GoDoxy

Appearance

Basic Setup

Docker Image

TagDescription
latestStable release
nightlyExperimental release
vx.y.zStable release
  • Proxy ghcr.io/yusing/godoxy:<tag>
  • Frontend ghcr.io/yusing/godoxy-frontend:<tag>

Current version

GitHub Release

Known issues

  • Idlewatcher does not work with TCP / UDP routes (wip)
  • UDP forwarding does not work properly

Environment variables

Core

NOTE

Also works with old prefix GOPROXY_ or without prefix like API_USER

Environment VariableDescriptionDefaultValues
GODOXY_FRONTEND_PORTFrontend listening port3000integer
GODOXY_HTTP_ADDRHTTP server listening address:80[host]:port
GODOXY_HTTPS_ADDRHTTPS server listening address (if enabled):443[host]:port
GODOXY_API_ADDRAPI server listening address127.0.0.1:8888[host]:port
GODOXY_HTTP3_ENABLEDEnable HTTP/3trueboolean
GODOXY_DEBUGEnable debug behaviors and loggingfalseboolean

Authentication

General

DANGER

If you desire to use authentication without HTTPS, set GODOXY_API_JWT_SECURE to false

Not recommended

Common

Environment VariableDescriptionDefaultValues
GODOXY_API_JWT_SECURESecure flag for JWT cookietrueboolean
GODOXY_API_JWT_SECRETBase64 JWT secret for api serverrandom (you will have to login again after restarting GoDoxy)string
GODOXY_API_JWT_TOKEN_TTLJWT Time-to-live24hduration

User Password Auth

Environment VariableDescriptionDefaultValues
GODOXY_API_USERWebUI login usernameadminstring
GODOXY_API_PASSWORDWebUI login passwordpasswordstring

OIDC

Environment VariableDescriptionDefault
GODOXY_OIDC_ISSUER_URLOIDC issuer URLempty
GODOXY_OIDC_CLIENT_IDOIDC client IDempty
GODOXY_OIDC_CLIENT_SECRETOIDC client secretempty
GODOXY_OIDC_ALLOWED_USERSOIDC allowed users (optional when ALLOWED_GROUPS is set)empty
GODOXY_OIDC_ALLOWED_GROUPSOIDC allowed groups (optional when ALLOWED_USERS is set)empty
GODOXY_OIDC_SCOPESOIDC scopesopenid,profile,email,groups
Scopes
ScopeDescriptionOptional?
openidOpenID Connect scopeNo
profileUser profile scopeNo
emailUser email scopeYes
groupsUser groups scopeYes
offline_accessOffline access scope for refresh tokenYes

NOTE

You will have to add this "Allowed Callback URL" in your OIDC provider

https://*.yourdomain.com/auth/callback (wildcard) or https:\/\/([^\.]+)\.yourdomain\.com\/auth\/callback (regex)

Authentik specific
  • Set Signing Key to "authentik Self-signed Certificate"
  • Set Encryption Key to None
  • Set Issuer mode to "Each provider has a different issuer, based on the application slug" if not already
  • Add scope authentik default OAuth Mapping: OpenID 'offline_access'
Example

Image

Image

Add these to .env:

  • GODOXY_OIDC_ISSUER_URL IdP's base URL
    • https://id.domain.com (Pocket ID)
    • https://auth.domain.com/application/o/<slug>/ (Authentik)
  • GODOXY_OIDC_CLIENT_ID Client ID
  • GODOXY_OIDC_CLIENT_SECRET Client secret
  • GODOXY_OIDC_ALLOWED_USERS Comma separated list of allowed users
  • GODOXY_OIDC_ALLOWED_GROUPS Comma separated list of allowed groups

NOTE

To enable OIDC for specific app, it's just two lines in docker compose:

yaml
services:
  your_app:
    ...
    labels:
      proxy.#1.middlewares.oidc:

Checkout OIDC Middleware for customizing OIDC per app.

Metrics

Environment VariableDescriptionDefaultValues
GODOXY_METRICS_DISABLE_CPUDisable cpu usage collectionfalseboolean
GODOXY_METRICS_DISABLE_MEMORYDisable memory usage collectionfalseboolean
GODOXY_METRICS_DISABLE_DISKDisable disk usage, I/O collectionfalseboolean
GODOXY_METRICS_DISABLE_NETWORKDisable network I/O collectionfalseboolean
GODOXY_METRICS_DISABLE_SENSORSDisable sensors info collectionfalseboolean

Behaviors

Default URL: <container_name>.yourdomain.com

NOTE

All containers are proxied by default, except any of the following is true:

  • label proxy.exclude is set to true
  • GoDoxy IS NOT explicit enabled for container, but it is either
    • from a provider in explicit only mode (provider name with exclamation mark ! suffix)
    • or detected as a backend service (e.g. headless browsers, databases, etc.)
  • container doesn't have any exposed port
  • container name has prefix buildx_
  • alias with prefix x- or suffix -old

To explicitly enable GoDoxy for a container:

  • GoDoxy < v0.9 - set label proxy.aliases
  • GoDoxy >= v0.9 - set any label starting with proxy.

Use JSON Schema in IDEs

If you are unsure about what it is, ignore this

Using JSON schema allows static checking in IDEs. For VSCode, copy .vscode/settings.example.json to .vscode/settings.json (under root directory of GoDoxy) and modify it to fit your needs

Released under the MIT License.

Copyright © 2024-present Yusing