30 open-source projects similar to tobychui/zoraxy, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Zoraxy alternative.
Tinyproxy is a lightweight HTTP and HTTPS proxy daemon designed for POSIX operating systems. It functions as a system-level network proxy that manages web traffic with minimal resource overhead. The project supports multiple routing modes, including reverse proxying to forward requests to backend servers and transparent proxying to intercept network traffic without client-side configuration. It also includes a header filter to modify or block specific HTTP headers for privacy and security. The software incorporates network access control based on client subnets and protocol filtering. For sy
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
This project is a Node.js HTTP reverse proxy middleware designed to route incoming HTTP and WebSocket traffic to target backend services. It functions as a dynamic routing engine and API gateway tool, providing the capability to consolidate multiple backend services behind a single entry point. The middleware features a WebSocket proxy bridge that manages protocol upgrade handshakes to maintain persistent bidirectional communication. It also includes a request and response transformer used to intercept and modify headers, bodies, and URL paths during transit. The system provides broad traffi
Lucky is a connectivity and routing utility suite focused on SSL automation, dynamic DNS client services, NAT traversal, and port forwarding. It provides a network gateway management interface to coordinate public network access for internal services. The project distinguishes itself through a centralized web-based administration panel used to configure reverse proxy servers, manage ACME-based SSL certificate renewals via DNS provider APIs, and synchronize public IP addresses across multiple dynamic DNS providers. It also includes a NAT traversal tool using STUN to establish external connecti
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
Devilbox is a containerized development environment that provides a reproducible suite of web servers, databases, and language runtimes managed through a unified configuration. It functions as a Docker-based local development stack for LAMP and MEAN software stacks and as a manager for switching between different versions of these services to match specific project requirements. The system distinguishes itself by automating local network orchestration. It includes a Docker-based virtual host manager that automatically maps local directories to custom domains and a local DNS and SSL orchestrat
This repository is a technical documentation site and a collection of guides and references for implementing networking, security, and cloud infrastructure services. It functions as a static-site generated portal and a headless content platform, separating source files from the presentation layer to enable flexible rendering. The project utilizes markdown-based documentation stored in a version-controlled Git repository. It provides specialized technical content including an AI platform documentation for building agents and managing inference, a cloud infrastructure guide for DNS and CDN conf
This project is a collection of Linux server automation scripts designed to automate the installation and configuration of core server software. It provides specialized tools for deploying proxy servers, configuring DNS servers, managing container infrastructure, and optimizing the Linux kernel. The automation suite distinguishes itself by integrating geo-restriction bypass capabilities via proxy protocols and implementing advanced network tuning, such as enabling BBR congestion control to improve throughput and latency. It also features distribution-aware automation that detects CPU architec
NGINX Unit is an open-source application server designed to natively execute code across multiple programming language runtimes and WebAssembly within a single process. It serves as a multi-language application server that can run applications written in Go, Java, Node.js, Perl, PHP, Python, Ruby, and WebAssembly side by side, without requiring separate runtime environments for each language. The server distinguishes itself through a RESTful JSON control API that enables dynamic, zero-downtime configuration changes without restarting the server. It combines event-driven asynchronous I/O with
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
Trojan is a proxy management system designed for administering multi-user deployments through a web-based interface. It provides tools for managing proxy server configurations, monitoring network traffic, and automating the issuance and renewal of SSL certificates via ACME. The system functions as a subscription server, converting user configurations into standardized links, QR codes, and configuration files for import into third-party proxy clients. It includes a dedicated management UI to handle user accounts, set account expiration dates, and control the proxy server backend lifecycle. Op
Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of high-availability PostgreSQL clusters. It functions as an infrastructure-as-code framework that manages cluster coordination, node provisioning, and service discovery through idempotent playbooks. By integrating distributed consensus mechanisms, the platform ensures automated failover and consistent state enforcement across diverse environments, including bare metal and virtualized infrastructure. The platform distinguishes itself through a robust suite of operational capabiliti
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
ejabberd is a multi-protocol communication gateway and scalable server that implements XMPP for instant messaging and presence. It serves as a federated messaging platform, enabling interoperable communication and user discovery between different remote servers. The project functions as an MQTT message broker for lightweight IoT device communication and a SIP signaling server for managing voice and multimedia signaling traffic. It allows for the hosting of multiple domains on a single instance using virtual hosting to isolate configurations and prevent username conflicts. The system provides
