{"id":50760625,"url":"https://github.com/friddle/proxy-by-host","last_synced_at":"2026-06-11T09:31:49.789Z","repository":{"id":356742995,"uuid":"1129123187","full_name":"friddle/proxy-by-host","owner":"friddle","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-09T13:48:04.000Z","size":53,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-09T15:40:28.131Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/friddle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-06T16:30:14.000Z","updated_at":"2026-05-09T13:48:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/friddle/proxy-by-host","commit_stats":null,"previous_names":["friddle/proxy-by-host"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/friddle/proxy-by-host","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/friddle%2Fproxy-by-host","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/friddle%2Fproxy-by-host/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/friddle%2Fproxy-by-host/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/friddle%2Fproxy-by-host/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/friddle","download_url":"https://codeload.github.com/friddle/proxy-by-host/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/friddle%2Fproxy-by-host/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34192870,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-11T09:31:49.674Z","updated_at":"2026-06-11T09:31:49.782Z","avatar_url":"https://github.com/friddle.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HttpProxyByHost\n\nA lightweight, secure forward proxy designed for distributed teams to access restricted upstream resources (e.g., via a VPN or upstream proxy) simply by modifying local DNS/Hosts configurations.\n\n## Overview\n\nThis tool acts as a \"Reverse-like\" Forward Proxy. It listens on standard HTTP/HTTPS ports (80/443) and forwards traffic to the destination specified in the `Host` header. \n\n**Core Use Case:** \nDeploy this tool on a server that has access to restricted content (e.g., a server with a VPN connection or in a specific region). Users can then point specific domains (e.g., `google.com`) to this server's IP in their local `/etc/hosts`. The server will proxy the request to the actual destination, optionally tunneling through another upstream proxy (HTTP/SOCKS).\n\n**Key Features:**\n*   **Zero-Config Client:** No need to install VPN clients or configure proxy settings on user machines. Just update DNS/Hosts.\n*   **Upstream Proxy Support:** Can chain to another proxy (HTTP/SOCKS5).\n*   **Automatic SSL:** Can generate self-signed certificates on the fly (for testing or internal use).\n*   **HTTPS Support:** Listens on port 443 and handles TLS termination (note: see SSL Limitations).\n\n## Quick Start\n\n### 1. Installation\n\nDownload the binary from the [Releases](https://github.com/friddle/http-proxy-by-host/releases) page or build it yourself:\n\n```bash\ngo build -o http-proxy-by-host\n```\n\n### 2. Usage\n\n**Basic Usage (Direct Connection):**\nListens on ports 80 and 443.\n\n```bash\nsudo ./http-proxy-by-host --ssl=generate\n```\n\n**With Upstream Proxy:**\nForward all traffic through a local SOCKS5 or HTTP proxy (e.g., a VPN client running on port 7897).\n\n```bash\nsudo ./http-proxy-by-host --ssl=generate --proxy=http://127.0.0.1:7897\n```\n\n**Custom Ports \u0026 Certificates:**\n\n```bash\nsudo ./http-proxy-by-host \\\n  --http-port=8080 \\\n  --https-port=8443 \\\n  --ssl=on \\\n  --ssl-crt=/path/to/cert.crt \\\n  --ssl-key=/path/to/key.key\n```\n\n**Dynamic Backend Routing via HTTP Header:**\n\nThe `--enable-proxy-address` flag (default: enabled) allows routing requests to different backends based on the `REAL_PROXY_ADDRESS` header:\n\n```bash\n# Start proxy with dynamic routing enabled (default)\nsudo ./http-proxy-by-host --ssl=generate\n\n# Or disable it\nsudo ./http-proxy-by-host --ssl=generate --enable-proxy-address=false\n```\n\nClient sends request with `REAL_PROXY_ADDRESS` header:\n```bash\ncurl -H \"REAL_PROXY_ADDRESS: https://192.168.1.50:8080\" http://proxy-server/api/test\n# The request will be forwarded to 192.168.1.50:8080 while preserving the original Host header\n```\n\nThis is useful for:\n- Single service endpoint routing to different backend machines\n- A/B testing by routing to different servers\n- Blue-green deployments\n- Multi-region failover testing\n\n### 3. Client Configuration (The \"DNS Spoofing\" Method)\n\nOn your local machine (Client), edit your hosts file (`/etc/hosts` on macOS/Linux, `C:\\Windows\\System32\\drivers\\etc\\hosts` on Windows):\n\n```text\n# Point google.com to your proxy server IP\n192.168.1.100 www.google.com\n192.168.1.100 google.com\n```\n\nNow, when you visit `http://www.google.com` or `https://www.google.com`, the request goes to `192.168.1.100`. The proxy reads `Host: www.google.com` and forwards the request to the real Google servers (potentially via the upstream proxy).\n\n## CLI Arguments\n\n| Flag | Default | Description |\n|------|---------|-------------|\n| `--ssl` | `none` | SSL Mode: `generate` (auto-create certs), `on` (use provided files), `none`. |\n| `--ssl-crt` | - | Path to SSL certificate file (required if `--ssl=on`). |\n| `--ssl-key` | - | Path to SSL key file (required if `--ssl=on`). |\n| `--proxy` | - | Upstream proxy URL (e.g., `http://127.0.0.1:7897` or `socks5://...`). |\n| `--fixed-upstream` | - | Force all traffic to this upstream address (e.g., `https://192.168.1.100`), preserving the original `Host` header. Useful for testing staging servers or specific IPs. |\n| `--enable-proxy-address` | `true` | Enable reading `REAL_PROXY_ADDRESS` header to dynamically set upstream address. Takes precedence over `--fixed-upstream`. Allows routing different requests to different backends via HTTP header. |\n| `--http-port`| `80` | Port to listen for HTTP traffic. |\n| `--https-port`| `443` | Port to listen for HTTPS traffic. |\n\n## SSL/HTTPS Limitations\n\nWhen using the `--ssl=generate` mode, the server generates a self-signed certificate for `*.reserver.proxy`. \n\nIf you point a real domain (e.g., `google.com`) to this proxy via DNS:\n1.  **Browser Warning:** Your browser will show a \"Not Secure\" or \"Your connection is not private\" warning because the certificate provided by the proxy (`*.reserver.proxy`) does not match the domain (`google.com`).\n2.  **Acceptance:** You must manually proceed (e.g., click \"Advanced\" -\u003e \"Proceed to ...\") to access the site.\n3.  **HSTS:** Sites with strict HSTS (like Google) might block this entirely.\n\n**Solution:** For production use with specific domains, generate valid certificates (e.g., via Let's Encrypt) for the domains you intend to spoof and run the proxy with `--ssl=on --ssl-crt=...`.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffriddle%2Fproxy-by-host","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffriddle%2Fproxy-by-host","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffriddle%2Fproxy-by-host/lists"}