chore(docs): update package docs

- Introduced `NewTestRoute` function to simplify route creation in benchmark tests.
- Replaced direct route validation and starting with error handling using `require.NoError`.
- Updated server retrieval to use `common.ProxyHTTPAddr` for consistency.
- Improved logging for HTTP route addition errors in `AddRoute` method.

.github/workflows/docker-image-compat.yml

@@ -1,20 +0,0 @@
-name: Docker Image CI (compat)
-
-on:
-  push:
-    branches:
-      - compat
-
-jobs:
-  build-compat:
-    uses: ./.github/workflows/docker-image.yml
-    with:
-      image_name: ${{ github.repository_owner }}/godoxy
-      tag: latest-compat
-      target: main
-  build-compat-agent:
-    uses: ./.github/workflows/docker-image.yml
-    with:
-      image_name: ${{ github.repository_owner }}/godoxy-agent
-      tag: latest-compat
-      target: agent

.github/workflows/docker-image-nightly.yml

@@ -8,7 +8,6 @@ on:
       - "**" # matches every branch
       - "!dependabot/*"
       - "!main" # excludes main
-      - "!compat" # excludes compat branch
 
 jobs:
   build-nightly:

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+yusing@6uo.me.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: deps
-FROM golang:1.25.6-alpine AS deps
+FROM golang:1.25.7-alpine AS deps
 HEALTHCHECK NONE
 
 # package version does not matter

agent/cmd/main.go

@@ -161,7 +161,7 @@ Tips:
 		srv.Serve(l)
 	}
 
-	systeminfo.Poller.Start()
+	systeminfo.Poller.Start(t)
 
 	task.WaitExit(3)
 }

agent/go.mod

@@ -1,6 +1,11 @@
 module github.com/yusing/godoxy/agent
 
-go 1.25.6
+go 1.25.7
+
+exclude (
+	github.com/moby/moby/api v1.53.0 // allow older daemon versions
+	github.com/moby/moby/client v0.2.2 // allow older daemon versions
+)
 
 replace (
 	github.com/shirou/gopsutil/v4 => ../internal/gopsutil
@@ -14,9 +19,8 @@ replace (
 
 exclude github.com/containerd/nerdctl/mod/tigron v0.0.0
 
-exclude github.com/yusing/godoxy/internal/utils v0.0.0-20250927032450-e2aeef3a863f
-
 require (
+	github.com/bytedance/sonic v1.15.0
 	github.com/gin-gonic/gin v1.11.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/pion/dtls/v3 v3.0.10
@@ -32,7 +36,6 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
-	github.com/bytedance/sonic v1.15.0 // indirect
 	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
@@ -41,7 +44,6 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/cli v29.2.0+incompatible // indirect
-	github.com/docker/docker v28.5.2+incompatible // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ebitengine/purego v0.9.1 // indirect
@@ -65,9 +67,8 @@ require (
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/moby/api v1.53.0 // indirect
-	github.com/moby/sys/sequential v0.6.0 // indirect
-	github.com/moby/term v0.5.2 // indirect
+	github.com/moby/moby/api v1.52.0 // indirect
+	github.com/moby/moby/client v0.2.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -75,7 +76,6 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pion/logging v0.2.4 // indirect
 	github.com/pion/transport/v4 v4.0.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/puzpuzpuz/xsync/v4 v4.4.0 // indirect
@@ -90,14 +90,13 @@ require (
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.69.0 // indirect
 	github.com/yusing/ds v0.4.1 // indirect
-	github.com/yusing/gointernals v0.1.16 // indirect
+	github.com/yusing/gointernals v0.1.18 // indirect
 	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468 // indirect
 	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
 	go.opentelemetry.io/otel v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
 	go.opentelemetry.io/otel/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	golang.org/x/arch v0.23.0 // indirect
@@ -105,7 +104,6 @@ require (
 	golang.org/x/net v0.49.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

agent/go.sum

@@ -1,5 +1,3 @@
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
@@ -26,8 +24,6 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
 github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -43,8 +39,6 @@ github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
 github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -101,8 +95,6 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12 h1:9Nu54bhS/H/Kgo2/7xNSUuC5G28VR8ljfrLKU2G4IjU=
@@ -136,21 +128,15 @@ github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
 github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
-github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -169,7 +155,6 @@ github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k
 github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
 github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN0s1U=
 github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
@@ -225,8 +210,8 @@ github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZ
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yusing/ds v0.4.1 h1:syMCh7hO6Yw8xfcFkEaln3W+lVeWB/U/meYv6Wf2/Ig=
 github.com/yusing/ds v0.4.1/go.mod h1:XhKV4l7cZwBbbl7lRzNC9zX27zvCM0frIwiuD40ULRk=
-github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
-github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
+github.com/yusing/gointernals v0.1.18 h1:ou8/0tPURUgAOBJu3TN/iWF4S/5ZYQaap+rVkaJNUMw=
+github.com/yusing/gointernals v0.1.18/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
@@ -235,10 +220,6 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGN
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
 go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
 go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
 go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
 go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
 go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
@@ -247,8 +228,6 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W
 go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
 go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
 go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
@@ -279,12 +258,6 @@ golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
 golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
-google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
-google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -295,3 +268,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

agent/pkg/agent/stream/tests/server_flow_test.go

@@ -102,6 +102,7 @@ func TestUDPServer_RejectInvalidClient(t *testing.T) {
 
 	srv := startUDPServer(t, certs)
 
+
 	// Try to connect with a client cert from a different CA
 	_, err = stream.NewUDPClient(srv.Addr.String(), dstAddr, certs.CaCert, invalidClientCert)
 	require.Error(t, err, "expected error when connecting with client cert from different CA")

agent/pkg/agentproxy/config.go

@@ -2,11 +2,11 @@ package agentproxy
 
 import (
 	"encoding/base64"
-	"encoding/json"
 	"net/http"
 	"strconv"
 	"time"
 
+	"github.com/bytedance/sonic"
 	route "github.com/yusing/godoxy/internal/route/types"
 )
 
@@ -53,7 +53,7 @@ func proxyConfigFromHeaders(h http.Header) (cfg Config, err error) {
 		return cfg, err
 	}
 
-	err = json.Unmarshal(cfgJSON, &cfg)
+	err = sonic.Unmarshal(cfgJSON, &cfg)
 	return cfg, err
 }
 
@@ -67,7 +67,7 @@ func (cfg *Config) SetAgentProxyConfigHeadersLegacy(h http.Header) {
 func (cfg *Config) SetAgentProxyConfigHeaders(h http.Header) {
 	h.Set(HeaderXProxyHost, cfg.Host)
 	h.Set(HeaderXProxyScheme, string(cfg.Scheme))
-	cfgJSON, _ := json.Marshal(cfg.HTTPConfig)
+	cfgJSON, _ := sonic.Marshal(cfg.HTTPConfig)
 	cfgBase64 := base64.StdEncoding.EncodeToString(cfgJSON)
 	h.Set(HeaderXProxyConfig, cfgBase64)
 }

agent/pkg/handler/check_health.go

@@ -1,7 +1,6 @@
 package handler
 
 import (
-	"encoding/json"
 	"net"
 	"net/http"
 	"net/url"
@@ -9,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	healthcheck "github.com/yusing/godoxy/internal/health/check"
 	"github.com/yusing/godoxy/internal/types"
 )
@@ -73,7 +73,7 @@ func CheckHealth(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(result)
+	sonic.ConfigDefault.NewEncoder(w).Encode(result)
 }
 
 func parseMsOrDefault(msStr string) time.Duration {

agent/pkg/handler/handler.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
-	"encoding/json"
 	"net/http"
 
+	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -51,7 +51,7 @@ func NewAgentHandler() http.Handler {
 			Runtime: env.Runtime,
 		}
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(agentInfo)
+		sonic.ConfigDefault.NewEncoder(w).Encode(agentInfo)
 	})
 	mux.HandleEndpoint("GET", agent.EndpointHealth, CheckHealth)
 	mux.HandleEndpoint("GET", agent.EndpointSystemInfo, metricsHandler.ServeHTTP)

cmd/bench_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.25.6-alpine AS builder
+FROM golang:1.25.7-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/bench_server/go.mod

