Skip to content

Groxy

Reverse Proxies & Load Balancers

A small Go library for building customizable forward proxy servers with hooks, middleware, and optional HTTPS interception

Track releases GitHub
Go Latest v0.5.2 · 17d ago Security brief →

Features

  • HTTP request forwarding
  • HTTPS CONNECT tunneling support
  • Optional TLS interception/MITM for selected hosts
  • Extensible middleware hooks for requests, responses, and CONNECT tunnels
  • Built‑in request/response blocking and header/body transformation

Recent releases

View all 6 releases →
No immediate action
v0.5.2 New feature

HTTPS inspection benchmarks

Open
No immediate action
v0.5.1 Feature

Custom block docs + examples

Open
No immediate action
v0.4.0 New feature

AccessLog middleware

Open
v0.3.1 Maintenance
Notable features
  • Quickstart section: "Try it in 60 seconds"
  • Forward proxy guide added (docs/building-forward-proxy.md)
  • CA trust instructions for HTTPS inspection
Full changelog

What's changed

This patch release improves Groxy's documentation and contributor experience.

Added

  • Quickstart section: "Try it in 60 seconds"
  • Forward proxy guide: docs/building-forward-proxy.md
  • CA trust instructions for HTTPS inspection
  • Open source project hygiene files:
    • CONTRIBUTING.md
    • SECURITY.md
    • CHANGELOG.md
    • ROADMAP.md
    • issue and PR templates

Notes

No runtime behavior changes are included in this release.

Install

go get github.com/SalzDevs/[email protected]

Docs

https://pkg.go.dev/github.com/SalzDevs/groxy

View release on GitHub
v0.3.0 New feature
⚠ Upgrade required
  • HTTPS inspection is opt‑in; by default Groxy tunnels HTTPS traffic normally using CONNECT
  • Users must install and trust the generated Groxy CA certificate for inspected traffic
  • Current implementation targets HTTP/1.1 over TLS only
Notable features
  • Added `HTTPSInspectionConfig` and `Config.HTTPSInspection` for opt‑in TLS interception
  • Local CA generation/loading (`NewCA`, `LoadCAFiles`, `CA.WriteFiles`) and per‑host certificate handling
  • Extended HTTPS middleware to support request/response hooks, blocking, and body transforms
Full changelog

Highlights

Groxy v0.3.0 adds opt-in HTTPS inspection using local TLS interception.

This means existing middleware can now run on selected HTTPS traffic when inspection is explicitly enabled.

What's new

  • Added HTTPSInspectionConfig
  • Added Config.HTTPSInspection
  • Added local CA generation/loading:
    • NewCA
    • LoadCAFiles
    • CA.WriteFiles
  • Added host matching helpers:
    • MatchHosts
    • MatchAllHosts
  • Added per-host certificate generation and renewal
  • Added HTTPS middleware support for:
    • request hooks
    • response hooks
    • blocking
    • body transforms
  • Added HTTPS inspection example
  • Updated README/docs

Important security note

HTTPS inspection requires users to install and trust the generated Groxy CA certificate.

Only inspect traffic you own or are authorized to inspect.

By default, Groxy still tunnels HTTPS traffic normally using CONNECT. HTTPS inspection is explicit opt-in.

Limitations

  • HTTPS inspection currently targets HTTP/1.1 over TLS.
  • Users must manually trust the local CA.
  • Generated per-host certificates are memory-only and renewed before expiry.

Install

go get github.com/SalzDevs/[email protected]
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
15
Forks
2
Language
Go
View on GitHub

Install & Platforms

Install via
go

Similar tools

Grizzlars
repomix
Hollow

Beta — feedback welcome: [email protected]