v3.2.5r2

v3.2.5r2

This is a quick patched version of the v3.2.5 with a bug in TLS option for new HTTP proxy rules.

If you have already using v3.2.5, the http proxy rule with missing TlsOption setting will automatically populated to default TLS options and you should be able to start and edit the rule after Zoraxy is upgraded and service restarted.

Change Log

• Fixed #756

v3.2.5

v3.2.5

This version added a new feature that allow user customize their choice of TLS / SSL certificate and disable SNI function, as well as added proxy protocol v1 support to stream proxy.

Change Log

• Added new API endpoint /api/proxy/setTlsConfig (for HTTP Proxy Editor TLS tab)
• Refactored TLS certificate management APIs with new handlers
• Removed redundant functions from src/cert.go and delegated to tlsCertManager
• Code optimization in tlscert module
• Introduced a new constant CONF_FOLDER and updated configuration storage paths (phasing out hard coded paths)
• Updated functions to set default TLS options when missing, default to SNI

By @jemmy1794

• Added Proxy Protocol v1 support in stream proxy
• Fixed Proxy UI bug

v3.2.4

v3.2.4

This is the first formal release of an accumulated updates on a lot of features and the new UI.
For the accumulated change log, please see v3.2.0 to v3.2.3 change logs.
(The SNI disable function per http-proxy rule is still work in progress. I guess we have to stick with the outer-most TLS/SSL tab for configuring TLS settings for now until a new maintainer for the ACME module is found)

Change Log

• Updated SYSTEM_VERSION from 3.2.3 to 3.2.4 in src/def.go.
• Fixed issues
• OIDC/OAuth2 redirection behavior #695: added logic to handle full URLs during redirection.
• Changed default address prefix for UDP forwarding from 127.0.0.1 to 0.0.0.0 in ForwardUDP.
• Reorganized SSO settings UI in src/web/components/sso.html

• Removed experimental feature message.
• Introduced tab-based navigation for Forward Auth, OAuth 2.0, and Zoraxy SSO (currently not implemented).

• Improved imports in src/mod/auth/sso/oauth2/oauth2.go: removed duplicate lines to enhance readability.

v3.2.3

v3.2.3

This revision is a pre-release for the new HTTP Proxy UI implementation as well as added more SSO options. The HTTP proxy rule editor now is flattered into a modal menu that is easier to navigate and more friendly to beginners

Change Log

• Added new HTTP proxy UI
• Added inbound host name edit function
• Added static web server option to disable listen to all interface
• Merged SSO implementations (Oauth2) #649
• Merged forward-auth optimization #692
• Added disable chunked transfer encoding checkbox (for upstreams that uses legacy HTTP implementations)

Updates 16/06/2025
Just updated the binary for a quick patch in the UI html file.

Thanks for everyone whom have involved in the development of Zoraxy project!

v3.2.2

v3.2.2

This release merged the new forward-auth module by @james-d-elliott and implemented an automatic config upgrader that update the configuration file from v3.2.1 to v3.2.2 format. If you were previously using Authentik or Authelia, here are a few things you need to know.

1. As the auth provider config structure is quite different, you will need to manually setup the forward auth again.
2. For HTTP proxy rules that were setup using Authentik or Authelia, it is recommend that you switch the authentication function to none first before upgrade. Although the upgrader will try to map all Authentik / Authelia auth providers to the new forward auth option, but it is not tested on my side due to limited capabilities in my homelab recently.
3. Always backup your system before upgrade

Change Log

• Merged forward auth pull request
• Added v3.2.2 automatic config files upgrader

v3.2.1

v3.2.1 (Pre-release)

This is yet another experimental release that introduce the router type plugin system and plugin store. You can use the plugin manager tab to assign a plugin to a given tag. Then, all traffics that goes to an HTTP proxy rule with that tag, will be processed by the list of plugin selected.

Currently the plugin store only support installing from the zoraxy official plugin repo (and it only got 1 plugin). But later on a new plugin manager URLs system (like the one in Arduino IDE) will be introduced to integrate 3rd party plugin stores.

