godoxy releases

Patch release focused on a configuration breaking change (removal of route path_patterns), a correct behavior fix for FileServer routes with rules and middleware, refreshed API docs, and smaller install/docs polish.

Breaking Changes

• Route path_patterns removed. The proxy no longer accepts or applies path_patterns on routes (including FileServer path-pattern multiplexing). The Web UI and generated JSON schema drop this field as well. Migration: Stop using path_patterns in your route config. Model path-specific behavior with rules setup instead of multiplexing multiple path patterns on one route. Pair this upgrade with the matching Web UI build so config editing stays in sync with the server schema.

Bug Fixes

• FileServer routes: middleware runs in the right order relative to rules. For file-served routes that also run rules (for example embedded SPA or API paths), middleware now wraps the post-rules handler so it sees responses produced by rule handlers, not only the static file path.

Improvements

• Response modification and buffering: The shared HTTP stack runs ModifyResponse-style work before deciding lazy buffering vs passthrough, which tightens correctness when middleware or modifiers need to observe or influence status and headers early.
• Installer portability: Setup/install scripts use more POSIX sh-friendly patterns so installs work more reliably across dash, BusyBox, and BSD environments; README install snippets invoke via /bin/sh -c where appropriate.

Configuration Changes

• path_patterns is no longer a valid route field (see Breaking Changes). Review saved YAML and remove any remaining path_patterns blocks before applying config.

API Changes

• OpenAPI / Swagger refreshed: documents such as max_conns_per_host and field ordering (for example load-average-related fields) are updated; path_patterns is removed from the documented route model to match the server.

New Features

• None in this release.

Full Changelog

GoDoxy

• refactor(route): remove path_patterns; sync OpenAPI and webui submodule
• fix(route): wrap FileServer handlers with middleware after rules
• docs(godoxy): inline docker stats in benchmarks and refresh gallery images (documentation / wiki assets)
• chore(scripts): portable setup.sh and README curl invoke sh
• Submodule goutils: feat(http): run ModifyResponse before lazy buffering decision (consumed via submodule pointer in this release; link is to the submodule commit as referenced in your log—adjust org/repo if your fork differs)

Web UI

• chore(types,ui): remove path_patterns from types and ui

Full migration guide: https://docs.godoxy.dev/docs/godoxy/migration/v0.29.0

Breaking Changes

• Embedded Web UI: Drop any frontend / godoxy-frontend service from Compose; the main GoDoxy image serves the dashboard. Set webui.aliases (and related webui fields) as in config.example.yml—see migration guide.
• Socket proxy environment variable: SOCKET_PROXY_LISTEN_ADDR → LISTEN_ADDR (see migration guide for Compose snippets).
• Docker image tags from CI: Compat workflow/tags are gone; compat-style tags are no longer published. If you pinned them, switch to latest, nightly, or v… as documented in the migration guide.

Security

• Access logging after hijacking: Hijacked connections are handled so error paths do not blindly emit extra HTTP status lines or treat hijack like an ordinary proxy failure in misleading ways.

New Features

Proxy, routes, and TLS

• Shared HTTPS listener with TLS SNI routing: Multiple TCP/stream backends can share the proxy HTTPS port by matching ClientHello SNI to route aliases. Optional tls_termination terminates TLS with autocert (when configured) before plaintext upstream; otherwise traffic can stay encrypted end-to-end. Listener matching respects wildcard and IPv6 listen forms. Until the first TCP SNI route registers, ordinary HTTPS on that listener keeps a direct accept path (no ClientHello sniffing or SNI queue), so typical HTTPS sites avoid that overhead. Implemented in PR #230; tracks issue #218 (SNI-based passthrough) and issue #223 (TCP TLS termination).
• HTTP rule actions:
  • serve_file serves a single existing file (non-directory); distinct from serve, which serves a directory.
  • handle dispatches to an in-process registered handler by name.
• Upstream connection cap: max_conns_per_host limits concurrent connections per upstream host on the HTTP transport when set (YAML/API and Web UI).

