Open Source Linux Reverse Proxy Servers
Sort By:
Reverse Proxy Servers for Linux
View 47 business solutionsBrowse free open source Reverse Proxy servers and projects for Linux below. Use the toggles on the left to filter open source Reverse Proxy servers by OS, license, language, programming language, and project status.
-
Auth0 for AI Agents now in GAConnect your AI agents to apps and data more securely, give users control over the actions AI agents can perform and the data they can access, and enable human confirmation for critical agent actions.
-
Stay in Flow. Let Zenflow Handle the Heavy Lifting.Zenflow is your engineering control center, turning specs into shipped features. Parallel agents handle coding, testing, and refactoring with real repo context. Multi-agent workflows remove bottlenecks and automate routine work so developers stay focused and in flow.
-
1
Cloudflare Tunnel Client
Cloudflare Tunnel client (formerly Argo Tunnel)
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help. You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/web socket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help. -
2
ngrok
Unified ingress for developers
ngrok is a globally distributed, secure reverse proxy and tunneling service that exposes applications running on local machines behind NATs or firewalls to the public internet. It simplifies remote debugging, webhooks integration, and secure ingress by wrapping reverse proxy, firewall traversal, API gateway, and load-balancing functionality into a single tool. ngrok is a globally distributed reverse proxy that secures, protects and accelerates your applications and network services, no matter where you run them. You can think of ngrok as the front door to your applications. ngrok combines your reverse proxy, firewall, API gateway, and global load balancing into one. ngrok can capture and analyze all traffic to your web service for later inspection and replay. -
3
SKUDONET
SKUDONET Open Source Load Balancer and Web Application Firewall
SKUDONET Community Edition is an Open Source Load Balancer and Web Application Firewall (WAF) designed for Linux server environments. Formerly known as Zevenet, it is based on Debian 12.8, providing a stable and secure foundation for reliable application delivery and cybersecurity. This edition is suitable for Linux and Windows server deployments (not for mobile platforms), offering advanced Layer 4 and Layer 7 traffic management with support for up to 250,000 TCP requests per second (L4) and 70,000 HTTPS requests per second (L7). SKUDONET Community Edition includes a full REST JSON API for integration into on-premises or hybrid cloud infrastructures, and it is used in thousands of deployments worldwide. Documentation, administration guides, and API references are available at: https://www.skudonet.com/knowledge-base/ -
4
frp
A Fast Reverse Proxy
frp stands for exactly what it is: a fast reverse proxy. It helps you expose a local server behind a NAT or firewall to the Internet. It is currently under development, but already supports TCP and UDP, as well as HTTP and HTTPS protocols where requests can be forwarded to internal services by domain name. It also has a P2P connect mode and many other nifty features. These include configuration files, environment variables, a dashboard that shows you frp's status and proxies' statistics information, an Admin UI that helps you check and manage frpc's configuration, and many others. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
RELIANOID
Network Load Balancer and Application Security
RELIANOID is an open core (Debian GNU/Linux based) Application Delivery Controller (ADC) with advanced load balancing features such as Network Load Balancer, Application Load Balancer with SSL offloading, Advance Network Configuration including Virtual Interfaces, VLANs, Bonding with link aggregation, IPv4/IPv6, advanced routing, stateless cluster, web GUI, JSON API and much more! Enterprise Edition Load Balancer is available with extra features such as global service load balancing (gslb), application security including web application firewall (WAF), blacklists, Realtime Blackhole Lists (DNSBL), DDoS protection, stateful clustering, SNMP monitoring, email and SNMP notifications, RBAC, VPN support, and the best Support directly from an expert Team. -
6
Project V
A platform for building proxies to bypass network restrictions
Project V is a set of network tools that helps you to build your own computer network. It secures your network connections and thus protects your privacy. Help you build an exclusive basic communication network. A V2Ray process can concurrently support multiple inbound and outbound protocols, and each protocol can work independently. Inbound traffic can be sent from different outlets according to the configuration. Easily implement distribution by region or domain name to achieve optimal network performance. V2Ray can open multiple protocol support at the same time, including Socks, HTTP, Shadowsoks and VMess. The transmission carrier can be set separately for each protocol, such as TCP, mKCP and WebSocket. Nodes of V2Ray can be disguised as a normal website (HTTPS) to confuse its traffic with normal web traffic to avoid third-party interference. Universal reverse proxy support can achieve intranet penetration. -
7
Caddy
Powerful, enterprise-ready, open source web server w/ automatic HTTPS
Caddy is a powerful, extensible, enterprise-ready server platform that uses TLS by default. Everything you would require in your infrastructure, from TLS certificate renewals and OCSP stapling, to reverse proxying and ingress, Caddy simplifies it all. Its modular architecture lets you do more with just a single static binary that compiles for any platform. Caddy is the only web server that uses HTTPS automatically and by default. It automatically renews TLS certificates, staples OCSP responses and more. Though used mostly as an HTTPS server, Caddy can be used to run Go applications, offering automated documentation, graceful on-line config changes via API and more to these apps. Caddy is very extensible, with a powerful plugin system unlike any other web server. -
8
EdgeVPN
The immutable, decentralized, statically built p2p VPN
Fully Decentralized. Immutable. Portable. Easy to use Statically compiled VPN and a reverse proxy over p2p. EdgeVPN uses libp2p to build private decentralized networks that can be accessed via shared secrets. -
9
gost
GO Simple Tunnel, a simple tunnel written in golang
A simple security tunnel written in Golang. Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. In addition to configuring services directly from the command line, parameters can also be set by specifying the external configuration file with the -C parameter. -
Yeastar: Business Phone System and Unified CommunicationsUser-friendly, optimized, and scalable, the Yeastar P-Series Phone System redefines business connectivity by bringing together calling, meetings, omnichannel messaging, and integrations in one simple platform—removing the limitations of distance, platforms, and systems.