For developers

The new -dev flag is introduced to replace the hard-coded DEVELOPMENT_MODE constant in the global scope. To force Zoraxy to load html files from the web directory, you can start zoraxy with ./zoraxy -dev=true to bypass the internal embedded fs.

Change Logs

• Merged in authentik forward auth support
• Merged IPv6 whitelist patch
• Added -dev flags (default to false, no need to change your current startup script)
• Added support for basic per host name statistic
• Added experimental plugin store
• Added $remote_ip in custom header that filters port number from $remote_addr
• Fixed origin is not populated in log bug
• Fixed redirection location rewrite bug

v3.2.0

v3.2.0 (Pre-release)

This is an experimental release that test the stability of the followings

• Plugin forwarding API
• New dpcore concurrent settings
• New webmin embed web resources router

This version also updated some of the dark theme color scheme and optimized a bit of the code architecture that has been designed back in the days when Zoraxy is less complex. Now the webmin panel should load much faster compare to previous versions with an improved dpcore that can better handle concurrent load with up to 256 max concurrent connections per host.

The homepage also got a bit update as well to support multi-language with a better color scheme.

Change Log

• Removed GAN and moved to plugin
• Added upnp port forwarder plugin
• Added loopback detection to whitelist
• Optimized embed web resources router implementation
• Completed plugin prototype interface
• Updated dpcore concurrent implementation
• Merged traffic log update
• Updated homepage
• Fixed memory leak on netstat
• Fixed and updated minor dark theme color pallets

v3.1.9

v3.1.9

This release fixes a few bugs and introduce a new plugin system prototype. Currently it only support Utilities type plugins (i.e. plugins that do not manage routing), but in the coming versions I will be adding in more routing capabilities to the plugin interface where custom route-able modules like custom ACME manager and scripting controlled routing rules can be implemented by 3rd parities developers.

You can find some of the utilities plugin example in the example folder.

Deprecate Notice

ZeroTier / Global Area Network controller will be moved to plugin in v3.2.x release (Things you might not know: I got quite some users complaining they don't use zerotier and asking for a way to remove it). Please remember to backup all your GAN assigned devices name before migrating to the ztnc plugin. The ztnc plugin works the same as the original Global Area Network tab but with a "disable" button in the plugin menu where you can unload it if needed.

Change Log

• Fixed netstat underflow bug
• Fixed origin picker cookie bug
• Added prototype plugin system
• Added plugin examples
• Added notice for build-in Zerotier network controller deprecation (and will be moved to plugins)
• Added country code display for quickban list

v3.1.8

v3.1.8

This releases fixes the docker ssh bug as well as a few minor improvements including exposing the dpcore timeout value to the UI.
If you want to further increase the concurrent connection counts to your upstream server, you can also change such setting under HTTP Proxy Rule > Upstreams > Max Concurrent Connections.

Note: The bandwidth between your gateway and upstream servers are fixed. More concurrent connection doesn't directly translate to faster proxy speed. As this setting is really use-case dependent, you can keep it as default if you do not what value to use.

Change Log

• Exposed timeout value from dpcore to UI
• Added active load balancing (if uptime monitor is enabled on that rule)
• Re-factorized io stats and remove dependencies over wmic (by @eyerrock )
• Removed SMTP input validation
• Fixed sticky session bug
• Fixed passive load balancer bug
• Fixed dockerfile bug (by @PassiveLemon )

v3.1.7

v3.1.7

This release updated the dark theme color palettes to make it less dark. New updates include details viewing for uptime monitor and a few minor features. @adoolaard also introduced a new tag system for managing HTTP proxy rules in #509

Change Log

• Merged and added new tagging system for HTTP Proxy rules
• Added inline editing for redirection rules
• Added uptime monitor status dot detail info (now clickable)
• Added close connection support to port 80 listener
• Optimized port collision check on startup
• Optimized dark theme color scheme (Free consultation by 3S Design studio)
• Fixed capital letter rule unable to delete bug
• Fixed docker statistic not save bug by @PassiveLemon