Releases: tobychui/zoraxy
v3.2.9
v3.2.9
This version is another optimization version that introduce a few more patch and feature optimizations.
Note: We are planning to change the release model to follow more closely to what the Linux kernel does - with RC versions (Release Candidates) and stable releases instead of version & version.revX. If you are using some sort of automated tools for updating Zoraxy on your production environment, please be ready for the changes.
What's Changed
- Update CHANGELOG.md by @Morethanevil in #853
- Add PKCE support with S256 challenge method for OAuth2 (fixes #852) by @kjagosz in #860
- Update lego to v4.27.0 by @zen8841 in #869
- Update lego to v4.28.0 by @zen8841 in #871
- Typo in plugins.html by @mlbarrow in #873
- Moved log rotation options to webmin panel
- Supported opening tar.gz in the new log viewer
- Added disable logging function to HTTP proxy rule for high traffic sites
- V3.2.9 by @tobychui in #870
New Contributors
Full Changelog: v3.2.8...v3.2.9
Contributors
Assets 11
v3.2.8
v3.2.8
This version fixed a few bugs and introduce the user select-able inbound min TLS version. This version also updated a few design in the TLS / SSL tab, getting prepared for the up coming big update in the TLS management flow in Zoraxy.
What's Changed
- Fix #845 by @zen8841 in #846
- Move function:NormalizeDomain to netutils module by @zen8841 in #847
- Add support for Proxy Protocol V1 and V2 in streamproxy configuration by @jemmy1794 in #848
- V3.2.8 by @tobychui in #851
Full Changelog: v3.2.7...v3.2.8
Contributors
Assets 11
v3.2.7
[Warning] v3.2.7 has a bug about wildcard certificate issue and renew: Fix in v3.2.8
This is basically a stable version of v3.2.6 with a bit optimization and bug fixes.
What's Changed
- Update Sidebar CSS by @Saeraphinx in #827
- Fix restart after acme dns challenge by @jimmyGALLAND in #828
- fix acme renew by @jimmyGALLAND in #829
- V3.2.7 by @tobychui in #837
New Contributors
- @Saeraphinx made their first contribution in #827
- @jimmyGALLAND made their first contribution in #828
Full Changelog: v3.2.6...v3.2.7
Contributors
Assets 11
v3.2.6
What's Changed
- feat(plugins): Implement plugin API key management and authentication middleware by @AnthonyMichaelTDM in #746
- fix(issue 758): Handle existing symlink in start_zerotier function by @AnthonyMichaelTDM in #759
- fix(issue 771): panics when rewriting headers for websockets, and strange issue with logging across a month boundary by @AnthonyMichaelTDM in #772
- add CODEOWNERS file by @AnthonyMichaelTDM in #792
- Update lego to v4.25.2 by @zen8841 in #795
- feat(sso): forward auth body and alternate headers by @james-d-elliott in #788
- feat(sso): clear settings by @james-d-elliott in #789
- feat(plugins): Implement event system w/ POC events by @AnthonyMichaelTDM in #753
- feature: new container environment vars by @PassiveLemon in #805
- Update example plugins by @AnthonyMichaelTDM in #807
- feat(event system): Flesh out EventPayload interface by @AnthonyMichaelTDM in #810
- feat(plugin API): Plugin-to-plugin-comms by @AnthonyMichaelTDM in #813
- put plugin API on separate mux not protected by CSRF by @AnthonyMichaelTDM in #820
- V3.2.6 by @tobychui in #804
New Contributors
Full Changelog: v3.2.5r2...v3.2.6
Contributors
Assets 11
v3.2.5r2
v3.2.5r2
This is a quick patched version of the v3.2.5 with a bug in TLS option for new HTTP proxy rules.
If you have already using v3.2.5, the http proxy rule with missing TlsOption setting will automatically populated to default TLS options and you should be able to start and edit the rule after Zoraxy is upgraded and service restarted.
Change Log
- Fixed #756
v3.2.5
v3.2.5
This version added a new feature that allow user customize their choice of TLS / SSL certificate and disable SNI function, as well as added proxy protocol v1 support to stream proxy.