-
10
OAuth2 Proxy
A reverse proxy that provides authentication with Google, Azure, etc.
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. If you are running a version older than v6.0.0 we strongly recommend you please update to the current version. After returning from the authentication provider, the OAuth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings). -
11
NGINX Ingress Controller
NGINX Ingress Controller for Kubernetes
ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. It is built around the Kubernetes Ingress resource, using a ConfigMap to store the NGINX configuration. The goal of this Ingress controller is the assembly of a configuration file (nginx.conf). The main implication of this requirement is the need to reload NGINX after any change in the configuration file. Though it is important to note that we don't reload Nginx on changes that impact only an upstream configuration (i.e Endpoints change when you deploy your app). We use lua-nginx-module to achieve this. Check below to learn more about how it's done. Usually, a Kubernetes Controller utilizes the synchronization loop pattern to check if the desired state in the controller is updated or a change is required. To this purpose, we need to build a model using different objects from the cluster, in particular (in no special order) Ingresses, Services, Endpoints, Secrets, and Configmaps. -
12
Traefik
An open-source reverse proxy and load balancer
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. -
13
Easegress
A Cloud Native traffic orchestration system
The Easegres (formally known as Ease Gateway) helps to enlarge the availability and stability, also can improve the performance without changing a line of code. It also can smoothly support rapid business growth without re-arch the whole system. Easegress can be a typical seven-level API Gateway, it also can be a side-car to be a Service Mesh, and Easegress can perfectly work with other software to ship powerful features, such as: Kubernetes Ingress, Knaitve FaaS, and Eureka/Consul/Etcd/Nacos and so on. The Easegress can management the traffic and APIs, not only can do load balancing, canary development but also can aggregate and pipeline a number of APIs. This function automatically helps the website optimize its performance, such as: adding the cache, merging the requests, and reducing the network bandwidth. Sometimes, a site could have unexpectedly higher traffic, the Ease Gateway could help to protect the critical service for critical customers. -
14
GoProxy
High performance proxy server implemented by golang
The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies, udp proxies, game shield, game proxies. Supports forward proxies, reverse proxy, transparent proxy, internet nat proxies, https proxy load balancing, http proxy load balancing , socks5 proxies load balancing, socket proxy load balancing, ss proxy load balancing, TCP / UDP port mapping, SSH transit, TLS encrypted transmission, protocol conversion, anti-pollution DNS proxy, API authentication, speed limit, limit connection. Reverse proxy to help you expose a local server behind a NAT or firewall to the internet so that you or your visitors can access it directly and easily. Chained proxies, the program itself can be used as a proxy, and if it is set up, it can be used as a secondary proxy or even an N-level proxy. -
15
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
-
16
Ergo Proxy
The management of multiple apps running over different ports made easy
The reverse proxy agent for local domain management. The management of multiple apps running over different ports made easy through custom local domains. Ergo's goal is to be a simple reverse proxy that follows the Unix philosophy of doing only one thing and doing it well. Simplicity means no magic involved. -
17
Fabio
Consul Load-Balancing made simple
Fabio is an HTTP and TCP reverse proxy that configures itself with data from Consul. Traditional load balancers and reverse proxies need to be configured with a config file. The configuration contains the hostnames and paths the proxy is forwarding to upstream services. This process can be automated with tools like consul-template that generate config files and trigger a reload. Fabio works differently since it updates its routing table directly from the data stored in Consul as soon as there is a change and without restart or reloading. When you register a service in Consul all you need to add is a tag that announces the paths the upstream service accepts, e.g. urlprefix-/user or urlprefix-/order and fabio will do the rest. Fabio was developed and maintained by Frank Schröder through January, 2020. Since that date primary maintenance has been the responsibility of ENA and the great community of users. -
18
FastTunnel
Expose a local server to the internet
FastTunnel is a high-performance cross-platform intranet penetration tool. With it, you can expose intranet services to the public network for yourself or anyone to access. Unlike other penetration tools, the FastTunnel project is committed to creating an easy-to-extensible and easy-to-maintain intranet penetration framework. You can build your own penetration application by referencing the nuget package of FastTunnel.Core, and target the business extension functions you need. -
