v3.0.5

v3.0.5 Updates

This update mainly fixed the ovh DNS challenge field generator bug and header bug when using NextCloud in container.

As a side notes, if you really want to use domain names as proxy target and you have a private DNS server, use .local (mDNS style), .internal (docker style) or .home.arpa. (RFC 8375) as your domain name TLD for internal service. This can help Zoraxy to understand and automatically rewrite headers for internal networking instead of external one and prevent HTTP_HOST rewrite errors.

Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some features are missing from this build due to library & compiler limitations. This version is purely here to support legacy device and might be dropped anytime soon. Please consider to upgrade your server to a new version of Windows.

Change Log

• Optimized uptime monitor error message #121
• Optimized detection logic for internal proxy target and header rewrite condition for HTTP_HOST #164
• Fixed ovh DNS challenge provider form generator bug #161
• Added permission policy module (not enabled)
• Added single-use cookiejar to uptime monitor request client to handle cookie issues on some poorly written back-end server #149

v3.0.4

V3.0.4 Updates

This release tidied up the contribution by @Teifun2 and added a new way to generate DNS challenge based certificate (e.g. wildcards) from Let's Encrypt without changing any environment variables. This also fixes a few previous ACME module EAB settings bug related to concurrent save.

You can find the DNS challenge settings under TLS / SSL > ACME snippet > Generate New Certificate > (Check the "Use a DNS Challenge" checkbox)

• Optimized DNS challenge implementation
• Removed dependencies on environment variable write and keep all data contained
• Fixed panic on loading certificate generated by Zoraxy v2
• Added automatic form generator for DNS challenge / providers
• Added CA name default value
• Added code generator for acmedns module (storing the DNS challenge provider contents extracted from lego)
• Fixed ACME snippet "Obtain Certificate" concurrent issues in save EAB and DNS credentials

Remarks: If you are using Windows 7, you can use the NT6-1 release. However, some DNS challenge provider like cpanel and mailinabox are missing from this build due to library & compiler limitations.

Thanks for all the contributors and developers involved testing out the DNS challenge feature 🎉🎉🎉

Update v3.0.3

Update v3.0.2

This update primarily contains bug fixes for many of the issues introduced due to the new implementation of the access filter rule system.

Breaking Change

For users using SMTP with older versions, you might need to update the settings by moving the domains (the part after @ in the username and domain setup field) into the username field.

Change Log

• Updated SMTP UI for non email login username
• Fixed ACME cert store reload after cert request
• Fixed default rule not applying to default site when default site is set to proxy target
• Fixed blacklist-ip not working with CIDR bug
• Fixed minor vdir bug in tailing slash detection and redirect logic
• Added custom mdns name support (-mdnsname flag)
• Added LAN tag in statistic

Update v3.0.2

Update v3.0.2

This updates added the new alias hostname function as well as rewritten the access rule set to support per Proxy Hostname access filter architecture.

To use the alias hostname during creating a new Proxy Rule, use comma to separate the different hostname. Wildcards are also supported in the alias hostname. Here is an example.
main.example.com,*.main.example.com,alias.example.com

You can also find the alias hostname editor in the HTTP Proxy list (Edit mode)

Windows 7 support was restored due to my test bench is still running Windows 7 and I am too busy to upgrade it. If you are still using a Windows 7 machine, you can use the zoraxy_windows_amd64_NT6_1.exe executable. Note that Windows 7 support might be discontinued anytime and as it is build with older version of Go compiler, it might also come with some minor security issues.

Change Log

• Added alias for HTTP proxy host names #76
• Added separator support for create new proxy rules (use "," to add alias when creating new proxy rule)
• Added HTTP proxy host based access rules #69
• Added EAD Configuration for ACME (by @yeungalan) #45
• Fixed bug for bypassGlobalTLS endpoint do not support basic-auth
• Fixed panic due to empty domain field in json config #120
• Removed dependencies on management panel css for online font files

Update v3.0.1

Update v3.0.1

This update fixed a few minor bugs from the v3 big updates.

Change Log

• Added regex support for redirect (slow, don't use it unless you really needs it) #42
• Added new dpcore implementations for faster proxy speed
• Added support for CF-Connecting-IP to X-Real-IP auto rewrite #114
• Added enable / disable of HTTP proxy rules in runtime #108
• Added better 404 page
• Added option to bypass websocket origin check #107
• Updated project homepage design
• Fixed recursive port detection logic
• Fixed UserAgent in resp bug
• Updated minimum required Go version to v1.22 (Notes: Windows 7 support is dropped) #112

Update v3.0.0

Updates v3.0.0

This is a big rewrite of the original Zoraxy v2 proxy core for covering more real-life use cases based on feedback from issues.

IMPORTANT NOTES
Zoraxy v3 host rules are not compatible with v2, which the "Backup & Restore" feature is also not compatible. Please start a new installation from scratch if you are currently using Zoraxy v2.

