Open Source Linux Reverse Proxy Servers
Sort By:
Reverse Proxy Servers for Linux
View 51 business solutionsBrowse free open source Reverse Proxy servers and projects for Linux below. Use the toggles on the left to filter open source Reverse Proxy servers by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
Cloudflare Tunnel Client
Cloudflare Tunnel Client
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help. You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/web socket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help. -
2
ngrok
Unified ingress for developers
ngrok is a globally distributed, secure reverse proxy and tunneling service that exposes applications running on local machines behind NATs or firewalls to the public internet. It simplifies remote debugging, webhooks integration, and secure ingress by wrapping reverse proxy, firewall traversal, API gateway, and load-balancing functionality into a single tool. ngrok is a globally distributed reverse proxy that secures, protects and accelerates your applications and network services, no matter where you run them. You can think of ngrok as the front door to your applications. ngrok combines your reverse proxy, firewall, API gateway, and global load balancing into one. ngrok can capture and analyze all traffic to your web service for later inspection and replay. -
3
V2Fly
A platform for building proxies to bypass network restrictions
V2Fly Project V is a set of network tools that helps you to build your own computer network. It secures your network connections and thus protects your privacy. Help you build an exclusive basic communication network. A V2Ray process can concurrently support multiple inbound and outbound protocols, and each protocol can work independently. Inbound traffic can be sent from different outlets according to the configuration. Easily implement distribution by region or domain name to achieve optimal network performance. V2Ray can open multiple protocol support at the same time, including Socks, HTTP, Shadowsoks and VMess. The transmission carrier can be set separately for each protocol, such as TCP, mKCP and WebSocket. Nodes of V2Ray can be disguised as a normal website (HTTPS) to confuse its traffic with normal web traffic to avoid third-party interference. Universal reverse proxy support can achieve intranet penetration. -
4
frp
A Fast Reverse Proxy
frp stands for exactly what it is: a fast reverse proxy. It helps you expose a local server behind a NAT or firewall to the Internet. It is currently under development, but already supports TCP and UDP, as well as HTTP and HTTPS protocols where requests can be forwarded to internal services by domain name. It also has a P2P connect mode and many other nifty features. These include configuration files, environment variables, a dashboard that shows you frp's status and proxies' statistics information, an Admin UI that helps you check and manage frpc's configuration, and many others. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
gost
GO Simple Tunnel, a simple tunnel written in golang
A simple security tunnel written in Golang. Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. In addition to configuring services directly from the command line, parameters can also be set by specifying the external configuration file with the -C parameter. -
6
RELIANOID
Network Load Balancer and Application Security
RELIANOID is an open core (Debian GNU/Linux based) Application Delivery Controller (ADC) with advanced load balancing features such as Network Load Balancer, Application Load Balancer with SSL offloading, Advance Network Configuration including Virtual Interfaces, VLANs, Bonding with link aggregation, IPv4/IPv6, advanced routing, stateless cluster, web GUI, JSON API and much more! Enterprise Edition Load Balancer is available with extra features such as global service load balancing (gslb), application security including web application firewall (WAF), blacklists, Realtime Blackhole Lists (DNSBL), DDoS protection, stateful clustering, SNMP monitoring, email and SNMP notifications, RBAC, VPN support, and the best Support directly from an expert Team. -
7
EdgeVPN
The immutable, decentralized, statically built p2p VPN
Fully Decentralized. Immutable. Portable. Easy to use Statically compiled VPN and a reverse proxy over p2p. EdgeVPN uses libp2p to build private decentralized networks that can be accessed via shared secrets. -
8
Caddy
Powerful, enterprise-ready, open source web server w/ automatic HTTPS
Caddy is a powerful, extensible, enterprise-ready server platform that uses TLS by default. Everything you would require in your infrastructure, from TLS certificate renewals and OCSP stapling, to reverse proxying and ingress, Caddy simplifies it all. Its modular architecture lets you do more with just a single static binary that compiles for any platform. Caddy is the only web server that uses HTTPS automatically and by default. It automatically renews TLS certificates, staples OCSP responses and more. Though used mostly as an HTTPS server, Caddy can be used to run Go applications, offering automated documentation, graceful on-line config changes via API and more to these apps. Caddy is very extensible, with a powerful plugin system unlike any other web server. -