Change Log
- Added new API endpoint /api/proxy/setTlsConfig (for HTTP Proxy Editor TLS tab)
- Refactored TLS certificate management APIs with new handlers
- Removed redundant functions from src/cert.go and delegated to tlsCertManager
- Code optimization in tlscert module
- Introduced a new constant CONF_FOLDER and updated configuration storage paths (phasing out hard coded paths)
- Updated functions to set default TLS options when missing, default to SNI
By @jemmy1794
- Added Proxy Protocol v1 support in stream proxy
- Fixed Proxy UI bug
Contributors
Assets 10
v3.2.4
v3.2.4
This is the first formal release of an accumulated updates on a lot of features and the new UI.
For the accumulated change log, please see v3.2.0 to v3.2.3 change logs.
(The SNI disable function per http-proxy rule is still work in progress. I guess we have to stick with the outer-most TLS/SSL tab for configuring TLS settings for now until a new maintainer for the ACME module is found)
Change Log
- Updated
SYSTEM_VERSIONfrom 3.2.3 to 3.2.4 insrc/def.go. - Fixed issues
- OIDC/OAuth2 redirection behavior #695: added logic to handle full URLs during redirection.
- Changed default address prefix for UDP forwarding from 127.0.0.1 to 0.0.0.0 in
ForwardUDP. - Reorganized SSO settings UI in
src/web/components/sso.html
- Removed experimental feature message.
- Introduced tab-based navigation for Forward Auth, OAuth 2.0, and Zoraxy SSO (currently not implemented).
- Improved imports in
src/mod/auth/sso/oauth2/oauth2.go: removed duplicate lines to enhance readability.
v3.2.3
v3.2.3
This revision is a pre-release for the new HTTP Proxy UI implementation as well as added more SSO options. The HTTP proxy rule editor now is flattered into a modal menu that is easier to navigate and more friendly to beginners
Change Log
- Added new HTTP proxy UI
- Added inbound host name edit function
- Added static web server option to disable listen to all interface
- Merged SSO implementations (Oauth2) #649
- Merged forward-auth optimization #692
- Added disable chunked transfer encoding checkbox (for upstreams that uses legacy HTTP implementations)
Updates 16/06/2025
Just updated the binary for a quick patch in the UI html file.
Thanks for everyone whom have involved in the development of Zoraxy project!
v3.2.2
v3.2.2
This release merged the new forward-auth module by @james-d-elliott and implemented an automatic config upgrader that update the configuration file from v3.2.1 to v3.2.2 format. If you were previously using Authentik or Authelia, here are a few things you need to know.
- As the auth provider config structure is quite different, you will need to manually setup the forward auth again.
- For HTTP proxy rules that were setup using Authentik or Authelia, it is recommend that you switch the authentication function to none first before upgrade. Although the upgrader will try to map all Authentik / Authelia auth providers to the new forward auth option, but it is not tested on my side due to limited capabilities in my homelab recently.
- Always backup your system before upgrade
Change Log
- Merged forward auth pull request
- Added v3.2.2 automatic config files upgrader
Contributors
Assets 10
v3.2.1
v3.2.1 (Pre-release)
This is yet another experimental release that introduce the router type plugin system and plugin store. You can use the plugin manager tab to assign a plugin to a given tag. Then, all traffics that goes to an HTTP proxy rule with that tag, will be processed by the list of plugin selected.
Currently the plugin store only support installing from the zoraxy official plugin repo (and it only got 1 plugin). But later on a new plugin manager URLs system (like the one in Arduino IDE) will be introduced to integrate 3rd party plugin stores.
For developers
The new -dev flag is introduced to replace the hard-coded DEVELOPMENT_MODE constant in the global scope. To force Zoraxy to load html files from the web directory, you can start zoraxy with ./zoraxy -dev=true to bypass the internal embedded fs.
Change Logs
- Merged in authentik forward auth support
- Merged IPv6 whitelist patch
- Added
-devflags (default to false, no need to change your current startup script) - Added support for basic per host name statistic
- Added experimental plugin store
- Added
$remote_ipin custom header that filters port number from$remote_addr - Fixed origin is not populated in log bug
- Fixed redirection location rewrite bug