@@ -1,3 +1,3 @@
 module github.com/yusing/godoxy/cmd/bench_server
 
-go 1.25.6
+go 1.25.7

cmd/debug_page.go

@@ -181,7 +181,6 @@ func newApiHandler(debugMux *debugMux) *gin.Engine {
 		registerGinRoute(v1, "GET", "Route favicon", "/favicon", apiV1.FavIcon)
 		registerGinRoute(v1, "GET", "Route health", "/health", apiV1.Health)
 		registerGinRoute(v1, "GET", "List icons", "/icons", apiV1.Icons)
-		registerGinRoute(v1, "POST", "Config reload", "/reload", apiV1.Reload)
 		registerGinRoute(v1, "GET", "Route stats", "/stats", apiV1.Stats)
 
 		route := v1.Group("/route")

cmd/h2c_test_server/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.25.6-alpine AS builder
+FROM golang:1.25.7-alpine AS builder
 
 HEALTHCHECK NONE
 

cmd/h2c_test_server/go.mod

@@ -1,6 +1,6 @@
 module github.com/yusing/godoxy/cmd/h2c_test_server
 
-go 1.25.6
+go 1.25.7
 
 require golang.org/x/net v0.49.0
 

cmd/main.go

@@ -1,12 +1,12 @@
 package main
 
 import (
+	"errors"
 	"os"
 	"sync"
 	"time"
 
 	"github.com/rs/zerolog/log"
-	"github.com/yusing/godoxy/internal/api"
 	"github.com/yusing/godoxy/internal/auth"
 	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/config"
@@ -14,12 +14,9 @@ import (
 	iconlist "github.com/yusing/godoxy/internal/homepage/icons/list"
 	"github.com/yusing/godoxy/internal/logging"
 	"github.com/yusing/godoxy/internal/logging/memlogger"
-	"github.com/yusing/godoxy/internal/metrics/systeminfo"
-	"github.com/yusing/godoxy/internal/metrics/uptime"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
 	"github.com/yusing/godoxy/internal/route/rules"
 	gperr "github.com/yusing/goutils/errs"
-	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/task"
 	"github.com/yusing/goutils/version"
 )
@@ -51,7 +48,6 @@ func main() {
 	parallel(
 		dnsproviders.InitProviders,
 		iconlist.InitCache,
-		systeminfo.Poller.Start,
 		middleware.LoadComposeFiles,
 	)
 
@@ -66,35 +62,20 @@ func main() {
 
 	err := config.Load()
 	if err != nil {
+		var criticalErr config.CriticalError
+		if errors.As(err, &criticalErr) {
+			gperr.LogFatal("critical error in config", criticalErr)
+		}
 		gperr.LogWarn("errors in config", err)
 	}
 
-	config.StartProxyServers()
-
 	if err := auth.Initialize(); err != nil {
 		log.Fatal().Err(err).Msg("failed to initialize authentication")
 	}
 	rules.InitAuthHandler(auth.AuthOrProceed)
 
-	// API Handler needs to start after auth is initialized.
-	server.StartServer(task.RootTask("api_server", false), server.Options{
-		Name:     "api",
-		HTTPAddr: common.APIHTTPAddr,
-		Handler:  api.NewHandler(true),
-	})
-
-	// Local API Handler is used for unauthenticated access.
-	if common.LocalAPIHTTPAddr != "" {
-		server.StartServer(task.RootTask("local_api_server", false), server.Options{
-			Name:     "local_api",
-			HTTPAddr: common.LocalAPIHTTPAddr,
-			Handler:  api.NewHandler(false),
-		})
-	}
-
 	listenDebugServer()
 
-	uptime.Poller.Start()
 	config.WatchChanges()
 
 	close(done)

compose.example.yml

@@ -31,8 +31,8 @@ services:
     user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000}
     read_only: true
     tmpfs:
-      - /app/.next/cache # next image caching
-
+      - /tmp:rw
+      - /app/node_modules/.cache:rw
       # for lite variant, do not change uid/gid
       # - /var/cache/nginx:uid=101,gid=101
       # - /run:uid=101,gid=101

go.mod

@@ -1,6 +1,11 @@
 module github.com/yusing/godoxy
 
-go 1.25.6
+go 1.25.7
+
+exclude (
+	github.com/moby/moby/api v1.53.0 // allow older daemon versions
+	github.com/moby/moby/client v0.2.2 // allow older daemon versions
+)
 
 replace (
 	github.com/coreos/go-oidc/v3 => ./internal/go-oidc
@@ -14,12 +19,9 @@ replace (
 	github.com/yusing/goutils/server => ./goutils/server
 )
 
-exclude github.com/luthermonson/go-proxmox v0.3.0
-
 require (
 	github.com/PuerkitoBio/goquery v1.11.0 // parsing HTML for extract fav icon; modify_html middleware
 	github.com/coreos/go-oidc/v3 v3.17.0 // oidc authentication
-	github.com/docker/docker v28.5.2+incompatible // docker daemon
 	github.com/fsnotify/fsnotify v1.9.0 // file watcher
 	github.com/gin-gonic/gin v1.11.0 // api server
 	github.com/go-acme/lego/v4 v4.31.0 // acme client
@@ -41,12 +43,14 @@ require (
 
 require (
 	github.com/bytedance/gopkg v0.1.3 // xxhash64 for fast hash
-	github.com/bytedance/sonic v1.15.0 // indirect; fast json parsing
+	github.com/bytedance/sonic v1.15.0 // fast json parsing
 	github.com/docker/cli v29.2.0+incompatible // needs docker/cli/cli/connhelper connection helper for docker client
 	github.com/goccy/go-yaml v1.19.2 // yaml parsing for different config files
-	github.com/golang-jwt/jwt/v5 v5.3.1
-	github.com/luthermonson/go-proxmox v0.3.2
-	github.com/oschwald/maxminddb-golang v1.13.1
+	github.com/golang-jwt/jwt/v5 v5.3.1 // jwt authentication
+	github.com/luthermonson/go-proxmox v0.3.2 // proxmox API client
+	github.com/moby/moby/api v1.52.0 // docker API
+	github.com/moby/moby/client v0.2.1 // docker client
+	github.com/oschwald/maxminddb-golang v1.13.1 // maxminddb for geoip database
 	github.com/quic-go/quic-go v0.59.0 // http3 support
 	github.com/shirou/gopsutil/v4 v4.25.12 // system information
 	github.com/spf13/afero v1.15.0 // afero for file system operations
@@ -55,7 +59,7 @@ require (
 	github.com/yusing/ds v0.4.1 // data structures and algorithms
 	github.com/yusing/godoxy/agent v0.0.0-20260129101716-0f13004ad6ba
 	github.com/yusing/godoxy/internal/dnsproviders v0.0.0-20260129101716-0f13004ad6ba
-	github.com/yusing/gointernals v0.1.16
+	github.com/yusing/gointernals v0.1.18
 	github.com/yusing/goutils v0.7.0
 	github.com/yusing/goutils/http/reverseproxy v0.0.0-20260129081554-24e52ede7468
 	github.com/yusing/goutils/http/websocket v0.0.0-20260129081554-24e52ede7468
@@ -117,11 +121,11 @@ require (
 	github.com/ovh/go-ovh v1.9.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/samber/lo v1.52.0 // indirect
 	github.com/samber/slog-common v0.19.0 // indirect
+	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
 	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.36 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/sony/gobreaker v1.0.0 // indirect
@@ -146,10 +150,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-require github.com/moby/moby/api v1.53.0
-
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
@@ -159,7 +160,6 @@ require (
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/containerd/log v0.1.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
@@ -169,14 +169,11 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/linode/linodego v1.64.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nrdcg/goinwx v0.12.0 // indirect
 	github.com/nrdcg/oci-go-sdk/common/v1065 v1065.107.0 // indirect
 	github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.107.0 // indirect
@@ -186,16 +183,14 @@ require (
 	github.com/pion/transport/v4 v4.0.1 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/pquerna/otp v1.5.0 // indirect
-	github.com/samber/slog-zerolog/v2 v2.9.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/tklauser/go-sysconf v0.3.16 // indirect
 	github.com/tklauser/numcpus v0.11.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.1 // indirect
+	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	golang.org/x/arch v0.23.0 // indirect
 )

