GoDoxy

go‑doxy is a lightweight, reverse‑proxy platform built in Go that couples a fully‑featured Web UI with a robust API surface. From the developer’s perspective, it is designed to be plug‑and‑play: a single binary that can be deployed in any environment that supports Docker or Podman, with optional Proxmox LXC support for idle‑sleep functionality. The core of go‑doxy is a label‑driven configuration engine that watches container runtimes and automatically translates Docker labels or dedicated route files into routing rules, allowing instant proxy updates without restarting the service.

• Language & Runtime: Go 1.22+, leveraging the standard library’s net/http and the x/net extensions for TLS/ALPN. The binary is statically compiled, resulting in a ~10 MB footprint that runs on Linux, macOS, and Windows.
• Container Runtime: Supports Docker (CLI & API) and Podman via the same OCI‑compatible interface. go‑doxy exposes a thin wrapper around docker events and the Podman REST API to detect container lifecycle changes in real time.
• Configuration & Storage: Runtime state is persisted in a local SQLite database for configuration, logs, and metrics. The UI communicates with the backend over JSON‑encoded REST endpoints secured by OpenID Connect or a custom ForwardAuth provider.
• TLS & Certificate Management: Lets Encrypt integration uses the DNS‑01 challenge. The implementation is a custom ACME client that reads provider credentials from environment variables, making it agnostic to the DNS platform.
• Metrics & Observability: Built‑in Prometheus metrics are exposed on /metrics. The UI visualizes these metrics using lightweight JavaScript charts, and logs can be streamed directly from Docker containers.

• Dynamic Routing: Labels such as godoxy.host=example.com or a route file in /etc/godoxy/routes.yaml automatically create HTTP reverse‑proxy rules. The system supports both host and path based routing, with support for HTTP/2 and TLS termination.
• Access Control: ACLs can be applied at connection or request level, filtering by IP/CIDR, country (via MaxMind GeoIP), and timezone. The ACL engine evaluates rules in order and records every decision for audit logs.
• Idle‑Sleep: For containers that should not run when idle, go‑doxy exposes a /sleep endpoint. The backend monitors traffic and issues Docker stop/start commands, reducing resource consumption for low‑traffic services.
• Middleware & Customization: Developers can inject custom middlewares (e.g., rate limiting, caching) through a plugin interface. Error pages can be overridden per host by placing HTML files in a dedicated directory.
• API & Webhooks: A RESTful API exposes CRUD operations for routes, ACLs, and system settings. Webhooks can be configured to notify external services on configuration changes or access events.

• Self‑Hosting: A single binary can be run in any container or bare‑metal environment. The godoxy service listens on a configurable port (default 80/443) and can be exposed behind another reverse proxy if needed.
• Containerization: Official Docker images are available on Docker Hub (yusing/godoxy). The image is minimal (Alpine + Go binary) and supports multi‑stage builds for custom extensions.
• Scalability: go‑doxy can be deployed in a multi‑node setup by sharing the SQLite database via NFS or an external PostgreSQL instance. The daemon monitors a shared configuration directory, allowing horizontal scaling with minimal overhead.
• Resource Footprint: CPU usage is < 10 % under moderate load, and memory consumption stays below 50 MB for a typical deployment with 10 routes. The idle‑sleep feature further reduces the container count during low traffic periods.

• Plugin System: Developers can write Go plugins that register custom middlewares or route generators. The plugin API is intentionally lightweight, exposing only the necessary hooks for request/response manipulation.
• OpenID Connect & ForwardAuth: Integration with any OIDC provider is supported out of the box, enabling SSO for internal dashboards or protected APIs. ForwardAuth allows arbitrary authentication services (e.g., TinyAuth) to be plugged in by exposing a simple HTTP endpoint that returns the authenticated user.
• Webhooks & Events: go‑doxy emits JSON events on /webhook when routes are added, removed, or updated. This can trigger CI/CD pipelines, alerting systems, or custom monitoring dashboards.

• Configuration: The UI provides a drag‑and‑drop editor for routes and ACLs, while the CLI (godoxyctl) offers scripted configuration for CI pipelines. Both use the same underlying JSON schema, ensuring consistency.
• Documentation: The official docs (docs.godoxy.dev) are comprehensive, with code samples in Go and shell scripts. The API reference is auto‑generated from OpenAPI specs.
• Community: An active Discord channel and GitHub Discussions forum provide quick support. The project follows semantic versioning, with frequent releases that include performance improvements and new features.

1. Internal Microservice Gateway – Expose multiple internal services behind a single domain, applying per‑service ACLs and S