Web UI

• New root-level webui field and /settings: Config adds optional webui (WebUIConfig) for the built-in Web UI route—aliases, file-server-style options, and optional rules that merge with presets from webui.yml / webui_dev.yml. Theme, dashboard options, route-list filters, and this webui block are edited on /settings, not in the config editor or apps-grid popover (WebUIConfig / top-level webui, settings page).
• Web UI embedded in GoDoxy (single image): The Vite dist bundle is built into the GoDoxy binary and served from an embedded filesystem; published GoDoxy images ship the proxy and Web UI together—there is no separate Web UI container image. Non-production builds can still load assets from a local webui/dist/client tree when present (embed helper, production vs dev embed). GoDoxy reads webui from config (legacy frontend env aliases still apply when unset), merges preset metadata and rules when assembling the built-in route, and serves the SPA with file-server + SPA fallback behavior.
• Stream routes: Editor toggle and copy for tls_termination next to TCP relay_proxy_protocol_header, clarifying autocert termination versus SNI passthrough (stream TLS termination UI; same TLS/SNI behavior as PR #230, issue #223).
• HTTP routes: Form field for max_conns_per_host (HTTP editor).
• Agents: Adding or verifying agents can add_to_config and refresh the sidebar from the verify response instead of editing config.yml locally (agents via verify).
• Rules playground: Searchable quick reference card backed by generated cheatsheet JSON (quick reference).
• Rules authoring: Types, CodeMirror keywords, and cheatsheet text for serve_file and handle (serve_file in UI, handle in UI).
• Schema fixes: MiddlewaresMap keys are optional where appropriate so generated config matches real YAML (types fix).

Agent and tooling

• Agent verify supports add_to_config to append verified hosts under providers.agents, suppresses one matching config reload while persisting, and returns the current agents list on success.
• Install scripts: OpenRC service layout (e.g. Alpine), sh shebang with POSIX-safe patterns, and portable release timestamp checks (no GNU-date-only usage).
• USE_SONIC_JSON: Register Sonic at init only when true (default). Set false on hardware where Sonic is unsupported to avoid SIGILL; documented in env examples and agent logs.

ACME

• Optional certificate_key_type chooses the ACME leaf key algorithm/size (defaults unchanged; invalid values fail validation). Motivated by issue #227 (RSA vs elliptic-curve leaf keys and related autocert flexibility).

Improvements

• gRPC, SSE, streaming HTTP/2 and h2c: Flush/copy and trailer handling behave more reliably through rules and reverse proxy paths; streaming and upgrades see fewer stalls or spurious errors.
  • Fixed https://github.com/netbirdio/netbird/issues/5542#issuecomment-4321631518
• Pre-only rule sets: When rules need no post-phase work, responses use a passthrough modifier so upstream writes and flushes reach clients without unnecessary buffering.
• Apps dashboard: Homepage icon manifests load concurrently with a concurrency-safe cache for faster tiles.
• Benchmarking: Richer bench_server, h3bench, benchmark.sh profiles (smoke/stable/stress), warm-up and repeated-run stats, and raw TCP HTTP/1.1 bench mode for steadier throughput reads.
• Web UI stack: TanStack Start/Router, Fumadocs, Zod, Nitro, and related tooling updates (recent bump).

Bug Fixes

• Treat HTTP/2 cancel and closed response body like other expected stream teardowns so they do not surface as unexpected proxy errors.
• Metrics period poller omits failures when the error is context.Canceled (timeouts/shutdown no longer inflate error history).
• Route load skips nil entries in route maps instead of risking panics or missed validation.
• Agent: Stricter cached release epoch parsing avoids false “up to date” reads from corrupt files; root check uses id -u instead of bash-only $EUID.
• Docker API client: Uses github.com/docker/docker with API negotiation so older Docker engines work without a separate compat build of GoDoxy.
• Socket proxy: LISTEN_ADDR defaults to 0.0.0.0:2375 when unset.