go.sum

@@ -23,8 +23,6 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourceg
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0/go.mod h1:wVEOJfGTj0oPAUGA1JuRAvz/lxXQsWW16axmHPP47Bk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
@@ -67,8 +65,6 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -82,8 +78,6 @@ github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
 github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -165,8 +159,6 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gotify/server/v2 v2.8.0 h1:E3UDDn/3rFZi1sjZfbuhXNnxJP3ACZhdcw/iySegPRA=
 github.com/gotify/server/v2 v2.8.0/go.mod h1:6ci5adxcE2hf1v+2oowKiQmixOxXV8vU+CRLKP6sqZA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
 github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
@@ -222,21 +214,15 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w=
-github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
+github.com/moby/moby/api v1.52.0 h1:00BtlJY4MXkkt84WhUZPRqt5TvPbgig2FZvTbe3igYg=
+github.com/moby/moby/api v1.52.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc=
+github.com/moby/moby/client v0.2.1 h1:1Grh1552mvv6i+sYOdY+xKKVTvzJegcVMhuXocyDz/k=
+github.com/moby/moby/client v0.2.1/go.mod h1:O+/tw5d4a1Ha/ZA/tPxIZJapJRUS6LNZ1wiVRxYHyUE=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
 github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
 github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
@@ -269,7 +255,6 @@ github.com/pires/go-proxyproto v0.9.2 h1:H1UdHn695zUVVmB0lQ354lOWHOy6TZSpzBl3tgN
 github.com/pires/go-proxyproto v0.9.2/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/xattr v0.4.9 h1:5883YPCtkSd8LFbs13nXplj9g9tlrwoJRjgpgMu1/fE=
 github.com/pkg/xattr v0.4.9/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=
@@ -327,8 +312,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
 github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
-github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
-github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
+github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.69.0 h1:fNLLESD2SooWeh2cidsuFtOcrEi4uB4m1mPrkJMZyVI=
@@ -344,8 +329,8 @@ github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfS
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yusing/ds v0.4.1 h1:syMCh7hO6Yw8xfcFkEaln3W+lVeWB/U/meYv6Wf2/Ig=
 github.com/yusing/ds v0.4.1/go.mod h1:XhKV4l7cZwBbbl7lRzNC9zX27zvCM0frIwiuD40ULRk=
-github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
-github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
+github.com/yusing/gointernals v0.1.18 h1:ou8/0tPURUgAOBJu3TN/iWF4S/5ZYQaap+rVkaJNUMw=
+github.com/yusing/gointernals v0.1.18/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
@@ -356,10 +341,6 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGN
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
 go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
 go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
 go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
 go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
 go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
@@ -368,8 +349,6 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W
 go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
 go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
 go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
@@ -421,7 +400,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -473,8 +451,8 @@ google.golang.org/api v0.263.0 h1:UFs7qn8gInIdtk1ZA6eXRXp5JDAnS4x9VRsRVCeKdbk=
 google.golang.org/api v0.263.0/go.mod h1:fAU1xtNNisHgOF5JooAs8rRaTkl2rT3uaoNGo9NS3R8=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
 google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
@@ -494,3 +472,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
+pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
+pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

internal/acl/config.go

@@ -74,8 +74,6 @@ type ipLog struct {
 	allowed bool
 }
 
-type ContextKey struct{}
-
 const cacheTTL = 1 * time.Minute
 
 func (c *checkCache) Expired() bool {

internal/acl/types/acl.go

@@ -0,0 +1,9 @@
+package acl
+
+import "net"
+
+type ACL interface {
+	IPAllowed(ip net.IP) bool
+	WrapTCP(l net.Listener) net.Listener
+	WrapUDP(l net.PacketConn) net.PacketConn
+}

internal/acl/types/context.go

@@ -0,0 +1,16 @@
+package acl
+
+import "context"
+
+type ContextKey struct{}
+
+func SetCtx(ctx interface{ SetValue(any, any) }, acl ACL) {
+	ctx.SetValue(ContextKey{}, acl)
+}
+
+func FromCtx(ctx context.Context) ACL {
+	if acl, ok := ctx.Value(ContextKey{}).(ACL); ok {
+		return acl
+	}
+	return nil
+}

internal/agentpool/http_requests.go

@@ -2,12 +2,12 @@ package agentpool
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/gorilla/websocket"
 	"github.com/valyala/fasthttp"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -63,7 +63,7 @@ func (cfg *Agent) DoHealthCheck(timeout time.Duration, query string) (ret Health
 		ret.Detail = fmt.Sprintf("HTTP %d %s", status, resp.Body())
 		return ret, nil
 	} else {
-		err = json.Unmarshal(resp.Body(), &ret)
+		err = sonic.Unmarshal(resp.Body(), &ret)
 		if err != nil {
 			return ret, err
 		}

internal/api/handler.go

@@ -2,8 +2,10 @@ package api
 
 import (
 	"net/http"
+	"reflect"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gin-gonic/gin/codec/json"
 	"github.com/gorilla/websocket"
 	"github.com/rs/zerolog/log"
 	apiV1 "github.com/yusing/godoxy/internal/api/v1"
@@ -46,6 +48,8 @@ func NewHandler(requireAuth bool) *gin.Engine {
 	r.Use(ErrorLoggingMiddleware())
 	r.Use(NoCache())
 
+	log.Debug().Msg("gin codec json.API: " + reflect.TypeOf(json.API).Name())
+
 	r.GET("/api/v1/version", apiV1.Version)
 
 	if auth.IsEnabled() && requireAuth {
@@ -72,7 +76,6 @@ func NewHandler(requireAuth bool) *gin.Engine {
 		v1.GET("/favicon", apiV1.FavIcon)
 		v1.GET("/health", apiV1.Health)
 		v1.GET("/icons", apiV1.Icons)
-		v1.POST("/reload", apiV1.Reload)
 		v1.GET("/stats", apiV1.Stats)
 
 		route := v1.Group("/route")

internal/api/v1/docker/container.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
@@ -42,22 +43,22 @@ func GetContainer(c *gin.Context) {
 
 	defer dockerClient.Close()
 
-	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id)
+	cont, err := dockerClient.ContainerInspect(c.Request.Context(), id, client.ContainerInspectOptions{})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to inspect container"))
 		return
 	}
 
 	var state ContainerState
-	if cont.State != nil {
-		state = cont.State.Status
+	if cont.Container.State != nil {
+		state = cont.Container.State.Status
 	}
 
 	c.JSON(http.StatusOK, &Container{
 		Server: dockerCfg.URL,
-		Name:   cont.Name,
-		ID:     cont.ID,
-		Image:  cont.Image,
+		Name:   cont.Container.Name,
+		ID:     cont.Container.ID,
+		Image:  cont.Container.Image,
 		State:  state,
 	})
 }

internal/api/v1/docker/containers.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 
 	_ "github.com/yusing/goutils/apitypes"
@@ -39,12 +40,12 @@ func GetContainers(ctx context.Context, dockerClients DockerClients) ([]Containe
 	errs := gperr.NewBuilder("failed to get containers")
 	containers := make([]Container, 0)
 	for server, dockerClient := range dockerClients {
-		conts, err := dockerClient.ContainerList(ctx, container.ListOptions{All: true})
+		conts, err := dockerClient.ContainerList(ctx, client.ContainerListOptions{All: true})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		for _, cont := range conts {
+		for _, cont := range conts.Items {
 			containers = append(containers, Container{
 				Server: server,
 				Name:   cont.Names[0],

internal/api/v1/docker/info.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"sort"
 
-	dockerSystem "github.com/docker/docker/api/types/system"
 	"github.com/gin-gonic/gin"
+	dockerSystem "github.com/moby/moby/api/types/system"
+	"github.com/moby/moby/client"
 	gperr "github.com/yusing/goutils/errs"
 	strutils "github.com/yusing/goutils/strings"
 
@@ -64,13 +65,13 @@ func GetDockerInfo(ctx context.Context, dockerClients DockerClients) ([]dockerIn
 
 	i := 0
 	for name, dockerClient := range dockerClients {
-		info, err := dockerClient.Info(ctx)
+		info, err := dockerClient.Info(ctx, client.InfoOptions{})
 		if err != nil {
 			errs.Add(err)
 			continue
 		}
-		info.Name = name
-		dockerInfos[i] = toDockerInfo(info)
+		info.Info.Name = name
+		dockerInfos[i] = toDockerInfo(info.Info)
 		i++
 	}
 

internal/api/v1/docker/logs.go

@@ -7,9 +7,9 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/api/pkg/stdcopy"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
@@ -73,7 +73,7 @@ func Logs(c *gin.Context) {
 	}
 	defer dockerClient.Close()
 
