local
(mDNS style), .internal
(docker style) or .home.arpa.
(RFC 8375) as your domain name TLD for internal service. This can help Zoraxy to understand and automatically rewrite headers for internal networking instead of external one and prevent HTTP_HOST
rewrite errors.
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some features are missing from this build due to library & compiler limitations. This version is purely here to support legacy device and might be dropped anytime soon. Please consider to upgrade your server to a new version of Windows.
Change Log
- Optimized uptime monitor error message #121
- Optimized detection logic for internal proxy target and header rewrite condition for
HTTP_HOST
#164 - Fixed ovh DNS challenge provider form generator bug #161
- Added permission policy module (not enabled)
- Added single-use cookiejar to uptime monitor request client to handle cookie issues on some poorly written back-end server #149
v3.0.4
V3.0.4 Updates
This release tidied up the contribution by @Teifun2 and added a new way to generate DNS challenge based certificate (e.g. wildcards) from Let's Encrypt without changing any environment variables. This also fixes a few previous ACME module EAB settings bug related to concurrent save.
You can find the DNS challenge settings under TLS / SSL > ACME snippet > Generate New Certificate > (Check the "Use a DNS Challenge" checkbox)
- Optimized DNS challenge implementation
- Removed dependencies on environment variable write and keep all data contained
- Fixed panic on loading certificate generated by Zoraxy v2
- Added automatic form generator for DNS challenge / providers
- Added CA name default value
- Added code generator for acmedns module (storing the DNS challenge provider contents extracted from lego)
- Fixed ACME snippet "Obtain Certificate" concurrent issues in save EAB and DNS credentials
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some DNS challenge provider like cpanel and mailinabox are missing from this build due to library & compiler limitations.
Thanks for all the contributors and developers involved testing out the DNS challenge feature 🎉🎉🎉
Update v3.0.3
Update v3.0.2
This update primarily contains bug fixes for many of the issues introduced due to the new implementation of the access filter rule system.
Breaking Change
For users using SMTP with older versions, you might need to update the settings by moving the domains (the part after @ in the username and domain setup field) into the username field.
Change Log
- Updated SMTP UI for non email login username
- Fixed ACME cert store reload after cert request
- Fixed default rule not applying to default site when default site is set to proxy target
- Fixed blacklist-ip not working with CIDR bug
- Fixed minor vdir bug in tailing slash detection and redirect logic
- Added custom mdns name support (-mdnsname flag)
- Added LAN tag in statistic
Update v3.0.2
Update v3.0.2
This updates added the new alias hostname function as well as rewritten the access rule set to support per Proxy Hostname access filter architecture.
To use the alias hostname during creating a new Proxy Rule, use comma to separate the different hostname. Wildcards are also supported in the alias hostname. Here is an example.
main.example.com,*.main.example.com,alias.example.com
You can also find the alias hostname editor in the HTTP Proxy list (Edit mode)
Windows 7 support was restored due to my test bench is still running Windows 7 and I am too busy to upgrade it. If you are still using a Windows 7 machine, you can use the zoraxy_windows_amd64_NT6_1.exe
executable. Note that Windows 7 support might be discontinued anytime and as it is build with older version of Go compiler, it might also come with some minor security issues.
Change Log
- Added alias for HTTP proxy host names #76
- Added separator support for create new proxy rules (use "," to add alias when creating new proxy rule)
- Added HTTP proxy host based access rules #69
- Added EAD Configuration for ACME (by @yeungalan) #45
- Fixed bug for bypassGlobalTLS endpoint do not support basic-auth
- Fixed panic due to empty
domain
field in json config #120 - Removed dependencies on management panel css for online font files
Update v3.0.1
Update v3.0.1
This update fixed a few minor bugs from the v3 big updates.
Change Log
- Added regex support for redirect (slow, don't use it unless you really needs it) #42
- Added new dpcore implementations for faster proxy speed
- Added support for CF-Connecting-IP to X-Real-IP auto rewrite #114
- Added enable / disable of HTTP proxy rules in runtime #108
- Added better 404 page
- Added option to bypass websocket origin check #107
- Updated project homepage design
- Fixed recursive port detection logic
- Fixed UserAgent in resp bug
- Updated minimum required Go version to v1.22 (Notes: Windows 7 support is dropped) #112
Update v3.0.0
Updates v3.0.0
This is a big rewrite of the original Zoraxy v2 proxy core for covering more real-life use cases based on feedback from issues.
IMPORTANT NOTES
Zoraxy v3 host rules are not compatible with v2, which the "Backup & Restore" feature is also not compatible. Please start a new installation from scratch if you are currently using Zoraxy v2.
