Roxy the Frontend Proxy

View on GitHub

Roxy the Frontend Proxy

Go Latest Release License Build Status Docker Pulls Go Report Card

Roxy Lalonde

Our mascot, Roxy Lalonde.

Roxy is an Internet-facing HTTPS frontend proxy that’s meant to scale from hobbyist websites to very large installations, assuming that you’re a fan of Let’s Encrypt or other ACME providers for issuing your TLS certificates.

Because Roxy’s uses of HTTPS and ACME are not optional, Roxy only supports being an Internet-facing webserver. It does one thing, and does it well. There is basic support for serving static content directly from the local filesystem, but Roxy does not support, and will never support, scripting engines in the style of PHP, mod_python, and so on. Instead, users of Roxy are expected to use Roxy as a reverse proxy, running their dynamic content on “micro-frontends” behind Roxy. Roxy will take care of all the Internet-facing stuff that you would normally have to re-implement yourself, such as TLS certificates and modern security-hardening HTTP headers.

Roxy currently supports HTTP, HTTPS, and gRPC (over both TLS and plaintext) to communicate with backend web servers.

More documentation

See also:

Installing with Docker

docker pull chronostachyon/roxy
# Set up configuration in /etc/opt/roxy on the host
# Prepare /var/opt/roxy/lib/acme on the host
# Static content, if any, goes in /srv/www
docker run --rm -it --name roxy \
  -v /var/opt/roxy/lib/acme:/var/opt/roxy/lib/acme \
  -v /etc/opt/roxy:/etc/opt/roxy:ro \
  -v /srv/www:/srv/www:ro \
  -p 80 -p 443 \

Installing with APT (Debian/Ubuntu)

sudo curl -fsSLR -o /etc/apt/trusted.gpg.d/roxy.gpg
# Or "curl | sudo apt-key add -"
echo 'deb roxy main' | sudo tee /etc/apt/sources.list.d/roxy.list
sudo apt update
sudo apt install roxy