-	opts := container.LogsOptions{
+	opts := client.ContainerLogsOptions{
 		ShowStdout: queryParams.Stdout,
 		ShowStderr: queryParams.Stderr,
 		Since:      queryParams.Since,

internal/api/v1/docker/restart.go

@@ -4,17 +4,23 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
+type RestartRequest struct {
+	ID string `json:"id" binding:"required"`
+	client.ContainerRestartOptions
+}
+
 // @x-id				"restart"
 // @BasePath		/api/v1
 // @Summary		Restart container
 // @Description	Restart container by container id
 // @Tags			docker
 // @Produce		json
-// @Param			request	body		StopRequest	true	"Request"
+// @Param			request	body	RestartRequest	true	"Request"
 // @Success		200	{object}  apitypes.SuccessResponse
 // @Failure		400	{object}	apitypes.ErrorResponse "Invalid request"
 // @Failure		403	{object}	apitypes.ErrorResponse
@@ -22,7 +28,7 @@ import (
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/docker/restart [post]
 func Restart(c *gin.Context) {
-	var req StopRequest
+	var req RestartRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, apitypes.Error("invalid request", err))
 		return
@@ -42,7 +48,7 @@ func Restart(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerRestart(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerRestart(c.Request.Context(), req.ID, req.ContainerRestartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to restart container"))
 		return

internal/api/v1/docker/start.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StartRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StartOptions
+	client.ContainerStartOptions
 }
 
 // @x-id				"start"
@@ -48,7 +48,7 @@ func Start(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStart(c.Request.Context(), req.ID, req.StartOptions)
+	_, err = client.ContainerStart(c.Request.Context(), req.ID, req.ContainerStartOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to start container"))
 		return

internal/api/v1/docker/stats.go

@@ -8,8 +8,9 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
-	"github.com/yusing/godoxy/internal/route/routes"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/types"
 	apitypes "github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/httpheaders"
@@ -43,7 +44,7 @@ func Stats(c *gin.Context) {
 	dockerCfg, ok := docker.GetDockerCfgByContainerID(id)
 	if !ok {
 		var route types.Route
-		route, ok = routes.GetIncludeExcluded(id)
+		route, ok = entrypoint.FromCtx(c.Request.Context()).GetRoute(id)
 		if ok {
 			cont := route.ContainerInfo()
 			if cont == nil {
@@ -67,7 +68,7 @@ func Stats(c *gin.Context) {
 	defer dockerClient.Close()
 
 	if httpheaders.IsWebsocket(c.Request.Header) {
-		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, true)
+		stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: true})
 		if err != nil {
 			c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 			return
@@ -101,7 +102,7 @@ func Stats(c *gin.Context) {
 		}
 	}
 
-	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, false)
+	stats, err := dockerClient.ContainerStats(c.Request.Context(), id, client.ContainerStatsOptions{Stream: false})
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to get container stats"))
 		return

internal/api/v1/docker/stop.go

@@ -3,15 +3,15 @@ package dockerapi
 import (
 	"net/http"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/gin-gonic/gin"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type StopRequest struct {
 	ID string `json:"id" binding:"required"`
-	container.StopOptions
+	client.ContainerStopOptions
 }
 
 // @x-id				"stop"
@@ -48,7 +48,7 @@ func Stop(c *gin.Context) {
 
 	defer client.Close()
 
-	err = client.ContainerStop(c.Request.Context(), req.ID, req.StopOptions)
+	_, err = client.ContainerStop(c.Request.Context(), req.ID, req.ContainerStopOptions)
 	if err != nil {
 		c.Error(apitypes.InternalServerError(err, "failed to stop container"))
 		return

internal/api/v1/docs/swagger.json

@@ -1171,7 +1171,10 @@
           "200": {
             "description": "Health info by route name",
             "schema": {
-              "$ref": "#/definitions/HealthMap"
+              "type": "object",
+              "additionalProperties": {
+                "$ref": "#/definitions/HealthStatusString"
+              }
             }
           },
           "403": {
@@ -2820,43 +2823,6 @@
         "operationId": "tail"
       }
     },
-    "/reload": {
-      "post": {
-        "description": "Reload config",
-        "consumes": [
-          "application/json"
-        ],
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "v1"
-        ],
-        "summary": "Reload config",
-        "responses": {
-          "200": {
-            "description": "OK",
-            "schema": {
-              "$ref": "#/definitions/SuccessResponse"
-            }
-          },
-          "403": {
-            "description": "Forbidden",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
-          },
-          "500": {
-            "description": "Internal Server Error",
-            "schema": {
-              "$ref": "#/definitions/ErrorResponse"
-            }
-          }
-        },
-        "x-id": "reload",
-        "operationId": "reload"
-      }
-    },
     "/route/by_provider": {
       "get": {
         "description": "List routes by provider",
@@ -4071,14 +4037,6 @@
       "x-nullable": false,
       "x-omitempty": false
     },
-    "HealthMap": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/HealthStatusString"
-      },
-      "x-nullable": false,
-      "x-omitempty": false
-    },
     "HealthStatusString": {
       "type": "string",
       "enum": [
@@ -5329,7 +5287,6 @@
           "x-omitempty": false
         },
         "bind": {
-          "description": "for TCP and UDP routes, bind address to listen on",
           "type": "string",
           "x-nullable": true
         },

internal/api/v1/docs/swagger.yaml

@@ -419,10 +419,6 @@ definitions:
       url:
         type: string
     type: object
-  HealthMap:
-    additionalProperties:
-      $ref: '#/definitions/HealthStatusString'
-    type: object
   HealthStatusString:
     enum:
     - unknown
@@ -1007,7 +1003,6 @@ definitions:
       alias:
         type: string
       bind:
-        description: for TCP and UDP routes, bind address to listen on
         type: string
         x-nullable: true
       container:
@@ -1807,12 +1802,12 @@ definitions:
         type: string
       kernel_version:
         type: string
+      load_avg_5m:
+        type: string
       load_avg_15m:
         type: string
       load_avg_1m:
         type: string
-      load_avg_5m:
-        type: string
       mem_pct:
         type: string
       mem_total:
@@ -2675,7 +2670,9 @@ paths:
         "200":
           description: Health info by route name
           schema:
-            $ref: '#/definitions/HealthMap'
+            additionalProperties:
+              $ref: '#/definitions/HealthStatusString'
+            type: object
         "403":
           description: Forbidden
           schema:
@@ -3790,30 +3787,6 @@ paths:
       - proxmox
       - websocket
       x-id: tail
-  /reload:
-    post:
-      consumes:
-      - application/json
-      description: Reload config
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: OK
-          schema:
-            $ref: '#/definitions/SuccessResponse'
-        "403":
-          description: Forbidden
-          schema:
-            $ref: '#/definitions/ErrorResponse'
-        "500":
-          description: Internal Server Error
-          schema:
-            $ref: '#/definitions/ErrorResponse'
-      summary: Reload config
-      tags:
-      - v1
-      x-id: reload
   /route/{which}:
     get:
       consumes:

internal/api/v1/favicon.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage/icons"
 	iconfetch "github.com/yusing/godoxy/internal/homepage/icons/fetch"
-	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 
 	_ "unsafe"
@@ -73,7 +73,11 @@ func FavIcon(c *gin.Context) {
 //go:linkname GetFavIconFromAlias v1.GetFavIconFromAlias
 func GetFavIconFromAlias(ctx context.Context, alias string, variant icons.Variant) (iconfetch.Result, error) {
 	// try with route.Icon
-	r, ok := routes.HTTP.Get(alias)
+	ep := entrypoint.FromCtx(ctx)
+	if ep == nil { // impossible, but just in case
+		return iconfetch.FetchResultWithErrorf(http.StatusInternalServerError, "entrypoint not initialized")
+	}
+	r, ok := ep.HTTPRoutes().Get(alias)
 	if !ok {
 		return iconfetch.FetchResultWithErrorf(http.StatusNotFound, "route not found")
 	}

internal/api/v1/health.go

@@ -5,11 +5,10 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/route/routes"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
+	"github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
-
-	_ "github.com/yusing/goutils/apitypes"
 )
 