- Restructure the proxy core logic
- Added virtual directory into host routing object (each host now got its own sets of virtual directories)
- Added support for wildcard host names (e.g. *.example.com)
- Added best-fit selection for wildcard matching rules (e.g. *.a.example.com > *.example.com in routing)
- Generalized root and hosts routing struct (no more conversion between runtime & save record object
- Added "Default Site" to replace "Proxy Root" interface
- Added Redirect & 404 page for "Default Site"
- Optimized UI and UX
- Optimized & Separated Virtual Directory edit menu
- Added more less depressing colors
- Added comments for whitelist
- TLS / SSL
- Added automatic cert pick for multi-host certs (it is called SNI btw)
- Added "one click force renew" button
- Renamed .crt to .pem for cert store
- Headers
- Added x-proxy-by header to help with debugging
- Added X-real-Ip header
- Added Development Mode Toggle (Cache-Control: no-store)
- Added custom header
- Others
- Updated up time monitor timeout to 10 seconds instead of 90
- Added "Add controller as member" feature to Global Area Network editor
- Deprecated aroz subservice support
Update v2.6.8
Updates 2.6.8
This version fixes bug in 2.6.7 and added "Allow plain HTTP access" options for force TLS per domain
- Added opt-out for subdomains for global TLS settings for
- Optimized subdomain / vdir editing interface
- Added system wide logger (wip)
- Fixed issue for uptime monitor bug
- Changed default static web port to 5487 so it is even more unlikely to be used by other processes
- Added automatic HTTP/2 to TLS mode
Notes on opt-out TLS per domain
The function is named "allow plain HTTP access" which is hidden under the advance setting tab. in "Create proxy rule" or the proxy rule inline edit interface. Once this option is enable, the subdomain defined in the rule can be accessed via plain HTTP and HTTPS.
This function is only usable with the following options enabled
- TLS enabled on non port 80
- Port 80 Listener is enabled
- Only works for sub-domains (vdir do not support opt-out feature)
Updates 2.6.7
Updates 2.6.7
This version fixes bug in 2.6.6 and added the static web server features
- Fixed multidomain missing logic (by @daluntw )
- Added Static Web Server function
- Web Directory Manager
- Added static web server and black / whitelist template
- Added default / preferred Ca features
- Added Service Expose Proxy dummy page
- Optimized TLS/SSL page and added dedicated section for ACME related features
Working with Templates
To add templates to black / whitelist, create a html file under the blacklist / whitelist folder. By default, the templates should be placed at the following paths.
./www/templates/blacklist.html
./www/templates/whitelist.html
If the template is not found, the build in one will be used.
Static Web Server Notes
Web directory can only be changed via startup parameter -webroot
due to security reasons. You can manage your web directory and perform some basic file operations like rename, upload, download, copy / cut and delete via the web directory manager which is basically a trim down version of the ArozOS File Manager.
If you do not want to expose your web directory to the web interface due to security concerns, use -webfm=false in your startup parameter to disable the feature. This will disable all api related to the file manager in the back-end server.
Updates 2.6.6
Updates 2.6.6
This version fixes some bugs in 2.6.5 and added a few minor new features.
- Added basic auth editor custom exception rules
- Fixed redirection bug under another reverse proxy and Apache location headers
- Optimized memory usage (from 1.2GB to 61MB for low speed geoip lookup mode or 650MB for high speed mode, see technical notes below)
- Added unset subdomain custom redirection feature
- Fixed potential security issue in satori/go.uuid
By @daluntw
- Added custom acme feature in back-end
- Added bypass TLS check for custom acme server
Notes regarding low / high speed GeoIP lookup mode
Zoraxy will try to resolve and store the visitors country of origin in its statistic collector. As requested by users regarding the memory usage issue, we added a low speed mode for GeoIP lookup logic to reduce memory usage by space time tradeoff. The low speed mode (default mode) of GeoIP lookup will slow down each request by around 6ms, which is not significant in homelab / self hosting environment. However, if you plan to use Zoraxy in production environment, you can enable to high speed mode by using -fastgeoip=true
. We also optimized the high speed mode data structure so it now use around 600 - 700MB of RAM instead of 1.2GB. If your server have that capacity to run in high speed mode, we generally recommend using high speed mode for better user experience.
Updates 7 Sept 2023
A quick patch has been applied to the binary and fixed a minor UI bug that causes the backend to generate stating certificates (See issue #61 ). If you are using old version of v2.6.6, it is recommend that you download the new binary and overwrite the old one.