• Restructure the proxy core logic
  • Added virtual directory into host routing object (each host now got its own sets of virtual directories)
  • Added support for wildcard host names (e.g. *.example.com)
  • Added best-fit selection for wildcard matching rules (e.g. *.a.example.com > *.example.com in routing)
  • Generalized root and hosts routing struct (no more conversion between runtime & save record object
  • Added "Default Site" to replace "Proxy Root" interface
  • Added Redirect & 404 page for "Default Site"
• Optimized UI and UX
  • Optimized & Separated Virtual Directory edit menu
  • Added more less depressing colors
  • Added comments for whitelist
• TLS / SSL
  • Added automatic cert pick for multi-host certs (it is called SNI btw)
  • Added "one click force renew" button
  • Renamed .crt to .pem for cert store
• Headers
  • Added x-proxy-by header to help with debugging
  • Added X-real-Ip header
  • Added Development Mode Toggle (Cache-Control: no-store)
  • Added custom header
• Others
  • Updated up time monitor timeout to 10 seconds instead of 90
  • Added "Add controller as member" feature to Global Area Network editor
  • Deprecated aroz subservice support

More Screenshots

Update v2.6.8

Updates 2.6.8

This version fixes bug in 2.6.7 and added "Allow plain HTTP access" options for force TLS per domain

• Added opt-out for subdomains for global TLS settings for
• Optimized subdomain / vdir editing interface
• Added system wide logger (wip)
• Fixed issue for uptime monitor bug
• Changed default static web port to 5487 so it is even more unlikely to be used by other processes
• Added automatic HTTP/2 to TLS mode

Notes on opt-out TLS per domain

The function is named "allow plain HTTP access" which is hidden under the advance setting tab. in "Create proxy rule" or the proxy rule inline edit interface. Once this option is enable, the subdomain defined in the rule can be accessed via plain HTTP and HTTPS.

This function is only usable with the following options enabled

• TLS enabled on non port 80
• Port 80 Listener is enabled
• Only works for sub-domains (vdir do not support opt-out feature)

Updates 2.6.7

Updates 2.6.7

This version fixes bug in 2.6.6 and added the static web server features

• Fixed multidomain missing logic (by @daluntw )
• Added Static Web Server function
• Web Directory Manager
• Added static web server and black / whitelist template
• Added default / preferred Ca features
• Added Service Expose Proxy dummy page
• Optimized TLS/SSL page and added dedicated section for ACME related features

Working with Templates

To add templates to black / whitelist, create a html file under the blacklist / whitelist folder. By default, the templates should be placed at the following paths.

./www/templates/blacklist.html
./www/templates/whitelist.html

If the template is not found, the build in one will be used.

Static Web Server Notes

Web directory can only be changed via startup parameter -webroot due to security reasons. You can manage your web directory and perform some basic file operations like rename, upload, download, copy / cut and delete via the web directory manager which is basically a trim down version of the ArozOS File Manager.

If you do not want to expose your web directory to the web interface due to security concerns, use -webfm=false in your startup parameter to disable the feature. This will disable all api related to the file manager in the back-end server.

Updates 2.6.6

Updates 2.6.6

This version fixes some bugs in 2.6.5 and added a few minor new features.

• Added basic auth editor custom exception rules
• Fixed redirection bug under another reverse proxy and Apache location headers
• Optimized memory usage (from 1.2GB to 61MB for low speed geoip lookup mode or 650MB for high speed mode, see technical notes below)
• Added unset subdomain custom redirection feature
• Fixed potential security issue in satori/go.uuid

By @daluntw

• Added custom acme feature in back-end
• Added bypass TLS check for custom acme server

Notes regarding low / high speed GeoIP lookup mode

Zoraxy will try to resolve and store the visitors country of origin in its statistic collector. As requested by users regarding the memory usage issue, we added a low speed mode for GeoIP lookup logic to reduce memory usage by space time tradeoff. The low speed mode (default mode) of GeoIP lookup will slow down each request by around 6ms, which is not significant in homelab / self hosting environment. However, if you plan to use Zoraxy in production environment, you can enable to high speed mode by using -fastgeoip=true. We also optimized the high speed mode data structure so it now use around 600 - 700MB of RAM instead of 1.2GB. If your server have that capacity to run in high speed mode, we generally recommend using high speed mode for better user experience.

Updates 7 Sept 2023

A quick patch has been applied to the binary and fixed a minor UI bug that causes the backend to generate stating certificates (See issue #61 ). If you are using old version of v2.6.6, it is recommend that you download the new binary and overwrite the old one.

Updates 2.6.5

Updates v2.6.5

This is a beta testing build for Zoraxy and already been using in my homelab environment. You can try to deploy this to your production environment at your own risk.

IMPORTANT NOTES BEFORE UPDATE
The config files are moved to the following folders in this update. You can backup the old folders and restore them in the location below if you are too lazy to set it up again.

conf/*.conf -> conf/proxy/*.conf
certs/ -> conf/certs/
rules/redirect/ -> conf/redirect/
authtoken.secret -> conf/authtoken.secret
rules/acme_conf.json -> conf/acme_conf.json

Update 25 Aug 2023
For those who are using docker, here is a message from @PassiveLemon

Breaking Changes:
File structure change requires you to update the volume mount for the configurations. It should be changed to `/opt/zoraxy/config/`
The management port is no longer changeable. This is to allow for a healthcheck.

Changes:
Healthcheck was added. See breaking changes above.
Notifier was removed.
VERSION variable is no longer configurable.

• Added Import / Export-Feature
• Moved configurationfiles to a separate folder #26
• Added auto-renew with ACME #6
• Fixed Whitelistbug #18
• Added Whois

The runtime memory usage of this build should be around 1.2GB which is normal and not memory leak. We are still trying to figure out a way to reduce runtime RAM usage while keeping the web interface embedded. Ideas and PR are always welcomed!