30 open-source projects similar to fideloper/trustedproxy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best TrustedProxy alternative.
The agent-governance-toolkit is a framework for enforcing security policies, managing zero-trust identities, and sandboxing the execution of autonomous AI agents. It provides a governance layer designed to control the behavior of agents through the use of a security policy engine, cryptographic identity management, and a runtime execution sandbox. The project distinguishes itself through a multi-tier privilege ring system and a cryptographic identity mesh that secures communication between autonomous entities. It implements a decay-based trust scoring mechanism to track entity reliability and
all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
This project provides a containerized DevOps platform by packaging a complete GitLab installation into Docker images. It enables the deployment of a self-hosted environment that integrates Git version control, project management, and continuous integration and delivery pipelines on private infrastructure. The implementation supports deployment via Docker Compose or orchestration through Docker Swarm, allowing for scalable stacks with integrated container registries. It utilizes environment variables for configuration and supports the offloading of artifacts and backups to remote object storag
Resty is a high-level HTTP client library for Go designed for consuming REST services. It provides a streamlined interface for executing network requests, managing server-sent event streams, and automatically mapping JSON and XML responses into data structures. The library includes built-in mechanisms for service resilience and traffic management, such as circuit breakers to prevent cascading failures, token-bucket rate limiting, and automated request retries with exponential backoff. It also features client-side load balancing to distribute outgoing traffic across multiple base URLs and requ
This project is a comprehensive collection of software design patterns implemented in Python. It serves as a reference for architectural, behavioral, creational, and structural patterns to guide the organization of Python applications. The collection covers behavioral strategies for managing object communication and state, creational techniques for controlling object instantiation, and structural methods for composing classes and objects into flexible hierarchies. It also includes architectural references for system-wide structuring, such as multi-tier architectures and blackboard models. Th
Laravel Zero is a micro-framework and boilerplate designed for building standalone command-line applications using PHP. It provides a structural foundation for developing terminal tools, including a console framework and a command line interface kit. The project distinguishes itself through its distribution and automation capabilities, featuring a binary packager that compiles projects into self-contained executable binaries or archives. It also includes a built-in self-updating mechanism to download the latest versions of an application from a remote repository. The framework covers a broad
This project is a comprehensive educational resource and curriculum focused on site reliability engineering, distributed systems, and infrastructure operations. It provides technical guides, a systems engineering course, and instructional manuals designed to teach the principles of managing large-scale computing environments. The curriculum covers high-level architectural design for scalability and resilience, including fault-tolerant infrastructure, high-availability patterns, and microservices decomposition. It emphasizes the practical application of site reliability engineering through the
This is a module management framework for Laravel applications designed to organize monolithic codebases into independent, modular components. It implements a modular application architecture that separates business logic into self-contained units, each with its own dedicated directories for controllers, models, and views. The project serves as a tool for Domain Driven Design, allowing developers to group related functionality into bounded contexts. This approach supports the migration of monolithic applications into smaller, manageable modules to improve long-term maintainability and scalabi
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a L
Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for throttling HTTP requests and maintaining IP address blocklists to protect applications from malicious traffic and denial-of-service attacks. The project enables application layer DDoS mitigation and API rate limit management by identifying and rejecting requests from banned clients or abusive IP addresses. It allows for the definition of safelists to bypass filters and uses custom logic to determine if a client should be blocked or throttled. The tool covers comprehensive traffic mana
This project is a Node.js process manager, runtime environment, and production deployment orchestrator. It provides the foundational system components required to run, monitor, and restart applications in the background to ensure continuous service availability. The system distinguishes itself through a built-in load balancer that distributes network traffic across multiple process instances to utilize all available CPU cores. It includes a real-time process monitor with a terminal-based dashboard for tracking server health, CPU and memory usage, and aggregated logs. The tool covers a broad
jsproxy is a web traffic proxy designed to route requests through a ServiceWorker to bypass network restrictions while minimizing server-side processing overhead. It focuses on browser API virtualization, rewriting URL-related functions and properties so that proxied pages behave as if they are running on their original domains. The project utilizes a decoupled architecture that separates the static user interface from the data forwarding backend, allowing for deployment across multiple providers. It includes weight-based load balancing to distribute traffic across multiple proxy nodes and im
This project is a Kubernetes ingress controller that manages external traffic by dynamically configuring the HAProxy load balancer. It functions as a bridge between cluster resources and the network data plane, translating high-level ingress definitions into active proxy configurations to route HTTP, TCP, and UDP traffic into containerized environments. The controller distinguishes itself through a decoupled architecture that separates control plane logic from the proxy process, allowing for independent lifecycle management and versioning. It utilizes template-based configuration generation a
This project is an automated reverse proxy and load balancer designed for containerized environments. It functions by monitoring container lifecycle events through the container runtime API, allowing it to dynamically generate and update web server configurations in real time as services start, stop, or change their network status. The system distinguishes itself through its ability to orchestrate proxy processes without dropping active connections, ensuring continuous availability during configuration updates. It utilizes a template-based engine to map container metadata to routing logic, en
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