 // @x-id				"health"
@@ -19,16 +18,21 @@ import (
 // @Tags			v1,websocket
 // @Accept			json
 // @Produce		json
-// @Success		200	{object}	routes.HealthMap "Health info by route name"
+// @Success		200	{object}	map[string]types.HealthStatusString "Health info by route name"
 // @Failure		403	{object}	apitypes.ErrorResponse
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/health [get]
 func Health(c *gin.Context) {
+	ep := entrypoint.FromCtx(c.Request.Context())
+	if ep == nil { // impossible, but just in case
+		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
+		return
+	}
 	if httpheaders.IsWebsocket(c.Request.Header) {
 		websocket.PeriodicWrite(c, 1*time.Second, func() (any, error) {
-			return routes.GetHealthInfoSimple(), nil
+			return ep.GetHealthInfoSimple(), nil
 		})
 	} else {
-		c.JSON(http.StatusOK, routes.GetHealthInfoSimple())
+		c.JSON(http.StatusOK, ep.GetHealthInfoSimple())
 	}
 }

internal/api/v1/homepage/categories.go

@@ -4,10 +4,11 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage"
-	"github.com/yusing/godoxy/internal/route/routes"
 
 	_ "github.com/yusing/goutils/apitypes"
+	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 // @x-id				"categories"
@@ -21,15 +22,20 @@ import (
 // @Failure		403	{object}	apitypes.ErrorResponse
 // @Router			/homepage/categories [get]
 func Categories(c *gin.Context) {
-	c.JSON(http.StatusOK, HomepageCategories())
+	ep := entrypoint.FromCtx(c.Request.Context())
+	if ep == nil { // impossible, but just in case
+		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
+		return
+	}
+	c.JSON(http.StatusOK, HomepageCategories(ep))
 }
 
-func HomepageCategories() []string {
+func HomepageCategories(ep entrypoint.Entrypoint) []string {
 	check := make(map[string]struct{})
 	categories := make([]string, 0)
 	categories = append(categories, homepage.CategoryAll)
 	categories = append(categories, homepage.CategoryFavorites)
-	for _, r := range routes.HTTP.Iter {
+	for _, r := range ep.HTTPRoutes().Iter {
 		item := r.HomepageItem()
 		if item.Category == "" {
 			continue

internal/api/v1/homepage/items.go

@@ -10,8 +10,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/lithammer/fuzzysearch/fuzzy"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/homepage"
-	"github.com/yusing/godoxy/internal/route/routes"
 	apitypes "github.com/yusing/goutils/apitypes"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
@@ -53,29 +53,30 @@ func Items(c *gin.Context) {
 		hostname = host
 	}
 
+	ep := entrypoint.FromCtx(c.Request.Context())
 	if httpheaders.IsWebsocket(c.Request.Header) {
 		websocket.PeriodicWrite(c, 2*time.Second, func() (any, error) {
-			return HomepageItems(proto, hostname, &request), nil
+			return HomepageItems(ep, proto, hostname, &request), nil
 		})
 	} else {
-		c.JSON(http.StatusOK, HomepageItems(proto, hostname, &request))
+		c.JSON(http.StatusOK, HomepageItems(ep, proto, hostname, &request))
 	}
 }
 
-func HomepageItems(proto, hostname string, request *HomepageItemsRequest) homepage.Homepage {
+func HomepageItems(ep entrypoint.Entrypoint, proto, hostname string, request *HomepageItemsRequest) homepage.Homepage {
 	switch proto {
 	case "http", "https":
 	default:
 		proto = "http"
 	}
 
-	hp := homepage.NewHomepageMap(routes.HTTP.Size())
+	hp := homepage.NewHomepageMap(ep.HTTPRoutes().Size())
 
 	if strings.Count(hostname, ".") > 1 {
 		_, hostname, _ = strings.Cut(hostname, ".") // remove the subdomain
 	}
 
-	for _, r := range routes.HTTP.Iter {
+	for _, r := range ep.HTTPRoutes().Iter {
 		if request.Provider != "" && r.ProviderName() != request.Provider {
 			continue
 		}

internal/api/v1/metrics/all_system_info.go

@@ -7,6 +7,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
@@ -236,7 +237,7 @@ func marshalSystemInfo(ws *websocket.Manager, agentName string, systemInfo any)
 		defer bufFromPool.release(bufFromPool.RawMessage)
 	}
 
-	err := json.NewEncoder(buf).Encode(map[string]any{
+	err := sonic.ConfigDefault.NewEncoder(buf).Encode(map[string]any{
 		agentName: systemInfo,
 	})
 	if err != nil {

internal/api/v1/reload.go

@@ -1,28 +0,0 @@
-package v1
-
-import (
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/config"
-	apitypes "github.com/yusing/goutils/apitypes"
-)
-
-// @x-id				"reload"
-// @BasePath		/api/v1
-// @Summary		Reload config
-// @Description	Reload config
-// @Tags			v1
-// @Accept			json
-// @Produce		json
-// @Success		200	{object}	apitypes.SuccessResponse
-// @Failure		403	{object}	apitypes.ErrorResponse
-// @Failure		500	{object}	apitypes.ErrorResponse
-// @Router			/reload [post]
-func Reload(c *gin.Context) {
-	if err := config.Reload(); err != nil {
-		c.Error(apitypes.InternalServerError(err, "failed to reload config"))
-		return
-	}
-	c.JSON(http.StatusOK, apitypes.Success("config reloaded"))
-}

internal/api/v1/route/by_provider.go

@@ -4,10 +4,11 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
-	"github.com/yusing/godoxy/internal/route/routes"
 
 	_ "github.com/yusing/goutils/apitypes"
+	apitypes "github.com/yusing/goutils/apitypes"
 )
 
 type RoutesByProvider map[string][]route.Route
@@ -24,5 +25,10 @@ type RoutesByProvider map[string][]route.Route
 // @Failure		500	{object}	apitypes.ErrorResponse
 // @Router			/route/by_provider [get]
 func ByProvider(c *gin.Context) {
-	c.JSON(http.StatusOK, routes.ByProvider())
+	ep := entrypoint.FromCtx(c.Request.Context())
+	if ep == nil { // impossible, but just in case
+		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
+		return
+	}
+	c.JSON(http.StatusOK, ep.RoutesByProvider())
 }

internal/api/v1/route/route.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/yusing/godoxy/internal/route/routes"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	apitypes "github.com/yusing/goutils/apitypes"
 )
 
@@ -32,7 +32,13 @@ func Route(c *gin.Context) {
 		return
 	}
 
-	route, ok := routes.GetIncludeExcluded(request.Which)
+	ep := entrypoint.FromCtx(c.Request.Context())
+	if ep == nil { // impossible, but just in case
+		c.JSON(http.StatusInternalServerError, apitypes.Error("entrypoint not initialized"))
+		return
+	}
+
+	route, ok := ep.GetRoute(request.Which)
 	if ok {
 		c.JSON(http.StatusOK, route)
 		return

internal/api/v1/route/routes.go

@@ -6,8 +6,8 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/goutils/http/httpheaders"
 	"github.com/yusing/goutils/http/websocket"
@@ -32,14 +32,16 @@ func Routes(c *gin.Context) {
 		return
 	}
 
+	ep := entrypoint.FromCtx(c.Request.Context())
+
 	provider := c.Query("provider")
 	if provider == "" {
-		c.JSON(http.StatusOK, slices.Collect(routes.IterAll))
+		c.JSON(http.StatusOK, slices.Collect(ep.IterRoutes))
 		return
 	}
 