Configuration Changes

| Area | What to know |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| HTTP upstream | Optional max_conns_per_host. |
| Stream/TCP on HTTPS | tls_termination on eligible routes; optional SNI_ROUTING_FOR_TCP_ROUTES / GODOXY_SNI_ROUTING_FOR_TCP_ROUTES (default true) disables registering TCP routes on the shared HTTPS listener when you need that restriction. Background: PR #230, issue #218, issue #223. |
| ACME | Optional certificate_key_type. Background: issue #227. |
| Web UI | New optional root webui (WebUIConfig): aliases, file-server-style fields, optional rules merged with presets from webui.yml / webui_dev.yml. |
| Agent runtime | USE_SONIC_JSON to disable Sonic on incompatible CPUs. |
| Socket proxy | LISTEN_ADDR replaces SOCKET_PROXY_LISTEN_ADDR. |

API Changes

• Agent verify: Request flag add_to_config; responses list current agents after successful persist (OpenAPI/Swagger regenerated).

Contributors

Thanks to everyone who contributed feature requests, testing and feedback for this release.

Full Changelog

• GoDoxy (core): v0.28.1…v0.29.0
• Web UI submodule (highlights): WebUIConfig / webui, settings & navigation, agents via verify, vite dev host allowance

New Features

• Friendlier browser error page when an upstream origin is unreachable. Browser GET requests that accept HTML now receive a branded 502 page with a retry countdown, while API/non-HTML clients continue to receive the plain-text response.
• WebUI route search. The configuration editor now includes a shared search box for filtering routes in the route list.
  https://github.com/yusing/godoxy-webui/commit/fee6eca724ae1c1f4d5881dd5528afbb5236fbf7

Improvements

• More reliable Docker/socket event streaming. Socket proxy and agent event streams now flush chunked responses immediately, reducing delayed container create/delete notifications.
• Lower Proxmox API load and faster LXC polling. GoDoxy now caches unchanged LXC IP lookups briefly, limits concurrent IP lookups, and avoids expensive interface calls for stopped or suspended guests while still reading configured IPs.
• Improved idle-watcher loading page. The loading screen has updated light/dark styling, clearer console log levels, better accessibility markup, and avoids showing undefined for missing log messages.
• Ready idle-watcher targets preserve upstream cache headers. Once a target is ready, proxied responses keep the origin’s Cache-Control and Expires headers instead of being forced to no-store.
• HTML rewriting works for more upstream responses. Middleware that rewrites HTML can now handle chunked or unknown-length HTML/XHTML responses, while still avoiding unsafe rewrites for unsupported encodings or non-HTML bodies.
• Cleaner debug logging. Expected WebSocket shutdowns no longer produce noisy close logs, and HTTP/3 logging now respects the configured zerolog level.
• Better Geo/IP lookup behavior. MaxMind lookups now use a bounded cache, populate city information, and reduce repeated failure log noise.
• Debug cache observability. Debug-tagged builds can emit summarized cache hit/miss/recompute/eviction logs for troubleshooting.
• More reliable source/container builds. Docker and build scripts now include the minification tooling needed for embedded HTML/JS assets.

WebUI Improvements

• Autocert certificates are easier to review. Certificates now appear in an accordion with subject, primary DNS name, expiry summary, expandable details, and clearer renewal/loading/empty states.
  https://github.com/yusing/godoxy-webui/commit/e14efa6b80b1d985513b12ecd883397a29d5c916
• Cleaner config-editor controls. Field remove/reset actions are more consistent across forms, nested lists are better aligned, and extra certificate removal uses the shared delete control.
• Faster route editing. Route cards are denser, quick settings use compact chips, middleware step labels are clearer, and hover actions are less visually noisy.
• Inbound mTLS selection is easier to clear. The WebUI now clears route-level inbound mTLS from the select menu instead of a separate clear button.
  https://github.com/yusing/godoxy-webui/commit/88eb643359082e89c48c76023a277e293db5b735
• Visual polish. Focus states, card surfaces, combobox/select styling, destructive color contrast, and dialog footer spacing have been refined.