9
SKUDONET
SKUDONET Open Source Load Balancer and Web Application Firewall
SKUDONET Community Edition is an Open Source Load Balancer and Web Application Firewall (WAF) designed for Linux server environments. Formerly known as Zevenet, it is based on Debian 12.8, providing a stable and secure foundation for reliable application delivery and cybersecurity. This edition is suitable for Linux and Windows server deployments (not for mobile platforms), offering advanced Layer 4 and Layer 7 traffic management with support for up to 250,000 TCP requests per second (L4) and 70,000 HTTPS requests per second (L7). SKUDONET Community Edition includes a full REST JSON API for integration into on-premises or hybrid cloud infrastructures, and it is used in thousands of deployments worldwide. Documentation, administration guides, and API references are available at: https://www.skudonet.com/knowledge-base/ -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
10
ssl-proxy
Zero-config SSL reverse proxy with real autogenerated certificates
Simple single-command SSL reverse proxy with autogenerated certificates (LetsEncrypt, self-signed) A handy and simple way to add SSL to your thing running on a VM--be it your personal jupyter notebook or your team jenkins instance. ssl-proxy autogenerates SSL certs and proxies HTTPS traffic to an existing HTTP server in a single command. -
11
GoProxy
High performance proxy server implemented by golang
The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies, udp proxies, game shield, game proxies. Supports forward proxies, reverse proxy, transparent proxy, internet nat proxies, https proxy load balancing, http proxy load balancing , socks5 proxies load balancing, socket proxy load balancing, ss proxy load balancing, TCP / UDP port mapping, SSH transit, TLS encrypted transmission, protocol conversion, anti-pollution DNS proxy, API authentication, speed limit, limit connection. Reverse proxy to help you expose a local server behind a NAT or firewall to the internet so that you or your visitors can access it directly and easily. Chained proxies, the program itself can be used as a proxy, and if it is set up, it can be used as a secondary proxy or even an N-level proxy. -
12
rathole
A lightweight and high-performance reverse proxy for NAT traversal
A secure, stable and high-performance reverse proxy for NAT traversal, written in Rust. rathole, like frp and ngrok, can help to expose the service on the device behind the NAT to the Internet, via a server with a public IP. High Performance Much higher throughput can be achieved than frp, and more stable when handling a large volume of connections. Low Resource Consumption Consumes much fewer memory than similar tools. See Benchmark. The binary can be as small as ~500KiB to fit the constraints of devices, like embedded devices as routers. Security Tokens of services are mandatory and service-wise. The server and clients are responsible for their own configs. With the optional Noise Protocol, encryption can be configured at ease. No need to create a self-signed certificate! TLS is also supported. -
13
OAuth2 Proxy
A reverse proxy that provides authentication with Google, Azure, etc.
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. If you are running a version older than v6.0.0 we strongly recommend you please update to the current version. After returning from the authentication provider, the OAuth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings). -
14
Traefik
An open-source reverse proxy and load balancer
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need. -
15
Skipper
An HTTP router and reverse proxy for service composition
Skipper is an HTTP router and reverse proxy for service composition. It’s designed to handle large amounts of dynamically configured HTTP route definitions (>800000 routes) with detailed lookup conditions, and flexible augmentation of the request flow with filters. It can be used out of the box or extended with custom lookup, filter logic and configuration sources. Skipper identifies routes based on the requests’ properties, such as path, method, host and headers using the predicates. It allows the modification of the requests and responses with filters that are independently configured for each route. Skipper can be used to run as a Kubernetes Ingress controller. Details with examples of Skipper’s capabilities and an overview can be found in the ingress-controller deployment docs. -
16
Ergo Proxy
The management of multiple apps running over different ports made easy
The reverse proxy agent for local domain management. The management of multiple apps running over different ports made easy through custom local domains. Ergo's goal is to be a simple reverse proxy that follows the Unix philosophy of doing only one thing and doing it well. Simplicity means no magic involved. -
17
Infrared
An ultra lightweight minecraft reverse proxy and idle placeholder
An ultra lightweight Minecraft reverse proxy and idle placeholder: Ever wanted to have only one exposed port on your server for multiple Minecraft servers? Then Infrared is the tool you need! Infrared works as a reverse proxy using a subdomain to connect clients to a specific Minecraft server. It works similar to Nginx for those of you who are familiar. -
