{"id":17279997,"url":"https://github.com/aaqaishtyaq/roxxy","last_synced_at":"2026-04-27T22:31:26.972Z","repository":{"id":36974557,"uuid":"395581111","full_name":"aaqaishtyaq/roxxy","owner":"aaqaishtyaq","description":"📡 A Redis backed distributed http/websockets proxy","archived":false,"fork":false,"pushed_at":"2023-03-06T04:07:44.000Z","size":171,"stargazers_count":1,"open_issues_count":6,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-06T09:28:19.168Z","etag":null,"topics":["dynamic-routing","hacktoberfest","hacktoberfest-accepted","hacktoberfest2022","proxy","redis","reverse-proxy","roxxy-proxxy","websocket"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aaqaishtyaq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-13T08:49:14.000Z","updated_at":"2022-12-14T23:48:15.000Z","dependencies_parsed_at":"2024-06-21T02:06:10.095Z","dependency_job_id":"e0cc6500-c86d-465f-b757-85d7e8e091d8","html_url":"https://github.com/aaqaishtyaq/roxxy","commit_stats":{"total_commits":22,"total_committers":3,"mean_commits":7.333333333333333,"dds":0.2272727272727273,"last_synced_commit":"03fb842fa626e41b11c655d01ab207c182c34287"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/aaqaishtyaq/roxxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaqaishtyaq%2Froxxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaqaishtyaq%2Froxxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaqaishtyaq%2Froxxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaqaishtyaq%2Froxxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aaqaishtyaq","download_url":"https://codeload.github.com/aaqaishtyaq/roxxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaqaishtyaq%2Froxxy/sbom","scorecard":{"id":158993,"data":{"date":"2025-08-11","repo":{"name":"github.com/aaqaishtyaq/roxxy","commit":"03fb842fa626e41b11c655d01ab207c182c34287"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:9","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aaqaishtyaq/roxxy/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:37","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.2.0 not signed: https://api.github.com/repos/aaqaishtyaq/roxxy/releases/76312305","Warn: release artifact v0.2.0 does not have provenance: https://api.github.com/repos/aaqaishtyaq/roxxy/releases/76312305"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T12:48:14.575Z","repository_id":36974557,"created_at":"2025-08-16T12:48:14.575Z","updated_at":"2025-08-16T12:48:14.575Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32358509,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"ssl_error","status_checked_at":"2026-04-27T20:07:00.910Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dynamic-routing","hacktoberfest","hacktoberfest-accepted","hacktoberfest2022","proxy","redis","reverse-proxy","roxxy-proxxy","websocket"],"created_at":"2024-10-15T09:19:12.247Z","updated_at":"2026-04-27T22:31:26.955Z","avatar_url":"https://github.com/aaqaishtyaq.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Roxxy: A distributed HTTP and websockets reverse proxy\n\nRoxxy is a distributed HTTP/websockets reverse proxy backed by Redis inspired by [planb](https://github.com/tsuru/planb) and [hipache](https://travis-ci.org/tsuru/planb)\n\n## Features\n\n- [x] Load-Balancing\n\n- [x] Dead Backend Detection\n\n- [x] Dynamic Configuration\n\n- [x] WebSocket\n\n- [x] TLS\n\n## Install\n\nThe easiest way to install `Roxxy Proxy` is to pull the build from the `Github Container Registry` and launch it in the container:\n\n```console\n# run Redis\n\ndocker run -d -p 6379:6379 redis\n\n# run Roxxy\ndocker run -d --net=host ghcr.io/aaqaishtyaq/roxxy --listen \":80\"\n```\n\n## VHOST Configuration\n\nThe configuration is managed by **Redis** that makes possible\nto update the configuration dynamically and gracefully while\nthe server is running, and have that state shared across workers\nand even across instances.\n\nLet's take an example to proxify requests to 2 backends for the hostname\n`www.aaqa.dev`. The 2 backends IP are `10.10.0.2` and `10.10.0.3` and\nthey serve the HTTP traffic on the port `80`.\n\n`redis-cli` is the standard client tool to talk to Redis from the terminal.\n\nFollow these steps:\n\n### Create the frontend\n\n```console\n$ redis-cli rpush frontend:www.aaqa.dev mywebsite\n(integer) 1\n```\n\nThe frontend identifer is `mywebsite`, it could be anything.\n\n### Add the 2 backends\n\n```console\n$ redis-cli rpush frontend:www.aaqa.dev http://10.10.0.2:80\n(integer) 2\n$ redis-cli rpush frontend:www.aaqa.dev http://10.10.0.3:80\n(integer) 3\n```\n\n### Review the configuration\n\n```console\n$ redis-cli lrange frontend:www.aaqa.dev 0 -1\n1) \"mywebsite\"\n2) \"http://10.10.0.2:80\"\n3) \"http://10.10.0.3:80\"\n```\n\n### TLS Configuration using redis (optional)\n\n```console\nredis-cli -x hmset tls:www.aaqa.dev certificate \u003c server.crt\nredis-cli -x hmset tls:www.aaqa.dev key \u003c server.key\n\nredis-cli -x hmset tls:*.tsuru.com certificate \u003c wildcard.crt\nredis-cli -x hmset tls:*.tsuru.io key \u003c wildcard.key\n```\n\n### TLS Configuration using FS (optional)\n\ncreate directory following this structure\n\n```console\ncd certficates\nls\n*.domain-wildcard.com.key\n*.domain-wildcard.com.crt\nabsolute-domain.key\nabsolute-domain.crt\n```\n\nWhile the server is running, any of these steps can be\nre-run without messing up with the traffic.