Bug Fixes

• HTTP modifier status handling is now accurate. Modified responses now send and record the status code actually produced by the modifier, including proper 500 handling when a modifier fails.
• Idle-watcher cache behavior is corrected. Loading/static/wake-event responses still use strong no-store headers, while ready proxied targets no longer lose their upstream cache headers.
• Wiki/documentation sync links are corrected. Generated GitHub source links with line numbers no longer duplicate URL fragments.

Configuration Changes

• inbound_mtls_profile documentation is clarified. The OpenAPI docs now state that route-level inbound_mtls_profile applies only to HTTP-based routes, must match a configured inbound_mtls_profiles entry, and is ignored when an entrypoint-level inbound mTLS profile is set.

Full Changelog

• GoDoxy: https://github.com/yusing/godoxy/compare/v0.28.0...v0.28.1
• GoDoxy WebUI notable commits:
  • Route list search: https://github.com/yusing/godoxy-webui/commit/fee6eca724ae1c1f4d5881dd5528afbb5236fbf7
  • Autocert certificate accordion: https://github.com/yusing/godoxy-webui/commit/e14efa6b80b1d985513b12ecd883397a29d5c916
  • Inbound mTLS select clearing: https://github.com/yusing/godoxy-webui/commit/88eb643359082e89c48c76023a277e293db5b735

This release strengthens safe defaults around the local automation API, adds inbound mTLS and richer Docker label merging, and ships WebUI fixes and polish.

Breaking changes

• Unauthenticated local API bind addresses: Non-loopback binds (0.0.0.0, ::, LAN IPs, public hostnames, etc.) require GODOXY_LOCAL_API_ALLOW_NON_LOOPBACK=true. Loopback (127.0.0.1, ::1, localhost) still works without the flag. Omitting the flag with a non-loopback address fails validation instead of starting a wide-open listener.
• Entrypoint middleware reload + route bypass overlays: When entrypoint middleware configuration changes at runtime, per-route bypass overlays are recompiled. If overlay compilation fails, matching requests receive HTTP 500 (error text is not returned to clients). Validate middleware/bypass config after edits.

Security

• Config file API path handling: File read/write operations for config-related paths are rooted under the intended config directories, blocking .. traversal that could escape the config tree on GET and SET.
• Local API exposure: see above breaking changes.

New features

• Inbound mTLS (HTTPS): Define reusable inbound_mtls_profiles (system trust store, custom CA files, or both). Apply a profile on an entrypoint to require client certificates for all HTTPS on that listener, or on individual HTTP-based routes when no entrypoint-wide profile is set. Routing respects TLS SNI; HTTP 421 is returned when a secure request omits SNI or when Host and SNI imply different routes. The WebUI adds editing for profiles, entrypoints, and routes (Certificates & trust / inbound mTLS sections).
  https://docs.godoxy.dev/docs/godoxy/advanced-topics/Inbound-MTLS
• Middleware bypass overlay: Routes can promote route-local bypass rules so they layer onto entrypoint middleware, avoiding duplicate evaluation and keeping bypass behavior aligned with the route. Middleware accessors exposed to the rest of the stack return safe clones.
  https://docs.godoxy.dev/docs/godoxy/advanced-topics/middlewares#entrypoint-overlay-promotion