18
YARP
A toolkit for developing high-performance HTTP reverse proxy apps
YARP is a library to help create reverse proxy servers that are high-performance, production-ready, and highly customizable. We found a bunch of internal teams at Microsoft who were either building a reverse proxy for their service or had been asking about APIs and tech for building one, so we decided to get them all together to work on a common solution, this project. Each of these projects was doing something slightly off the beaten path which meant they were not well served by existing proxies, and customization of those proxies had a high cost and ongoing maintenance considerations. Many of the existing proxies were built to support HTTP/1.1, but with workloads changing to include gRPC traffic, they require HTTP/2 support which requires a significantly more complex implementation. By using YARP the projects get to customize the routing and handling behavior without having to implement the http protocol. -
19
gRPC-Gateway
gRPC to JSON proxy generator following the gRPC HTTP spec
gRPC-Gateway is a plugin of protoc. It reads a gRPC service definition and generates a reverse-proxy server which translates a RESTful JSON API into gRPC. This server is generated according to custom options in your gRPC definition. gRPC-Gateway helps you to provide your APIs in both gRPC and RESTful style at the same time. gRPC is great -- it generates API clients and server stubs in many programming languages, it is fast, easy to use, and bandwidth-efficient and its design is combat-proven by Google. However, you might still want to provide a traditional RESTful JSON API as well. Reasons can range from maintaining backward compatibility, supporting languages or clients that are not well supported by gRPC, to simply maintaining the aesthetics and tooling involved with a RESTful JSON architecture. This project aims to provide that HTTP+JSON interface to your gRPC service. -
20
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
-
21
Fabio
Consul Load-Balancing made simple
Fabio is an HTTP and TCP reverse proxy that configures itself with data from Consul. Traditional load balancers and reverse proxies need to be configured with a config file. The configuration contains the hostnames and paths the proxy is forwarding to upstream services. This process can be automated with tools like consul-template that generate config files and trigger a reload. Fabio works differently since it updates its routing table directly from the data stored in Consul as soon as there is a change and without restart or reloading. When you register a service in Consul all you need to add is a tag that announces the paths the upstream service accepts, e.g. urlprefix-/user or urlprefix-/order and fabio will do the rest. Fabio was developed and maintained by Frank Schröder through January, 2020. Since that date primary maintenance has been the responsibility of ENA and the great community of users. -
22
Lanproxy
Intranet penetration tool that proxies local area network computers
Lanproxy is an intranet penetration tool that proxies local area network personal computers and servers to the public network. It supports tcp traffic forwarding and any tcp upper layer protocol (access to intranet websites, local payment interface debugging, ssh access, remote desktop, http proxy) , https proxy, socks5 proxy...). Penetration basic functions, same as the open source version, high performance, can support tens of thousands of penetration connections at the same time. Support http/https/socks5 multiple modes Use the client network proxy to surf the Internet, and easily access the company network at home. Custom domain name ssl certificate, you can also enable automatic application and renewal of ssl certificate for your bound domain name without manual intervention. -
23
Vulcain
Fast and idiomatic client-driven REST APIs
Vulcain is a brand new protocol using HTTP/2 Server Push to create fast and idiomatic client-driven REST APIs. An open-source gateway server that you can put on top of any existing web API to instantly turn it into a Vulcain-compatible one is also provided! It supports hypermedia APIs but also any "legacy" API by documenting its relations using OpenAPI. The protocol has been published as an Internet-Draft that is maintained in this repository. A reference, production-grade, implementation gateway server is also available in this repository. It's free software (AGPL) written in Go. A Docker image is provided. Current solutions for these problems (GraphQL, JSON:API's embedded resources and sparse fieldsets, etc.) are smart network hacks for HTTP/1. But these hacks come with (too) many drawbacks when it comes to HTTP cache, logs and even security. Fortunately, thanks to the new features introduced in HTTP/2, it's now possible to create true REST APIs fixing these problems with ease. -
24
UUSEC WAF
AI and semantic technology Web Application Firewall
UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched by UUSEC Technology, which first realizes the three-layer defense function of traffic layer, system layer, and runtime layer. -
25
BunkerWeb
Next-generation and open-source Web Application Firewall (WAF).
Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