-	rts := make([]types.Route, 0, routes.NumAllRoutes())
-	for r := range routes.IterAll {
+	rts := make([]types.Route, 0, ep.NumRoutes())
+	for r := range ep.IterRoutes {
 		if r.ProviderName() == provider {
 			rts = append(rts, r)
 		}
@@ -48,17 +50,19 @@ func Routes(c *gin.Context) {
 }
 
 func RoutesWS(c *gin.Context) {
+	ep := entrypoint.FromCtx(c.Request.Context())
+
 	provider := c.Query("provider")
 	if provider == "" {
 		websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-			return slices.Collect(routes.IterAll), nil
+			return slices.Collect(ep.IterRoutes), nil
 		})
 		return
 	}
 
 	websocket.PeriodicWrite(c, 3*time.Second, func() (any, error) {
-		rts := make([]types.Route, 0, routes.NumAllRoutes())
-		for r := range routes.IterAll {
+		rts := make([]types.Route, 0, ep.NumRoutes())
+		for r := range ep.IterRoutes {
 			if r.ProviderName() == provider {
 				rts = append(rts, r)
 			}

internal/auth/userpass.go

@@ -1,11 +1,11 @@
 package auth
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/yusing/godoxy/internal/common"
 	gperr "github.com/yusing/goutils/errs"
@@ -109,7 +109,7 @@ type UserPassAuthCallbackRequest struct {
 
 func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http.Request) {
 	var creds UserPassAuthCallbackRequest
-	err := json.NewDecoder(r.Body).Decode(&creds)
+	err := sonic.ConfigDefault.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
 		http.Error(w, "invalid request", http.StatusBadRequest)
 		return

internal/autocert/types/context.go

@@ -0,0 +1,16 @@
+package autocert
+
+import "context"
+
+type ContextKey struct{}
+
+func SetCtx(ctx interface{ SetValue(any, any) }, p Provider) {
+	ctx.SetValue(ContextKey{}, p)
+}
+
+func FromCtx(ctx context.Context) Provider {
+	if provider, ok := ctx.Value(ContextKey{}).(Provider); ok {
+		return provider
+	}
+	return nil
+}

internal/autocert/types/provider.go

@@ -7,7 +7,6 @@ import (
 )
 
 type Provider interface {
-	Setup() error
 	GetCert(*tls.ClientHelloInfo) (*tls.Certificate, error)
 	ScheduleRenewalAll(task.Parent)
 	ObtainCertAll() error

internal/config/README.md

@@ -54,7 +54,7 @@ type State interface {
     Task() *task.Task
     Context() context.Context
     Value() *Config
-    EntrypointHandler() http.Handler
+    Entrypoint() entrypoint.Entrypoint
     ShortLinkMatcher() config.ShortLinkMatcher
     AutoCertProvider() server.CertProvider
     LoadOrStoreProvider(key string, value types.RouteProvider) (actual types.RouteProvider, loaded bool)
@@ -62,6 +62,12 @@ type State interface {
     IterProviders() iter.Seq2[string, types.RouteProvider]
     StartProviders() error
     NumProviders() int
+
+    // Lifecycle management
+    StartAPIServers()
+    StartMetrics()
+
+    FlushTmpLog()
 }
 ```
 
@@ -214,12 +220,15 @@ Configuration supports hot-reloading via editing `config/config.yml`.
 
 - `internal/acl` - Access control configuration
 - `internal/autocert` - SSL certificate management
-- `internal/entrypoint` - HTTP entrypoint setup
+- `internal/entrypoint` - HTTP entrypoint setup (now via interface)
 - `internal/route/provider` - Route providers (Docker, file, agent)
 - `internal/maxmind` - GeoIP configuration
 - `internal/notif` - Notification providers
 - `internal/proxmox` - LXC container management
 - `internal/homepage/types` - Dashboard configuration
+- `internal/api` - REST API servers
+- `internal/metrics/systeminfo` - System metrics polling
+- `internal/metrics/uptime` - Uptime tracking
 - `github.com/yusing/goutils/task` - Object lifecycle management
 
 ### External dependencies
@@ -312,5 +321,8 @@ for name, provider := range config.GetState().IterProviders() {
 