Improvements

• Automatic HTTPS (ACME) reliability under concurrency: Certificate obtain/renew and TLS handshake paths use clearer serialization and snapshotting of provider state, per-provider obtain locks, and independent HTTP client configuration per ACME provider so parallel providers do not corrupt shared client state. Expiry reporting uses cloned maps.
• Docker provider: nested proxy.* labels: Values that are YAML objects (including OIDC-style dotted keys) are deep-merged in the right order (broader paths before deeper ones). Conflicts between scalars and nested maps produce clearer errors.
• Access control (IP / Geo) decisions: Allow/deny evaluation uses a TTL-backed cache; very hot paths avoid repeated work. Documented behavior: after in-memory rule changes, cached allow/deny decisions can persist until the TTL expires (by design for performance).
• Reverse proxy response path: Response modifiers that change the status code now take effect after WriteHeader. Header-only rewrites no longer force large-body buffering for huge declared Content-Length responses. Flushing is limited so fixed-size buffered bodies are not flushed per chunk unless streaming (text/event-stream or chunked encoding without Content-Length). Buffer preallocation respects maxBufferedBytes when set (fixes #222).
• Request metadata in middleware: Documentation clarifies request-variable substitution (active outbound request fields and upstream variables from the current route).
• Serialization: LoadFileIfExist-style loading treats empty or whitespace-only files like missing files so blank files do not trip unmarshaling.
• WebUI: Theme updates (light/dark surfaces, shadows, semantic status colors), Apps grid and playground layout polish, frosted combobox popups, icon set migration to Lucide, config editor loads active config as text and keeps your draft when YAML validation fails, disk usage stat corrected, home events WebSocket updates are batched to reduce UI churn under bursts, generated API client moves from axios to fetch, and various form / schema fixes (labels, optional fields, select capitalization, inbound mTLS clear control).

Bug fixes

• Tests and edge cases: Host/scheme substitution behaves better when Host is unset (e.g. httptest). PROXY protocol relay example/config samples are cleaned up (including removal of misleading Vary: "*" in an example).
• WebUI: Relative time strings use singular units for single-second/minute/hour deltas; primitive select resolution returns stable empty strings for optional fields; FormContainer sections with a single child default to expanded so fields are not hidden.

Configuration changes

• New root/config fields: inbound_mtls_profiles, entrypoint inbound_mtls_profile, route inbound_mtls_profile (where supported); entrypoint relay_proxy_protocol_header remains available for TCP PROXY protocol relay (examples updated: follow current docs for your use case).
• Environment: .env.example GODOXY_LOCAL_API_ADDR, and GODOXY_LOCAL_API_ALLOW_NON_LOOPBACK, including risk guidance for non-loopback use.
• Examples Example configs drop relay_proxy_protocol_header where it was only illustrative and remove Vary: * from an example that should not encourage it.

API changes

• OpenAPI / generated types: Route types include inbound_mtls_profile and document relay_proxy_protocol_header where applicable; GET /cert/renew may return 400 in addition to 403 / 500 (documented in schema).

Upgrade notes

• Operators using GODOXY_LOCAL_API_ADDR on non-loopback: Move the bind to loopback and access remotely via SSH tunnel or an authenticated path; do not expect the previous wide bind to keep working.
• Docker Compose / labels: If you use YAML object values under proxy.*, confirm merged results after upgrade; ordering is shallow paths before deep paths.
• Middleware bypass overlays: After changing entrypoint middleware, watch logs for overlay compile failures and spot-check routes that rely on bypass promotion.
• Build from source / CI images: Toolchain moves to Go 1.26.2; rebuild images and local binaries with that version (or newer, per your policy).
• WebUI containers: Frontend images track Bun 1.3.12 in published Dockerfiles where applicable.

Full changelog

• GoDoxy (core):
  https://github.com/yusing/godoxy/compare/v0.27.5...v0.28.0
  Notable commits: inbound mTLS (31eea0a8 area superseded by follow-ups: see tag compare), middleware bypass (44298d19), local API + file API hardening (41d0d28c), Docker label merge (7b00a60f), autocert concurrency (c5b9bd38), Go 1.26.2 (1c091bbf).
• GoDoxy WebUI:
  https://github.com/yusing/godoxy-webui/compare/v0.27.5...v0.28.0
  Highlights: inbound mTLS UI (1428534a), config editor YAML preservation (5509b903), fetch API client (d301f5b4), home events batching (d2dab19a).

Contributors

Thank you @kodareef5 for reporting security issues.