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
node-http-proxy is a Node.js HTTP proxy library used for forwarding requests to target servers. It functions as reverse proxy middleware capable of mapping incoming routes to target destinations and transforming request and response data streams. The library includes a WebSocket proxy gateway that upgrades standard HTTP connections into bidirectional streams between clients and backend servers. It also provides a response transformer for modifying bodies, location headers, and cookie domains. The project covers traffic routing management via rule-based translation tables and secure connectio
Sozu is a high-performance, memory-safe reverse proxy and load balancer built in Rust. It is designed to manage HTTP, TCP, and UDP traffic through a multi-process architecture that leverages isolated worker processes to ensure fault tolerance and efficient resource utilization across multi-core hardware. The project distinguishes itself through a focus on continuous availability and dynamic control. It features a unique binary hot-reloading mechanism and a Unix-socket-based control plane, allowing administrators to update proxy configurations, modify listener settings, and even replace the pr
node-http-proxy is a Node.js HTTP proxy library and toolkit used to create programmable reverse proxies, load balancers, and traffic routers. It functions as a system for forwarding HTTP and WebSocket traffic from clients to backend target servers. The project provides capabilities for translating incoming request paths into backend addresses using programmable matching rules. It supports the creation of bidirectional tunnels to facilitate real-time communication via WebSocket proxying. The library covers the modification of request and response headers, including the rewriting of cookies an
This project is a Kubernetes Ingress Controller that functions as a layer 7 traffic router and NGINX reverse proxy. It serves as a secure network gateway, directing external HTTP and HTTPS traffic to backend services within a cluster based on declarative routing rules. The controller acts as a TLS termination gateway to secure traffic and integrates with Prometheus to expose request metrics and latency data for cluster monitoring. It supports canary deployment workflows by implementing weight-based traffic splitting between different versions of a service. The system manages external access
Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit
The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven sp
dae is a high-performance Linux network tool that functions as an eBPF transparent proxy. It intercepts and redirects packets at the kernel level to route internet traffic based on domains, IP addresses, and process names. The project distinguishes itself by modifying TLS handshakes to simulate browser signatures, which prevents server-side detection of proxy traffic. It also implements a full-cone network address translation gateway to maintain stable bidirectional connections and utilizes a latency-based node selector to automatically route traffic through the fastest available proxy nodes.
ProxySU is a Windows desktop application that automates the deployment and management of proxy services on a Linux VPS. It combines single-click installation of multiple proxy protocols, including V2ray, Xray, Trojan, and Shadowsocks, with automatic SSL/TLS certificate provisioning and renewal through Let's Encrypt. The tool distinguishes itself by handling the full lifecycle of proxy server setup from a Windows environment, using SSH key-based authentication for secure, passwordless remote access. It also includes network optimization capabilities, such as activating the BBR TCP congestion c
Runtipi is a home server dashboard and orchestration tool designed for deploying and managing containerized applications. It provides a web-based interface for discovering and installing software from a curated app store, utilizing a Docker Compose orchestrator to handle the deployment of self-hosted services. The system integrates a reverse proxy and SSL manager to route external traffic to internal containers, automating HTTPS certificate renewal and domain assignment. It also features a built-in backup and update manager that uses cron-based scheduling to perform automatic security patchin
Traefik is a cloud-native load balancer and dynamic reverse proxy designed for microservices traffic routing. It automatically discovers services and generates network routes by listening to infrastructure changes in orchestrators and service registries. The project distinguishes itself through auto-configuring service routing, which eliminates manual configuration by updating routing rules in real time as infrastructure scales. It also provides automated SSL certificate management, utilizing ACME-based automation to request and renew certificates from remote authorities. Additional capabili
Linkerd is a Kubernetes service mesh that manages network traffic between microservices. It functions as a transparent networking proxy, layer 7 traffic manager, and mutual TLS security layer, providing observability and reliability for service-to-service communication without requiring changes to application code. The project distinguishes itself through a sidecar-proxy architecture that intercepts TCP and application-level traffic to provide automatic mutual TLS encryption and identity verification. It enables cross-cluster service networking to link multiple clusters and implements cloud-n
x-ui-yg is a web-based proxy panel and multi-protocol manager used to deploy and manage network proxy protocols for bypassing internet censorship. It serves as a centralized administrator for secure network tunnels, providing a dashboard to obscure internet traffic and maintain user privacy. The project functions as a proxy subscription server, generating aggregated client subscription links and configuration files locally to remove reliance on third-party conversion tools. It also acts as a CDN proxy orchestrator, allowing the use of CDN domains and encryption to mask server identities and p