 ```go
 state := config.GetState()
-http.Handle("/", state.EntrypointHandler())
+// Get entrypoint interface for route management
+ep := state.Entrypoint()
+// Add routes directly to entrypoint
+ep.AddRoute(route)
 ```

internal/config/events.go

@@ -10,11 +10,9 @@ import (
 	"github.com/yusing/godoxy/internal/common"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/notif"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/watcher"
 	"github.com/yusing/godoxy/internal/watcher/events"
 	gperr "github.com/yusing/goutils/errs"
-	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/strings/ansi"
 	"github.com/yusing/goutils/task"
 )
@@ -60,20 +58,30 @@ func Load() error {
 
 	cfgWatcher = watcher.NewConfigFileWatcher(common.ConfigFileName)
 
-	// disable pool logging temporary since we already have pretty logging
-	routes.HTTP.DisableLog(true)
-	routes.Stream.DisableLog(true)
+	initErr := state.InitFromFile(common.ConfigPath)
+	if initErr != nil {
+		// if error is critical, notify and return it without starting providers
+		var criticalErr CriticalError
+		if errors.As(initErr, &criticalErr) {
+			logNotifyError("init", criticalErr.err)
+			return criticalErr.err
+		}
+	}
 
+	// disable pool logging temporary since we already have pretty logging
+	state.Entrypoint().DisablePoolsLog(true)
 	defer func() {
-		routes.HTTP.DisableLog(false)
-		routes.Stream.DisableLog(false)
+		state.Entrypoint().DisablePoolsLog(false)
 	}()
 
-	initErr := state.InitFromFile(common.ConfigPath)
 	err := errors.Join(initErr, state.StartProviders())
 	if err != nil {
 		logNotifyError("init", err)
 	}
+
+	state.StartAPIServers()
+	state.StartMetrics()
+
 	SetState(state)
 
 	// flush temporary log
@@ -108,7 +116,9 @@ func Reload() gperr.Error {
 		logNotifyError("start providers", err)
 		return nil // continue
 	}
-	StartProxyServers()
+
+	newState.StartAPIServers()
+	newState.StartMetrics()
 	return nil
 }
 
@@ -142,16 +152,3 @@ func OnConfigChange(ev []events.Event) {
 		panic(err)
 	}
 }
-
-func StartProxyServers() {
-	cfg := GetState()
-	server.StartServer(cfg.Task(), server.Options{
-		Name:                 "proxy",
-		CertProvider:         cfg.AutoCertProvider(),
-		HTTPAddr:             common.ProxyHTTPAddr,
-		HTTPSAddr:            common.ProxyHTTPSAddr,
-		Handler:              cfg.EntrypointHandler(),
-		ACL:                  cfg.Value().ACL,
-		SupportProxyProtocol: cfg.Value().Entrypoint.SupportProxyProtocol,
-	})
-}

internal/config/state.go

@@ -9,7 +9,6 @@ import (
 	"fmt"
 	"io/fs"
 	"iter"
-	"net/http"
 	"os"
 	"strconv"
 	"strings"
@@ -18,14 +17,20 @@ import (
 	"github.com/goccy/go-yaml"
 	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog"
-	"github.com/yusing/godoxy/internal/acl"
+	acl "github.com/yusing/godoxy/internal/acl/types"
 	"github.com/yusing/godoxy/internal/agentpool"
+	"github.com/yusing/godoxy/internal/api"
 	"github.com/yusing/godoxy/internal/autocert"
+	autocertctx "github.com/yusing/godoxy/internal/autocert/types"
+	"github.com/yusing/godoxy/internal/common"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/entrypoint"
+	entrypointctx "github.com/yusing/godoxy/internal/entrypoint/types"
 	homepage "github.com/yusing/godoxy/internal/homepage/types"
 	"github.com/yusing/godoxy/internal/logging"
 	"github.com/yusing/godoxy/internal/maxmind"
+	"github.com/yusing/godoxy/internal/metrics/systeminfo"
+	"github.com/yusing/godoxy/internal/metrics/uptime"
 	"github.com/yusing/godoxy/internal/notif"
 	route "github.com/yusing/godoxy/internal/route/provider"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -40,7 +45,7 @@ type state struct {
 
 	providers        *xsync.Map[string, types.RouteProvider]
 	autocertProvider *autocert.Provider
-	entrypoint       entrypoint.Entrypoint
+	entrypoint       *entrypoint.Entrypoint
 
 	task *task.Task
 
@@ -50,14 +55,25 @@ type state struct {
 	tmpLog    zerolog.Logger
 }
 
+type CriticalError struct {
+	err error
+}
+
+func (e CriticalError) Error() string {
+	return e.err.Error()
+}
+
+func (e CriticalError) Unwrap() error {
+	return e.err
+}
+
 func NewState() config.State {
 	tmpLogBuf := bytes.NewBuffer(make([]byte, 0, 4096))
 	return &state{
-		providers:  xsync.NewMap[string, types.RouteProvider](),
-		entrypoint: entrypoint.NewEntrypoint(),
-		task:       task.RootTask("config", false),
-		tmpLogBuf:  tmpLogBuf,
-		tmpLog:     logging.NewLoggerWithFixedLevel(zerolog.InfoLevel, tmpLogBuf),
+		providers: xsync.NewMap[string, types.RouteProvider](),
+		task:      task.RootTask("config", false),
+		tmpLogBuf: tmpLogBuf,
+		tmpLog:    logging.NewLoggerWithFixedLevel(zerolog.InfoLevel, tmpLogBuf),
 	}
 }
 
@@ -73,7 +89,6 @@ func SetState(state config.State) {
 
 	cfg := state.Value()
 	config.ActiveState.Store(state)
-	entrypoint.ActiveConfig.Store(&cfg.Entrypoint)
 	homepage.ActiveConfig.Store(&cfg.Homepage)
 	if autocertProvider := state.AutoCertProvider(); autocertProvider != nil {
 		autocert.ActiveProvider.Store(autocertProvider.(*autocert.Provider))
@@ -96,7 +111,7 @@ func (state *state) InitFromFile(filename string) error {
 		if errors.Is(err, fs.ErrNotExist) {
 			state.Config = config.DefaultConfig()
 		} else {
-			return err
+			return CriticalError{err}
 		}
 	}
 	return state.Init(data)
@@ -105,7 +120,7 @@ func (state *state) InitFromFile(filename string) error {
 func (state *state) Init(data []byte) error {
 	err := serialization.UnmarshalValidate(data, &state.Config, yaml.Unmarshal)
 	if err != nil {
-		return err
+		return CriticalError{err}
 	}
 
 	g := gperr.NewGroup("config load error")
@@ -117,7 +132,9 @@ func (state *state) Init(data []byte) error {
 	// these won't benefit from running on goroutines
 	errs.Add(state.initNotification())
 	errs.Add(state.initACL())
-	errs.Add(state.initEntrypoint())
+	if err := state.initEntrypoint(); err != nil {
+		errs.Add(CriticalError{err})
+	}
 	errs.Add(state.loadRouteProviders())
 	return errs.Error()
 }
@@ -134,8 +151,8 @@ func (state *state) Value() *config.Config {
 	return &state.Config
 }
 
-func (state *state) EntrypointHandler() http.Handler {
-	return &state.entrypoint
+func (state *state) Entrypoint() entrypointctx.Entrypoint {
+	return state.entrypoint
 }
 
 func (state *state) ShortLinkMatcher() config.ShortLinkMatcher {
@@ -190,6 +207,29 @@ func (state *state) FlushTmpLog() {
 	state.tmpLogBuf.Reset()
 }
 
+func (state *state) StartAPIServers() {
+	// API Handler needs to start after auth is initialized.
+	server.StartServer(state.task.Subtask("api_server", false), server.Options{
+		Name:     "api",
+		HTTPAddr: common.APIHTTPAddr,
+		Handler:  api.NewHandler(true),
+	})
+
+	// Local API Handler is used for unauthenticated access.
+	if common.LocalAPIHTTPAddr != "" {
+		server.StartServer(state.task.Subtask("local_api_server", false), server.Options{
+			Name:     "local_api",
+			HTTPAddr: common.LocalAPIHTTPAddr,
+			Handler:  api.NewHandler(false),
+		})
+	}
+}
+
+func (state *state) StartMetrics() {
+	systeminfo.Poller.Start(state.task)
+	uptime.Poller.Start(state.task)
+}
+
 // initACL initializes the ACL.
 func (state *state) initACL() error {
 	if !state.ACL.Valid() {
@@ -199,7 +239,7 @@ func (state *state) initACL() error {
 	if err != nil {
 		return err
 	}
-	state.task.SetValue(acl.ContextKey{}, state.ACL)
+	acl.SetCtx(state.task, state.ACL)
 	return nil
 }
 
@@ -207,6 +247,7 @@ func (state *state) initEntrypoint() error {
 	epCfg := state.Config.Entrypoint
 	matchDomains := state.MatchDomains
 
+	state.entrypoint = entrypoint.NewEntrypoint(state.task, &epCfg)
 	state.entrypoint.SetFindRouteDomains(matchDomains)
 	state.entrypoint.SetNotFoundRules(epCfg.Rules.NotFound)
 
@@ -220,6 +261,8 @@ func (state *state) initEntrypoint() error {
 		}
 	}
 
+	entrypointctx.SetCtx(state.task, state.entrypoint)
+
 	errs := gperr.NewBuilder("entrypoint error")
 	errs.Add(state.entrypoint.SetMiddlewares(epCfg.Middlewares))
 	errs.Add(state.entrypoint.SetAccessLogger(state.task, epCfg.AccessLog))
@@ -296,6 +339,7 @@ func (state *state) initAutoCert() error {
 	p.PrintCertExpiriesAll()
 
 	state.autocertProvider = p
+	autocertctx.SetCtx(state.task, p)
 	return nil
 }
 

internal/config/types/config.go

@@ -8,7 +8,7 @@ import (
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/acl"
 	"github.com/yusing/godoxy/internal/autocert"
-	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
+	"github.com/yusing/godoxy/internal/entrypoint"
 	homepage "github.com/yusing/godoxy/internal/homepage/types"
 	maxmind "github.com/yusing/godoxy/internal/maxmind/types"
 	"github.com/yusing/godoxy/internal/notif"

internal/config/types/state.go

@@ -6,6 +6,7 @@ import (
 	"iter"
 	"net/http"
 
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/goutils/server"
 	"github.com/yusing/goutils/synk"
@@ -21,7 +22,7 @@ type State interface {
 
 	Value() *Config
 
-	EntrypointHandler() http.Handler
+	Entrypoint() entrypoint.Entrypoint
 	ShortLinkMatcher() ShortLinkMatcher
 	AutoCertProvider() server.CertProvider
 
@@ -32,6 +33,9 @@ type State interface {
 	StartProviders() error
 
 	FlushTmpLog()
+
+	StartAPIServers()
+	StartMetrics()
 }
 
 type ShortLinkMatcher interface {

internal/dnsproviders/go.mod

@@ -1,6 +1,6 @@
 module github.com/yusing/godoxy/internal/dnsproviders
 
-go 1.25.6
+go 1.25.7
 
 replace github.com/yusing/godoxy => ../..
 
@@ -23,8 +23,12 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -49,6 +53,7 @@ require (
 	github.com/gotify/server/v2 v2.8.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
@@ -73,9 +78,10 @@ require (
 	github.com/sony/gobreaker v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/vultr/govultr/v3 v3.26.1 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
-	github.com/yusing/gointernals v0.1.16 // indirect
+	github.com/yusing/gointernals v0.1.18 // indirect
 	github.com/yusing/goutils v0.7.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
