A HTTP reverse proxy with TLS+SNI support.
Python
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
.gitignore
LICENSE
README.rst
setup.py

README.rst

rproxy

A super simple HTTP/1.1 proxy, with TLS and Let's Encrypt support.

rproxy takes care of your Let's Encrypt certificates, automatically renewing them. This is done by the excellent txacme library.

Install from PyPI:

$ pip install rproxy

Make a directory to store your certificates:

$ mkdir my-certs

Make a rproxy.ini:

[rproxy]
certificates=my-certs
http_ports=80
https_ports=443

[hosts]
mysite.com_port=8080

Then run it:

sudo twistd -u nobody -g nobody -n rproxy

This will start the server, drop permissions (setting the effective uid/guid to nobody), and will proxy incoming requests to mysite.com to localhost:8080. You can configure it further:

[rproxy]
certificates=my-certs
http_ports=80,8080
https_ports=443
clacks=true

[hosts]
mysite.com_port=8080
mysite.com_host=otherserver
mysite.com_onlysecure=True
mysite.com_proxysecure=True

myothersite.net_port=8081

This config will:

  • connect to https://otherserver:8080 as the proxied server for mysite.com, and only allow HTTPS connections to the proxy for this site
  • connect to http://localhost:8081 as the proxied server for myothersite.net, and allow HTTP or HTTPS connections.

General Config

  • http_ports -- comma-separated list of numerical ports to listen on for HTTP connections.
  • https_ports -- comma-separated list of numerical ports to listen on for HTTPS connections.
  • certificates -- directory where certificates are kept.
  • clacks -- Enable X-Clacks-Overhead for requests.

Hosts Config

  • <host>_onlysecure -- enforce HTTPS connections. If not set, or set to False, it will allow HTTP and HTTPS connections.
  • <host>_proxysecure -- connect to the proxied server by HTTPS. If not set, or set to False, it will connect over HTTP.
  • <host>_port -- The port of the proxied server that this proxy should connect to.
  • <host>_host -- the hostname/IP of the server to proxy to.
  • <host>_sendhsts -- send HSTS headers on HTTPS connections.
  • <host>_wwwtoo -- match www too.