AnyProxy is an HTTP/HTTPS proxy framework built on Node.js that intercepts and modifies traffic through a plugin system. It functions as a configurable proxy server where user-defined plugins inspect or alter requests and responses as they pass through the proxy. The framework distinguishes itself through a middleware stack that processes requests sequentially, enabling modular traffic transformation and logging. It handles HTTPS interception by dynamically generating and installing root certificates for transparent decryption, and routes traffic based on configurable rules matching request p
freegeoip is a self-hosted geolocation service and API server that maps IP addresses and hostnames to geographic locations. It functions as a MaxMind database reader, parsing binary geolocation databases to provide location data through a REST interface. The project distinguishes itself by providing a private alternative to cloud geolocation providers, managing local database files and automating periodic updates. It includes a reverse proxy IP resolver to extract original client addresses from proxy headers, ensuring accurate mapping behind load balancers. The service incorporates a quota m
BFE is a Layer 7 HTTP and HTTPS traffic distributor that routes requests based on content inspection and configurable policies, managed through a RESTful API. It operates as a reverse proxy, distributing incoming traffic across backend servers according to user-defined rules. The project distinguishes itself through a domain-specific language for content-aware routing, allowing traffic to be directed by inspecting request headers, paths, and payloads. It supports multiple configurable load balancing policies and includes a plugin-based extension system for adding custom modules and middleware
Keepalived is a high availability manager and virtual IP failover tool that ensures continuous service availability. It coordinates the migration of floating IP addresses between master and backup nodes using the Virtual Router Redundancy Protocol to manage router redundancy and seamless failover. The project distinguishes itself by integrating with the Linux kernel IPVS module to function as a transport-layer load balancer. It distributes network traffic across backend servers using various scheduling algorithms and forwarding methods such as NAT, direct routing, or tunneling. The system in
This repository is a collection of implementation patterns, tutorial code, and practical examples for building web applications with the Gin framework in Go. It serves as a guide for learning how to structure Go web servers, specifically focusing on mapping URL paths to handler functions and managing request flow. The project provides demonstrations of middleware implementation for tasks such as authentication, logging, and rate limiting. It also includes reference examples for developing REST APIs, with a focus on structuring data and sending JSON responses to clients.
Seesaw is a traffic distribution platform based on Linux Virtual Server technology. It functions as a load balancer for managing high-availability network clusters, utilizing a BGP anycast routing controller to advertise and withdraw virtual IP addresses to direct traffic to the nearest available node. The system includes a direct server return orchestrator that allows backend servers to send outbound traffic directly to clients. It also provides a cluster management command line interface for controlling reload configurations and triggering failovers between nodes. The platform covers backe
express-jwt is a middleware for Express applications that validates JSON Web Tokens to secure routes and authenticate requests. It functions as a security guard that verifies token signatures and expiration dates before allowing access to backend endpoints. The project provides a request credential extractor to retrieve tokens from headers, cookies, or query parameters. It supports dynamic key retrieval to fetch the necessary secrets or public keys at runtime based on request attributes or token headers. The middleware handles JSON Web Token validation, including token expiration handling an
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
AliSQL is a fork of MySQL by Alibaba that extends the relational database management system with enhancements for high performance, scalability, and enterprise-grade availability. It retains the core MySQL identity as a SQL-based database for storing, organizing, and retrieving structured data, while adding optimizations for large-scale transactional and analytical workloads. The project differentiates itself through a set of Alibaba-specific improvements, including a columnar engine for accelerating analytical queries directly on MySQL tables, and a distributed, shared-nothing NDB Cluster en
Sish is a reverse SSH proxy and tunneling server designed to expose local services to the internet. It functions as an SSH tunneling proxy that routes HTTP, WebSocket, and TCP traffic from a remote server to a local machine, enabling the creation of public URLs for local applications. The project distinguishes itself through a combination of an SNI proxy for routing encrypted TLS traffic without decryption and a TCP load balancer that distributes incoming requests across multiple backend targets. It also includes a dedicated service console for real-time inspection and debugging of forwarded
Docker-Proxy is a self-hosted container image caching and mirroring service. It functions as a registry-aware reverse proxy that intercepts requests to remote registries, storing image layers on local disks to accelerate retrieval speeds and reduce dependencies on external network stability. The service includes a web-based management interface for searching mirrored images and monitoring service status. It supports credential-based authentication to access private images and bypass anonymous pull rate limits imposed by remote providers. The proxy manages traffic through domain mapping and s
Android SMS Gateway is a self-hosted messaging infrastructure that transforms Android devices into programmable gateways for sending and receiving SMS and MMS messages. By exposing a local RESTful API and an SMPP bridge, the project enables developers to integrate cellular messaging capabilities directly into their own applications without relying on third-party cloud providers. The platform distinguishes itself through advanced traffic management and orchestration features designed for high-volume messaging. It includes a multi-SIM routing engine that distributes outgoing traffic across mult
Dubbo is a Java RPC framework and microservices governance platform designed for high-performance remote procedure calls in distributed architectures. It provides the foundational components necessary to connect distributed services across a network, including a binary data serialization library and a distributed service registry. The platform distinguishes itself through a comprehensive governance suite that manages service discovery, load balancing, and traffic routing. It enables precise control over network traffic via conditional routing and a pluggable extension mechanism based on a ser
This project is a set of configuration guides and instructional tutorials for setting up Nginx as a web server and reverse proxy. It provides practical examples for hosting static files and directing network traffic to backend servers. The materials cover the implementation of load balancing using weighted round-robin strategies to distribute traffic across server clusters. It also provides guidance on configuring reverse proxies to manage request flow and secure application access. The documentation includes instructions for routing requests by URL path to host multiple applications on a si