VProxy works as a reverse proxy in common cases to pretend as an HTTPS web site. Only when VProxy receives HTTP/1.1 proxy request whose credential is valid, it handles that request as an HTTPS forward proxy. The traffic is encrypted by TLS hence HTTPS proxy is disguised in an HTTPS web site.
- Forward Proxy - HTTP proxy requests are forwarded to allow client access Internet
- Disguise Mode - Credentials (username and password) are mandatory for forward proxy. If credentials are not valid in HTTP proxy request, VProxy does not response error. Instead, it works as reverse proxy.
- Reverse Proxy - VProxy forwards HTTP/HTTPS requests to backend for common requests, and it is seen as a truely web site.
- Integrated Web Console - Easy to configure and maintain by accessing a secure path in web browser.
- High Performance - Developed with Rust, which is blazingly fast as C/C++. All network I/O operations are performed asynchronously. No garbage collector, low memory footprint, and absolutely memory-safe!
- Compatibility - VProxy is compatible with existing HTTPS proxy softwares as long as they don't rely on challenge–response authentication.
- iOS - Shadowrocket
- Firefox - Extension
- Windows/Linux/MacOS/OpenWRT - Clash
A domain name is required to setup HTTPS. The domain name must be resolved to Internet IP address of the server you are going to setup.
V-Proxy server is provided as docker images at DockerHub.
The following OS/architectures are supported by docker images.
linux/amd64
linux/arm64
linux/armv7
To deploy VProxy as docker container, first create a data volume
sudo docker volume create --name vproxy-data
Then start the container
sudo docker run -it --name vproxy --network host -v vproxy-data:/app/data/:rw -v vproxy-data:/etc/letsencrypt:rw -v vproxy-data:/var/lib/letsencrypt:rw vproxy/server
- Volume
/app/data/
hosts application data of vproxy - Volumes
/etc/letsencrypt
and/var/lib/letsencrypt
are required by certbot to store certificates.
Certainly the container can be started as Linux daemon. Here is a full example
#!/bin/bash
sudo docker volume create --name vproxy-data; #create data volume
sudo docker rm -f vproxy; #remove any previous container
#Start the container as daemon
sudo docker run -d \
--name vproxy \
--network host \
--restart=always \
-v vproxy-data:/app/data/:rw \
-v vproxy-data:/etc/letsencrypt:rw \
-v vproxy-data:/var/lib/letsencrypt:rw \
--cap-add net_bind_service \
vproxy/server:latest
sudo docker logs -f vproxy; #Watch the logs
After docker contaienr is started, startup screen presents as below.
In the startup screen, Console URL
is presented.
Copy the Console URL
in startup screen to your local machine's web browser, open it.
It loads the management backend after input username and password which are presented in startup screen as well.
Now you can upload SSL certificate files.
Alternatively you can install a free SSL certificate by clicking "Request free SSL/TLS certificate".
You can input the domain name and email address to request.
By clicking "Request" button, Let's Encrypt sends an HTTP GET request to http://some.domain.com:80
.
Hence before requesting a new SSL certificate, the domain name must be resolved to the server's Internet IP Address.
And the web site is accessible at port 80 to the Internet.
If everything goes ok, the new SSL certificate is installed automatically.
Try to switch to HTTPS to ensure it is accessible.
Next,create users who can use HTTPS proxy to access Internet.
Next, install client and fill in your domain name
/ port
/ username
/ password
to access.
Install Shadowrocket, which is a rule based proxy utility for iOS.
Install SwitchyOmega for VProxy in Firefox.
Clash is a rule-based tunnel.
One may add vproxy in its $HOME/.config/clash/config.yaml
as below.
proxies:
# vproxy
- name: "vproxy"
type: http # <-- must be http
server: your.domain.com # <-- your vproxy server domain
port: 443 # <-- your vproxy server https port
username: username # <-- your vproxy server username
password: password # <-- your vproxy server password
tls: true # <-- must be true
skip-cert-verify: true # <-- ignore certifications
# sni: custom.com