Releases: tobychui/zoraxy
v3.0.8
v3.0.8 Updates
This is yet another huge rewrite of the upstream proxying system. With this version of Zoraxy onward, multiple upstreams is supported with weighted random load balance with fallback (currently need to set manually, will move to automatic fallback in later versions).
Breaking Changes & Updater
This version of Zoraxy introduce a breaking change to the structure of the proxy rule storage config under the ./conf/proxy/
folder. However, this version also introduce a new automatic updater that, in theory, will update the config for you automatically. If you are trying to do manual migration from v3.0.7 to v3.0.8, please make sure the following:
- The file
./conf/version
not exists (Zoraxy will assume it is from pre-3.0.8) - Make sure you have a backup of the whole config folder
- Only start your v3.0.8 zoraxy after the above steps are done
After update is succeed, you should see a file named version
is generated under conf
folder with the current zoraxy version written into it.
Warning for Docker Users
This version docker build is broken (fixes are work in progress). If you use docker, you can wait for the v3.0.9 release.
Warning for Production Uses
This upstream implementation is experimental and not recommend to be used in production environment. But from my tests on two of my homelab servers for 2 weeks, everything seems fine so far. Anyway, use this version with your own risk :)
Change Log
- Added apache style logging mechanism (and build-in log viewer) #218
- Fixed keep alive flushing issues #235
- Added multi-upstream supports #100
- Added stick session load balancer
- Added weighted random load balancer
- Added domain cleaning logic to domain / IP input fields
- Added HSTS "include subdomain" auto injector
- Added work-in-progress SSO / Oauth Server UI
- Fixed uptime monitor not updating on proxy rule change bug
- Optimized UI for create new proxy rule
- Removed service expose proxy feature
v3.0.7
v3.0.7 Update
This version of Zoraxy added rate limiting and docker container selector list feature. The new -docker=true
startup parameter is also added to facilitate future UX optimizations pull request from the community who are deploying Zoraxy with docker. The new Custom Header snippet also included the new HSTS support and Permission-Policy editor.
Notes for Windows 7 (or Windows Server 2008) Users
As building for Windows 7 is getting harder and harder with increasing numbers of go module dependencies, it is expected that Windows 7 support will be dropped soon (i.e. future releases will not includes zoraxy_windows_amd64_NT6-1.exe
). Please consider switching to a more modern OS.
Change Log
- Fixed redirection enable bug #199
- Fixed header tool user agent rewrite sequence
- Optimized rate limit UI
- Added HSTS and Permission Policy Editor #163
- Docker UX optimization start parameter
-docker
- Docker container selector implementation for conditional compilations for Windows
From contributors
v3.0.6
v3.0.6 Updates
This update improved the header rewrite function with a much advance version of header customization engine. The new engine support set or remove header in both direction (downstream to upstream and upstream to downstream). A new Stream Proxy module is also introduced which support both TCP and UDP forwarding.
Note: TCP Proxy modes other than forward has been removed due to "no one actually know how to use them". Now the TCP proxy module has been integrated as part of the Stream Proxy function. Configurations are partially backward compatible but there might be some minor issues with the UI. It is recommended that you delete the old rules and recreate them after update.
Change Log
- Added fastly_client_ip to X-Real-IP auto rewrite
- Added atomic accumulator to TCP proxy
- Added white logo for future dark theme
- Added multi selection for white / blacklist #176
- Moved custom header rewrite to dpcore
- Restructure dpcore header rewrite sequence
- Added advance custom header settings (zoraxy to upstream and zoraxy to downstream mode)
- Added header remove feature
- Removed password requirement for SMTP #162 #80
- Restructured TCP proxy into Stream Proxy (Support both TCP and UDP) #147
- Added stream proxy auto start #169
- Optimized UX for reminding user to click Apply after port change
- Added version number to footer #160
v3.0.5
v3.0.5 Updates
This update mainly fixed the ovh DNS challenge field generator bug and header bug when using NextCloud in container.
As a side notes, if you really want to use domain names as proxy target and you have a private DNS server, use .local
(mDNS style), .internal
(docker style) or .home.arpa.
(RFC 8375) as your domain name TLD for internal service. This can help Zoraxy to understand and automatically rewrite headers for internal networking instead of external one and prevent HTTP_HOST
rewrite errors.
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some features are missing from this build due to library & compiler limitations. This version is purely here to support legacy device and might be dropped anytime soon. Please consider to upgrade your server to a new version of Windows.
Change Log
- Optimized uptime monitor error message #121
- Optimized detection logic for internal proxy target and header rewrite condition for
HTTP_HOST
#164 - Fixed ovh DNS challenge provider form generator bug #161
- Added permission policy module (not enabled)
- Added single-use cookiejar to uptime monitor request client to handle cookie issues on some poorly written back-end server #149
v3.0.4
V3.0.4 Updates
This release tidied up the contribution by @Teifun2 and added a new way to generate DNS challenge based certificate (e.g. wildcards) from Let's Encrypt without changing any environment variables. This also fixes a few previous ACME module EAB settings bug related to concurrent save.
