Proxy
Fortio simple TLS/ingress proxy
Install / Use
/learn @fortio/ProxyREADME
Fortio proxy
Fortio simple TLS/ingress autocert proxy
Front end for running fortio report for instance standalone with TLS / Autocert and routing rules to multiplex multiple service behind a common TLS ingress (works with and allows multiplexing of grpc and h2c servers too)
Any -certs-domains ending with .ts.net will be handled by the Tailscale cert client (see https://tailscale.com/kb/1153/enabling-https). Or you can now specify -tailscale and it will get the local server name and domain automatically using the tailscale go client api.
Install
using golang 1.20+ (improved ReverseProxy api and security from 1.18)
go install fortio.org/proxy@latest
sudo setcap CAP_NET_BIND_SERVICE=+eip $(which proxy)
If you don't need or want the tailscale support, add -tags no_tailscale for a much smaller binary.
You can also download one of the many binary releases
We publish a multi architecture docker image (linux/amd64, linux/arm64) docker run fortio/proxy
Usage
See example of setup in https://github.com/fortio/demo-deployment
You can define routing rules using host or prefix matching, for instance:
[
{
"host": "grpc.fortio.org",
"destination": "http://127.0.0.1:8079"
},
{
"prefix": "/fgrpc.PingServer",
"destination": "http://127.0.0.1:8079"
},
{
"prefix": "/grpc.health.v1.Health/Check",
"destination": "http://127.0.0.1:8079"
},
{
"host": "*",
"destination": "http://127.0.0.1:8080"
}
]
And which domains/common names you will accept and request certificates for (coma separated list in -certs-domains flag or dynamic config directory)
Optionally you can also configure debug-host for a Host (header, Authority in h2) that will serve a secured variant of fortio's debug handler for these requests: you can see it on https://debug.fortio.org/a/random/test
There is a simpler config for single/default route: If you want to setup TLS and forward everything to local (h2c) http server running on port 3000
go run fortio.org/proxy@latest -certs-domains ...your..server..full..name -h2 -default-route localhost:3000
(http:// prefix can be omitted in the default route only)
You can get full help/flags using
proxy help
Use -timeout 0 or a high value like 1h if you're going to use it to download/upload large models or otherwise slow transactions. The default is 1 minute maximum.
Related Skills
node-connect
350.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
350.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
350.1kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
