G3 Project

中文版 README | 日本語 README

About

This is the project we used to build enterprise-oriented generic proxy solutions, including but not limited to proxy / reverse proxy (WIP) / load balancer (TBD) / NAT traversal (WIP).

Applications

The G3 project consists of many applications, each of which has a separate subdirectory containing its own code, documentation, etc.

In addition to the application directories, there are some public directories:

• doc Contains project-level documentation.
• sphinx is used to generate HTML reference documents for each application.
• scripts Contains various auxiliary scripts, including coverage testing, packaging scripts, etc.

g3proxy

A generic forward proxy solution, but you can also use it as tcp streaming / transparent proxy / reverse proxy as we have basic support built in.

Feature highlights

• Async Rust: fast and reliable
• Http1 / Socks5 forward proxy protocol, SNI Proxy and TCP TPROXY
• Support easy-proxy and masque/http Well-Known URI
• Proxy Chaining, with support for dynamic selection of upstream proxies
• Plenty of egress route selection methods, with support for custom egress selection agent
• TCP/TLS Stream Proxy, Basic HTTP Reverse Proxy
• TLS over OpenSSL / BoringSSL / AWS-LC / AWS-LC-FIPS / Tongsuo, and even rustls
• TLS MITM interception, decrypted traffic dump, HTTP1/HTTP2/IMAP/SMTP interception
• ICAP adaptation for HTTP1/HTTP2/IMAP/SMTP, can integrate seamlessly with 3rd-party security products
• Graceful reload
• Customizable load balancing and failover strategies
• User Auth, with a rich set of config options
• Can set differential site config for each user
• Rich ACL/Limit rules, at ingress / egress / user level
• Rich monitoring metrics, at ingress / egress / user / user-site level
• Support for a variety of observability tools

README | User Guide | Reference Doc

g3statsd

A StatsD compatible stats aggregator.

README | Reference Doc

g3tiles

A work in progress reverse proxy solution.

Reference Doc

g3bench

A benchmark tool that supports:

• HTTP: HTTP/1.1, HTTP/2, HTTP/3
• WebSocket
• TLS Handshake
• DNS: UDP, TCP, DNS over TLS, DNS over HTTP, DNS over QUIC, DNS over HTTP/3
• Thrift RPC
• Cloudflare Keyless

README

g3mkcert

A tool to make root CA / intermediate CA / TLS server / TLS client / TLCP server / TLCP client certificates.

README

g3fcgen

Fake certificate generator for g3proxy.

README

g3iploc

IP location lookup service for g3proxy GeoIP support.

README

g3keymess

A simple implementation of Cloudflare keyless server.

README | Reference Doc

Target Platform

Linux is fully supported.

The code also compiles on the following platforms:

• macOS
• Windows >= 10
• FreeBSD >= 14.3
• NetBSD >= 10.1
• OpenBSD >= 7.8

Dev-env Setup Guide

Follow Dev-Setup.

Standards

Follow Standards.

Build, Package and Deploy

Pre-Built packages can be found at cloudsmith.

But it is still recommended to build packages yourself, see Build and Package for more details.

LTS Version

See Long-Term Support.

Contribution

Please check Contributing for more details.

Code of Conduct

Please check Code of Conduct for more details.

Security

If you discover a potential security issue in this project, or think you may have discovered a security issue, we ask that you notify Bytedance Security via our security center or vulnerability reporting email.

Please do not create a public GitHub issue.

License

This project is licensed under the Apache-2.0 License.

404Starlink

<img src="https://github.com/knownsec/404StarLink/raw/master/Images/logo.png" width="30%">

g3proxy has joined 404Starlink