A super simple HTTP/1.1 proxy, with TLS and Let's Encrypt support.
rproxy takes care of your Let's Encrypt certificates, automatically renewing them. This is done by the excellent txacme library.
Install from PyPI:
$ pip install rproxy
Make a directory to store your certificates:
$ mkdir my-certs
Make a rproxy.ini:
[rproxy] certificates=my-certs http_ports=80 https_ports=443 [hosts] mysite.com_port=8080
Then run it:
sudo twistd -u nobody -g nobody -n rproxy
This will start the server, drop permissions (setting the effective uid/guid to nobody), and will proxy incoming requests to mysite.com to localhost:8080.
You can configure it further:
[rproxy] certificates=my-certs http_ports=80,8080 https_ports=443 clacks=true [hosts] mysite.com_port=8080 mysite.com_host=otherserver mysite.com_onlysecure=True mysite.com_proxysecure=True myothersite.net_port=8081
This config will:
- connect to
https://otherserver:8080as the proxied server formysite.com, and only allow HTTPS connections to the proxy for this site - connect to
http://localhost:8081as the proxied server formyothersite.net, and allow HTTP or HTTPS connections.
http_ports-- comma-separated list of numerical ports to listen on for HTTP connections.https_ports-- comma-separated list of numerical ports to listen on for HTTPS connections.certificates-- directory where certificates are kept.clacks-- EnableX-Clacks-Overheadfor requests.
<host>_onlysecure-- enforce HTTPS connections. If not set, or set to False, it will allow HTTP and HTTPS connections.<host>_proxysecure-- connect to the proxied server by HTTPS. If not set, or set to False, it will connect over HTTP.<host>_port-- The port of the proxied server that this proxy should connect to.<host>_host-- the hostname/IP of the server to proxy to.<host>_sendhsts-- send HSTS headers on HTTPS connections.<host>_wwwtoo-- matchwwwtoo.