19
Lanproxy
Intranet penetration tool that proxies local area network computers
Lanproxy is an intranet penetration tool that proxies local area network personal computers and servers to the public network. It supports tcp traffic forwarding and any tcp upper layer protocol (access to intranet websites, local payment interface debugging, ssh access, remote desktop, http proxy) , https proxy, socks5 proxy...). Penetration basic functions, same as the open source version, high performance, can support tens of thousands of penetration connections at the same time. Support http/https/socks5 multiple modes Use the client network proxy to surf the Internet, and easily access the company network at home. Custom domain name ssl certificate, you can also enable automatic application and renewal of ssl certificate for your bound domain name without manual intervention. -
20
Pipy
Pipy is a programmable proxy for the cloud, edge and IoT
Pipy is a high performance programmable proxy for the cloud, edge and IoT. Its core is written in C++ with excellent cross-platform capability. It is both high performance and low resource. Pipy comes with a built-in JavaScript engine that allows easy custom logic implementation with the simple JS syntax, greatly reducing the complexity in high-performance network programming. It is suitable for a variety of hardware architectures including x86, ARM64, Loongson and RISC-V. It is also compatible with various other operating systems besides Linux. -
21
Tyk API Gateway
Open Source API Gateway written in Go
Tyk is an open source Enterprise API Gateway, supporting REST, GraphQL, TCP and gRPC protocols. Tyk Gateway is provided ‘Batteries-included’, with no feature lockout. Enabling your organization to control who accesses your APIs, when they access, and how they access it. Tyk Technologies uses the same API Gateway for all it’s applications. Protecting, securing, and processing APIs for thousands of organizations and businesses around the world. Ideal for Open Banking, building software in the clouds as well as exposing APIs to teams, partners & consumers. Built from the ground up to be the fastest API gateway on the planet. It does not depend on a legacy proxy underneath. It has no 3rd party dependencies aside from Redis for distributed rate-limiting and token storage. Tyk Gateway can also be deployed as part of a larger Full Lifecycle API Management platform Tyk Self-Managed which also includes Management Control Plane, Dashboard GUI and Developer Portal. -
22
gRPC-Gateway
gRPC to JSON proxy generator following the gRPC HTTP spec
gRPC-Gateway is a plugin of protoc. It reads a gRPC service definition and generates a reverse-proxy server which translates a RESTful JSON API into gRPC. This server is generated according to custom options in your gRPC definition. gRPC-Gateway helps you to provide your APIs in both gRPC and RESTful style at the same time. gRPC is great -- it generates API clients and server stubs in many programming languages, it is fast, easy to use, and bandwidth-efficient and its design is combat-proven by Google. However, you might still want to provide a traditional RESTful JSON API as well. Reasons can range from maintaining backward compatibility, supporting languages or clients that are not well supported by gRPC, to simply maintaining the aesthetics and tooling involved with a RESTful JSON architecture. This project aims to provide that HTTP+JSON interface to your gRPC service. -
23
SCFProxy
A proxy tool based on cloud function
SCFProxy is a tool to implement HTTP proxy, SOCKS proxy, and reverse proxy based on cloud function and API gateway provided by several cloud service providers. -
24
Sōzu
Sōzu HTTP reverse proxy, configurable at runtime, fast and safe
Open source HTTP reverse proxy built in Rust for immutable infrastructures. Most existing tools have a static vision of production: a service is installed once on a long-lived server, updated from time to time, with configuration rarely changing. There's now a shift in infrastructure to short-lived virtual machines and hundreds of new deployments per day, and the usual tools reach their limits. How do we reconcile a dynamic environment with availability guarantees? How can we get "zero downtime" deployments for critical services? SŌZU is a HTTP reverse proxy built in Rust, that can handle fine-grained configuration changes at runtime without reloads, and is designed to never ever stop. SŌZU receives and handles configuration changes at runtime and updates its internal configuration without restarts. You can update the configuration multiple times per second, and it will take care of lingering connections. -
25
sshpiper
The missing reverse proxy for ssh scp
sshpiper is the reverse proxy for sshd. all protocols, including ssh, scp, port forwarding, running on top of ssh are supported.
