A high-performance HTTP/HTTPS proxy server written in Go with advanced traffic management, monitoring, and security features.
go-network-proxy is a flexible forward proxy implementation that supports both HTTP and HTTPS traffic with comprehensive features including domain blocking, rate limiting, traffic analytics, and real-time monitoring through Prometheus and Grafana.
- HTTP/HTTPS Proxy: Full support for both HTTP and HTTPS (via CONNECT tunneling)
- Domain Blocking: Configurable blocklist with exact and wildcard domain matching
- Rate Limiting:
- In-memory rate limiting per IP address
- Distributed Redis-based rate limiting for multi-instance deployments
- EVALSHA optimization for Redis performance
- Metrics & Monitoring:
- Prometheus metrics integration
- Grafana dashboards for visualization
- Request tracking, duration, status codes, and active connections
- Performance Optimization:
- Connection pooling with configurable limits
- Efficient hop-by-hop header handling
- Concurrent request handling
- Security:
- TLS/SSL support
- IP-based access control
- Request filtering and blocking
- Advanced caching mechanisms (in-memory, persisted, and distributed)
- Load balancing across multiple upstream servers
- Traffic analytics and insights
- Zero-trust gateway implementation
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Client Application β
βββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTP Proxy Server β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Rate Limiter (Memory/Redis) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Blocklist Manager β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β HTTP Handler β HTTPS Tunnel Handler β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Prometheus Metrics Collector β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Destination Server β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Monitoring Stack (Optional) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Prometheus β β Grafana β β Redis β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Go 1.24.0 or higher
- Docker and Docker Compose (optional, for monitoring stack)
- Redis (optional, for distributed rate limiting)
git clone https://github.com/aluko123/go-network-proxy.git
cd go-network-proxy/http-proxy
go build -o proxy-server main.goCopy the example environment file and configure as needed:
cp .env.example .envAvailable configuration options:
| Variable | Default | Description |
|---|---|---|
PROMETHEUS_PORT |
9090 | Prometheus server port |
GRAFANA_PORT |
3000 | Grafana dashboard port |
GRAFANA_ADMIN_USER |
admin | Grafana admin username |
GRAFANA_ADMIN_PASSWORD |
admin | Grafana admin password |
REDIS_PORT |
6379 | Redis server port |
PROXY_PORT |
8080 | Proxy server port |
Edit http-proxy/blocklist/blocklist.json to configure blocked domains:
{
"blocked_domains": [
"example.com",
"*.ads.example.com",
"malicious-site.com"
]
}Supports:
- Exact domain matching:
example.com - Wildcard patterns:
*.ads.example.com
cd http-proxy
./proxy-server -proto httpcd http-proxy
./proxy-server -proto https -pem /path/to/cert.pem -key /path/to/key.key./proxy-server -proto http -limiter memory -rate-limit 100 -rate-burst 20# Start Redis first
docker-compose up -d redis
# Start proxy with Redis limiter
./proxy-server -proto http -limiter redis -redis-addr localhost:6379 -rate-limit 100-proto string
Protocol to use: http or https (default "http")
-pem string
Path to PEM certificate file (default "server.pem")
-key string
Path to private key file (default "server.key")
-limiter string
Rate limiter type: memory or redis (default "memory")
-redis-addr string
Redis server address (default "localhost:6379")
-rate-limit int
Requests per minute per IP (default 100)
-rate-burst int
Burst size for rate limiter (default 20)
-debug
Enable debug logging
Set the proxy in your client application or system settings:
# Using curl
curl -x http://localhost:8080 http://example.com
# Using environment variables
export HTTP_PROXY=http://localhost:8080
export HTTPS_PROXY=http://localhost:8080
# Test HTTPS tunneling
curl -x http://localhost:8080 https://www.google.comConfigure your browser to use localhost:8080 as the HTTP/HTTPS proxy.
Start the monitoring stack:
docker-compose up -dThis launches:
- Prometheus at http://localhost:9090
- Grafana at http://localhost:3000
- Redis at localhost:6379
Prometheus metrics are exposed at:
http://localhost:8080/metrics
Available metrics:
proxy_requests_total: Total number of proxy requestsproxy_blocked_requests_total: Total blocked requestsproxy_request_duration_seconds: Request duration histogramproxy_active_connections: Number of active connectionsproxy_requests_by_status_class_total: Requests grouped by status code class
- Access Grafana at http://localhost:3000
- Login with credentials from
.env(default: admin/admin) - Prometheus datasource is pre-configured
- Import or create custom dashboards
See MONITORING.md for detailed monitoring setup and dashboard configuration.
Load testing suite using k6 is available in the tests/ directory:
cd tests
./run-all-tests.sh.
βββ http-proxy/ # Main proxy server
β βββ main.go # Server entry point
β βββ handlers/ # HTTP request handlers
β βββ tunnel/ # HTTPS CONNECT tunneling
β βββ blocklist/ # Domain blocking logic
β βββ limit/ # Rate limiting (memory & Redis)
β βββ metrics/ # Prometheus metrics
βββ tests/ # Load testing suite
βββ grafana/ # Grafana provisioning
βββ certs/ # TLS certificates
βββ traffic-analytics/ # (In development)
βββ zero-trust-gateway/ # (In development)
βββ docker-compose.yml # Monitoring stack
βββ prometheus.yml # Prometheus configuration
βββ MONITORING.md # Monitoring guide
- Optimized connection pooling (500 max idle connections, 200 per host)
- Efficient bidirectional data transfer for HTTPS tunneling
- Redis EVALSHA optimization for distributed rate limiting
- Minimal memory footprint with periodic cleanup of stale limiters
-
Caching Layer:
- In-memory LRU cache
- Persistent cache with configurable TTL
- Distributed caching with Redis
- Cache invalidation strategies
-
Load Balancing:
- Round-robin distribution
- Least connections algorithm
- Health checking
- Automatic failover
-
Traffic Analytics:
- Request/response logging
- Traffic pattern analysis
- Bandwidth usage tracking
- Geographic request distribution
-
Zero-Trust Gateway:
- JWT authentication
- Policy-based access control
- Request signing and validation
Contributions are welcome. Please follow standard Go conventions and include tests for new features.
This project is licensed under the terms specified in the LICENSE file.
For issues, questions, or contributions, please visit the GitHub repository.