██████╗██╗ ██╗ ██████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗██╗ ██╗
██╔════╝██║ ██║██╔═══██╗██╔══██╗██╔══██╗██╔══██╗██╔═══██╗╚██╗██╔╝╚██╗ ██╔╝
██║ ███████║██║ ██║██████╔╝██████╔╝██████╔╝██║ ██║ ╚███╔╝ ╚████╔╝
██║ ██╔══██║██║ ██║██╔═══╝ ██╔═══╝ ██╔══██╗██║ ██║ ██╔██╗ ╚██╔╝
╚██████╗██║ ██║╚██████╔╝██║ ██║ ██║ ██║╚██████╔╝██╔╝ ██╗ ██║
╚═════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
Distributed Reverse Proxy System — Pure Go. No Caddy. No Traefik. No Nginx.
ChopProxy lets you expose any local service (HTTP, TCP, UDP) to the internet through a secure reverse tunnel — even behind NAT or firewalls. It automatically provisions TLS certificates via Let's Encrypt, routes traffic by domain/subdomain, and reconnects automatically if the connection drops.
- 🌐 HTTP/HTTPS tunnels — routed by subdomain, with automatic Let's Encrypt TLS
- 🔌 TCP/UDP tunnels — expose any service: SSH, databases, game servers, VoIP
- 🔄 Persistent connections — auto-reconnects with exponential backoff
- 💾 Saved tunnels — run
chopproxywith no args to restore all tunnels instantly - 🖥️ Interactive menu — manage tunnels with real-time server sync
- 🔑 Token-based auth — session tokens saved locally, no repeated logins
- 🛡️ Pure Go — single binary, no external dependencies at runtime
[Your Local Service] ←→ [chopproxy client] ←──── NAT/Firewall ────→ [chopproxy-server]
(reverse tunnel) ↕
[Internet Traffic]
https://app.yourdomain.com
The client initiates all connections to the server — no inbound ports needed on the client side. The server signals the client to open data connections on demand.
# 1. Add your domain
./chopproxy-server domain add yourdomain.com
# 2. Start the server
./chopproxy-server startPorts used:
| Port | Purpose |
|---|---|
| 9999 | Control plane (client connections) |
| 9997 | Data plane (tunnel traffic) |
| 80 | HTTP proxy |
| 443 | HTTPS proxy (auto TLS) |
# First time — connect and create a tunnel interactively
chopproxy connect <server_ip>
# After that — just run with no args to restore all tunnels
chopproxy
# Or open the interactive manager
chopproxy menu| Command | Description |
|---|---|
chopproxy |
Auto-reconnect all saved tunnels (persistent) |
chopproxy menu |
Interactive tunnel manager |
chopproxy connect <ip> |
Connect to server and create a new tunnel |
chopproxy tunnels |
List active tunnels on server |
chopproxy remove <id> |
Remove a tunnel by ID |
chopproxy version |
Show version |
| Command | Description |
|---|---|
chopproxy-server start |
Start the server |
chopproxy-server domain add <domain> |
Add a domain |
chopproxy-server domain list |
List configured domains |
chopproxy-server domain remove <domain> |
Remove a domain |
chopproxy-server version |
Show version |
Requirements: Go 1.22+
# Build for current platform
go build -o chopproxy ./cmd/chopproxy-client/
go build -o chopproxy-server ./cmd/chopproxy-server/
# Cross-compile for Linux (from any OS)
GOOS=linux GOARCH=amd64 go build -o chopproxy-linux ./cmd/chopproxy-client/
GOOS=linux GOARCH=amd64 go build -o chopproxy-server-linux ./cmd/chopproxy-server/
# Cross-compile for Windows
GOOS=windows GOARCH=amd64 go build -o chopproxy.exe ./cmd/chopproxy-client/
GOOS=windows GOARCH=amd64 go build -o chopproxy-server.exe ./cmd/chopproxy-server/- Client connects to the server's control port (9999) via TCP
- Authentication — password (first time) or saved token (reconnects)
- Tunnel creation — client sends tunnel config (subdomain, protocol, local port)
- Server registers the tunnel and provisions a TLS certificate (Let's Encrypt)
- On inbound request — server sends
MsgTunnelDatasignal to client - Client opens a data connection to port 9997 and pipes it to
localhost:localPort - Transparent proxying — the internet sees your domain; your service sees local traffic
The server stores its configuration in:
- Linux:
/etc/chopproxy/ - Windows:
C:\ProgramData\ChopProxy\
The client stores sessions and saved tunnels in:
~/.chopproxy/(all platforms)
MIT License — see LICENSE for details.