You can find the DNS challenge settings under TLS / SSL > ACME snippet > Generate New Certificate > (Check the "Use a DNS Challenge" checkbox)
- Optimized DNS challenge implementation
- Removed dependencies on environment variable write and keep all data contained
- Fixed panic on loading certificate generated by Zoraxy v2
- Added automatic form generator for DNS challenge / providers
- Added CA name default value
- Added code generator for acmedns module (storing the DNS challenge provider contents extracted from lego)
- Fixed ACME snippet "Obtain Certificate" concurrent issues in save EAB and DNS credentials
Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some DNS challenge provider like cpanel and mailinabox are missing from this build due to library & compiler limitations.
Thanks for all the contributors and developers involved testing out the DNS challenge feature 🎉🎉🎉
Update v3.0.3
Update v3.0.2
This update primarily contains bug fixes for many of the issues introduced due to the new implementation of the access filter rule system.
Breaking Change
For users using SMTP with older versions, you might need to update the settings by moving the domains (the part after @ in the username and domain setup field) into the username field.
Change Log
- Updated SMTP UI for non email login username
- Fixed ACME cert store reload after cert request
- Fixed default rule not applying to default site when default site is set to proxy target
- Fixed blacklist-ip not working with CIDR bug
- Fixed minor vdir bug in tailing slash detection and redirect logic
- Added custom mdns name support (-mdnsname flag)
- Added LAN tag in statistic
Update v3.0.2
Update v3.0.2
This updates added the new alias hostname function as well as rewritten the access rule set to support per Proxy Hostname access filter architecture.
To use the alias hostname during creating a new Proxy Rule, use comma to separate the different hostname. Wildcards are also supported in the alias hostname. Here is an example.
main.example.com,*.main.example.com,alias.example.com
You can also find the alias hostname editor in the HTTP Proxy list (Edit mode)
Windows 7 support was restored due to my test bench is still running Windows 7 and I am too busy to upgrade it. If you are still using a Windows 7 machine, you can use the zoraxy_windows_amd64_NT6_1.exe
executable. Note that Windows 7 support might be discontinued anytime and as it is build with older version of Go compiler, it might also come with some minor security issues.
Change Log
- Added alias for HTTP proxy host names #76
- Added separator support for create new proxy rules (use "," to add alias when creating new proxy rule)
- Added HTTP proxy host based access rules #69
- Added EAD Configuration for ACME (by @yeungalan) #45
- Fixed bug for bypassGlobalTLS endpoint do not support basic-auth
- Fixed panic due to empty
domain
field in json config #120 - Removed dependencies on management panel css for online font files
Update v3.0.1
Update v3.0.1
This update fixed a few minor bugs from the v3 big updates.
Change Log
- Added regex support for redirect (slow, don't use it unless you really needs it) #42
- Added new dpcore implementations for faster proxy speed
- Added support for CF-Connecting-IP to X-Real-IP auto rewrite #114
- Added enable / disable of HTTP proxy rules in runtime #108
- Added better 404 page
- Added option to bypass websocket origin check #107
- Updated project homepage design
- Fixed recursive port detection logic
- Fixed UserAgent in resp bug
- Updated minimum required Go version to v1.22 (Notes: Windows 7 support is dropped) #112
Update v3.0.0
Updates v3.0.0
This is a big rewrite of the original Zoraxy v2 proxy core for covering more real-life use cases based on feedback from issues.
IMPORTANT NOTES
Zoraxy v3 host rules are not compatible with v2, which the "Backup & Restore" feature is also not compatible. Please start a new installation from scratch if you are currently using Zoraxy v2.
- Restructure the proxy core logic
- Added virtual directory into host routing object (each host now got its own sets of virtual directories)
- Added support for wildcard host names (e.g. *.example.com)
- Added best-fit selection for wildcard matching rules (e.g. *.a.example.com > *.example.com in routing)
- Generalized root and hosts routing struct (no more conversion between runtime & save record object
- Added "Default Site" to replace "Proxy Root" interface
- Added Redirect & 404 page for "Default Site"
- Optimized UI and UX
- Optimized & Separated Virtual Directory edit menu
- Added more less depressing colors
- Added comments for whitelist
- TLS / SSL
- Added automatic cert pick for multi-host certs (it is called SNI btw)
- Added "one click force renew" button
- Renamed .crt to .pem for cert store
- Headers
- Added x-proxy-by header to help with debugging
- Added X-real-Ip header
- Added Development Mode Toggle (Cache-Control: no-store)
- Added custom header
- Others
- Updated up time monitor timeout to 10 seconds instead of 90
- Added "Add controller as member" feature to Global Area Network editor
- Deprecated aroz subservice support
Update v2.6.8
Updates 2.6.8
This version fixes bug in 2.6.7 and added "Allow plain HTTP access" options for force TLS per domain
- Added opt-out for subdomains for global TLS settings for
- Optimized subdomain / vdir editing interface
- Added system wide logger (wip)
- Fixed issue for uptime monitor bug
- Changed default static web port to 5487 so it is even more unlikely to be used by other processes
- Added automatic HTTP/2 to TLS mode
Notes on opt-out TLS per domain
The function is named "allow plain HTTP access" which is hidden under the advance setting tab. in "Create proxy rule" or the proxy rule inline edit interface. Once this option is enable, the subdomain defined in the rule can be accessed via plain HTTP and HTTPS.
This function is only usable with the following options enabled
- TLS enabled on non port 80
- Port 80 Listener is enabled
- Only works for sub-domains (vdir do not support opt-out feature)