\n\n\n## Start-up flags\n\nThe following flags are available for configuring Roxxy on start-up:\n\n| **Flag**  | **Description**  |\n|--- |--- |\n| `--listen value, -l value`  | Address to listen.\u003cbr\u003e\u003cbr\u003e(default: \"0.0.0.0:8989\")  |\n| `-tls-listen value`  | Address to listen with tls.  |\n| `--tls-preset value`  | Preset containing supported TLS versions and cyphers, according \u003cbr\u003eto \u003chttps://wiki.mozilla.org/Security/Server_Side_TLS\u003e. Possible  |\n| `--metrics-address value`  | Address to expose Prometheus.\u003cbr\u003e\u003cbr\u003e(default: \"/metrics\")  |\n| `--load-certificates-from value`  | Path where certificate will found. If value equals 'redis'\u003cbr\u003ecertificate will be loaded from redis service. \u003cbr\u003e\u003cbr\u003e(default: \"redis\")  |\n| `--read-redis-network value`  | Redis address network, possible values are \"tcp\" for TCP\u003cbr\u003econnection and \"unix\" for connecting using unix sockets.\u003cbr\u003e\u003cbr\u003e(default: \"tcp\")  |\n| `--read-redis-host value`  | Redis host address for tcp connections or socket path \u003cbr\u003efor UNIX sockets. \u003cbr\u003e\u003cbr\u003e(default: \"127.0.0.1\")  |\n| `--read-redis-port value`  | Redis port\u003cbr\u003e\u003cbr\u003e(default: 6379)  |\n| `--read-redis-sentinel-addrs value`  | Comma separated list of redis sentinel addresses.  |\n| `--read-redis-sentinel-name value`  | Redis sentinel name  |\n| `--read-redis-password value`  | Redis password  |\n| `--read-redis-db value`  | Redis database number \u003cbr\u003e\u003cbr\u003e(default: 0)  |\n| `--write-redis-network value`  | Redis address network, possible values are \"tcp\" for TCP\u003cbr\u003econnection and \"unix\" for connecting using unix sockets\u003cbr\u003e\u003cbr\u003e(default: \"tcp\")  |\n| `--write-redis-host value`  | Redis host address for tcp connections or socket path \u003cbr\u003efor UNIX sockets \u003cbr\u003e\u003cbr\u003e(default: \"127.0.0.1\")  |\n| `--write-redis-port value`  | Redis port \u003cbr\u003e\u003cbr\u003e(default: 6379)  |\n| `--write-redis-sentinel-addrs value`  | Comma separated list of redis sentinel addresses  |\n| `--write-redis-sentinel-name value`  | Redis sentinel name  |\n| `--write-redis-password value`  | Redis password  |\n| `--write-redis-db value`  | Redis database number (default: 0)  |\n| `--access-log value`  | File path where access log will be written. If value \u003cbr\u003eequals 'syslog' log will be sent to local syslog. \u003cbr\u003eThe value 'none' can be used to disable access logs. \u003cbr\u003e\u003cbr\u003e(default: \"./access.log\")  |\n| `--request-timeout value`  | Total backend request timeout in seconds \u003cbr\u003e\u003cbr\u003e(default: 30)  |\n| `--dial-timeout value`  | Dial backend request timeout in seconds \u003cbr\u003e\u003cbr\u003e(default: 10)  |\n| `--client-read-timeout value`  | Maximum duration for reading the entire request, \u003cbr\u003eincluding the body \u003cbr\u003e\u003cbr\u003e(default: 0s)  |\n| `--client-read-header-timeout value`  | Amount of time allowed to read request headers \u003cbr\u003e\u003cbr\u003e(default: 0s)  |\n| `--client-write-timeout value`  | Maximum duration before timing out writes of the response\u003cbr\u003e\u003cbr\u003e(default: 0s)  |\n| `--client-idle-timeout value`  | Maximum amount of time to wait for the next request \u003cbr\u003ewhen keep-alives are enabled.\u003cbr\u003e\u003cbr\u003e(default: 0s)  |\n| `--dead-backend-time value`  | Time in seconds a backend will remain disabled after a \u003cbr\u003enetwork failure. \u003cbr\u003e\u003cbr\u003e(default: 30)  |\n| `--flush-interval value`  | Time in milliseconds to flush the proxied request \u003cbr\u003e\u003cbr\u003e(default: 10)  |\n| `--request-id-header value`  | Header to enable message tracking  |\n| `--active-healthcheck`  | Enable active healthcheck on dead backends once \u003cbr\u003ethey are marked as dead. Enabling this flag will\u003cbr\u003eresult in dead backends only being enabled again \u003cbr\u003eonce the active healthcheck routine is able to \u003cbr\u003ereach them.  |\n| `--backend-cache`  | Enable caching backend results for 2 seconds. \u003cbr\u003eThis may cause temporary inconsistencies.  |\n| `--help, -h`  | show help  |\n| `--version, -v`  | print the version  |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faaqaishtyaq%2Froxxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faaqaishtyaq%2Froxxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faaqaishtyaq%2Froxxy/lists"}