@@ -83,6 +89,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/ratelimit v0.3.1 // indirect
+	golang.org/x/arch v0.23.0 // indirect
 	golang.org/x/crypto v0.47.0 // indirect
 	golang.org/x/mod v0.32.0 // indirect
 	golang.org/x/net v0.49.0 // indirect

internal/dnsproviders/go.sum

@@ -37,10 +37,18 @@ github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -111,6 +119,8 @@ github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2
 github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -178,14 +188,17 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/vultr/govultr/v3 v3.26.1 h1:G/M0rMQKwVSmL+gb0UgETbW5mcQi0Vf/o/ZSGdBCxJw=
 github.com/vultr/govultr/v3 v3.26.1/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
-github.com/yusing/gointernals v0.1.16 h1:GrhZZdxzA+jojLEqankctJrOuAYDb7kY1C93S1pVR34=
-github.com/yusing/gointernals v0.1.16/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
+github.com/yusing/gointernals v0.1.18 h1:ou8/0tPURUgAOBJu3TN/iWF4S/5ZYQaap+rVkaJNUMw=
+github.com/yusing/gointernals v0.1.18/go.mod h1:B/0FVXt4WPmgzVy3ynzkqKi+BSGaJVmwCJBRXYapo34=
 github.com/yusing/goutils v0.7.0 h1:I5hd8GwZ+3WZqFPK0tWqek1Q5MY6Xg29hKZcwwQi4SY=
 github.com/yusing/goutils v0.7.0/go.mod h1:CtF/KFH4q8jkr7cvBpkaExnudE0lLu8sLe43F73Bn5Q=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
@@ -208,6 +221,8 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/ratelimit v0.3.1 h1:K4qVE+byfv/B3tC+4nYWP7v/6SimcO7HzHekoMNBma0=
 go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJhRk=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
 golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=

internal/docker/client.go

@@ -14,7 +14,7 @@ import (
 	"unsafe"
 
 	"github.com/docker/cli/cli/connhelper"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/client"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
@@ -198,9 +198,7 @@ func NewClient(cfg types.DockerProviderConfig, unique ...bool) (*SharedClient, e
 		opt = append(opt, client.WithTLSClientConfig(cfg.TLS.CAFile, cfg.TLS.CertFile, cfg.TLS.KeyFile))
 	}
 
-	opt = append(opt, client.WithAPIVersionNegotiation())
-
-	client, err := client.NewClientWithOpts(opt...)
+	client, err := client.New(opt...)
 	if err != nil {
 		return nil, err
 	}

internal/docker/container.go

@@ -11,8 +11,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/agent/pkg/agent"
 	"github.com/yusing/godoxy/internal/agentpool"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -98,18 +99,18 @@ func UpdatePorts(ctx context.Context, c *types.Container) error {
 	}
 	defer dockerClient.Close()
 
-	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID)
+	inspect, err := dockerClient.ContainerInspect(ctx, c.ContainerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return err
 	}
 
-	for port := range inspect.Config.ExposedPorts {
-		proto, portStr := nat.SplitProtoPort(string(port))
+	for port := range inspect.Container.Config.ExposedPorts {
+		proto, portStr := nat.SplitProtoPort(port.String())
 		portInt, _ := nat.ParsePort(portStr)
 		if portInt == 0 {
 			continue
 		}
-		c.PublicPortMapping[portInt] = container.Port{
+		c.PublicPortMapping[portInt] = container.PortSummary{
 			PublicPort:  uint16(portInt), //nolint:gosec
 			PrivatePort: uint16(portInt), //nolint:gosec
 			Type:        proto,
@@ -210,8 +211,8 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	if c.Network != "" {
 		v, hasNetwork := helper.NetworkSettings.Networks[c.Network]
-		if hasNetwork && v.IPAddress != "" {
-			c.PrivateHostname = v.IPAddress
+		if hasNetwork && v.IPAddress.IsValid() {
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 		var hasComposeNetwork bool
@@ -219,9 +220,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 		if proj := DockerComposeProject(c); proj != "" {
 			newNetwork := fmt.Sprintf("%s_%s", proj, c.Network)
 			v, hasComposeNetwork = helper.NetworkSettings.Networks[newNetwork]
-			if hasComposeNetwork && v.IPAddress != "" {
+			if hasComposeNetwork && v.IPAddress.IsValid() {
 				c.Network = newNetwork // update network to the new one
-				c.PrivateHostname = v.IPAddress
+				c.PrivateHostname = v.IPAddress.String()
 				return
 			}
 		}
@@ -234,9 +235,9 @@ func setPrivateHostname(c *types.Container, helper containerHelper) {
 	}
 	// fallback to first network if no network is specified
 	for k, v := range helper.NetworkSettings.Networks {
-		if v.IPAddress != "" {
+		if v.IPAddress.IsValid() {
 			c.Network = k // update network to the first network
-			c.PrivateHostname = v.IPAddress
+			c.PrivateHostname = v.IPAddress.String()
 			return
 		}
 	}

internal/docker/container_helper.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"strings"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/ds/ordered"
 	"github.com/yusing/godoxy/internal/types"
 	strutils "github.com/yusing/goutils/strings"

internal/docker/container_test.go

@@ -3,7 +3,7 @@ package docker
 import (
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
 	"github.com/yusing/godoxy/internal/types"
 	expect "github.com/yusing/goutils/testing"
 )

internal/docker/list_containers.go

@@ -3,12 +3,12 @@ package docker
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/types"
 )
 
-var listOptions = container.ListOptions{
+var listOptions = client.ContainerListOptions{
 	// created|restarting|running|removing|paused|exited|dead
 	// Filters: filters.NewArgs(
 	// 	filters.Arg("status", "created"),
@@ -31,7 +31,7 @@ func ListContainers(ctx context.Context, dockerCfg types.DockerProviderConfig) (
 	if err != nil {
 		return nil, err
 	}
-	return containers, nil
+	return containers.Items, nil
 }
 
 func IsErrConnectionFailed(err error) bool {

internal/entrypoint/README.md

@@ -1,10 +1,10 @@
 # Entrypoint
 
-The entrypoint package provides the main HTTP entry point for GoDoxy, handling domain-based routing, middleware application, short link matching, and access logging.
+The entrypoint package provides the main HTTP entry point for GoDoxy, handling domain-based routing, middleware application, short link matching, access logging, and HTTP/TCP/UDP server lifecycle management.
 
 ## Overview
 
-The entrypoint package implements the primary HTTP handler that receives all incoming requests, determines the target route based on hostname, applies middleware, and forwards requests to the appropriate route handler.
+The entrypoint package implements the primary HTTP handler that receives all incoming requests, manages the lifecycle of HTTP/TCP/UDP servers, determines the target route based on hostname, applies middleware, and forwards requests to the appropriate route handler.
 
 ### Key Features
 
@@ -14,103 +14,310 @@ The entrypoint package implements the primary HTTP handler that receives all inc
 - Access logging for all requests
 - Configurable not-found handling
 - Per-domain route resolution
+- Multi-protocol server management (HTTP/HTTPS/TCP/UDP)
+- Route pool abstractions via [`PoolLike`](internal/entrypoint/types/entrypoint.go:27) and [`RWPoolLike`](internal/entrypoint/types/entrypoint.go:33) interfaces
 
-## Architecture
+### Primary Consumers
 
-```mermaid
-graph TD
-    A[HTTP Request] --> B[Entrypoint Handler]
-    B --> C{Access Logger?}
-    C -->|Yes| D[Wrap Response Recorder]
-    C -->|No| E[Skip Logging]
+- **HTTP servers**: Per-listen-addr servers dispatch requests to routes
+- **Route providers**: Register routes via [`AddRoute`](internal/entrypoint/routes.go:48)
+- **Configuration layer**: Validates and applies middleware/access-logging config
 
-    D --> F[Find Route by Host]
-    E --> F
+### Non-goals
 
-    F --> G{Route Found?}
-    G -->|Yes| H{Middleware?}
-    G -->|No| I{Short Link?}
-    I -->|Yes| J[Short Link Handler]
-    I -->|No| K{Not Found Handler?}
-    K -->|Yes| L[Not Found Handler]
-    K -->|No| M[Serve 404]
+- Does not implement route discovery (delegates to providers)
+- Does not handle TLS certificate management (delegates to autocert)
+- Does not implement health checks (delegates to `internal/health/monitor`)
 
-    H -->|Yes| N[Apply Middleware]
-    H -->|No| O[Direct Route]
-    N --> O
+### Stability
 
-    O --> P[Route ServeHTTP]
-    P --> Q[Response]
-
-    L --> R[404 Response]
-    J --> Q
-    M --> R
-```
-
-## Core Components
-
-### Entrypoint Structure
-
-```go
-type Entrypoint struct {
-    middleware      *middleware.Middleware
-    notFoundHandler http.Handler
-    accessLogger    accesslog.AccessLogger
-    findRouteFunc   func(host string) types.HTTPRoute
-    shortLinkTree   *ShortLinkMatcher
-}
-```
-
-### Active Config
-
-```go
-var ActiveConfig atomic.Pointer[entrypoint.Config]
-```
+Internal package with stable core interfaces. The [`Entrypoint`](internal/entrypoint/types/entrypoint.go:7) interface is the public contract.
 
 ## Public API
 
-### Creation
+### Entrypoint Interface
 
 ```go
-// NewEntrypoint creates a new entrypoint instance.
-func NewEntrypoint() Entrypoint
+type Entrypoint interface {
+    // Server capabilities
+    SupportProxyProtocol() bool
+    DisablePoolsLog(v bool)
+
+    // Route registry access
+    GetRoute(alias string) (types.Route, bool)
+    AddRoute(r types.Route)
+    IterRoutes(yield func(r types.Route) bool)
+    NumRoutes() int
+    RoutesByProvider() map[string][]types.Route
+
+    // Route pool accessors
+    HTTPRoutes() PoolLike[types.HTTPRoute]
+    StreamRoutes() PoolLike[types.StreamRoute]
+    ExcludedRoutes() RWPoolLike[types.Route]
+
+    // Health info queries
+    GetHealthInfo() map[string]types.HealthInfo
+    GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail
+    GetHealthInfoSimple() map[string]types.HealthStatus
+}
+```
+
+### Pool Interfaces
+
+```go
+type PoolLike[Route types.Route] interface {
+    Get(alias string) (Route, bool)
+    Iter(yield func(alias string, r Route) bool)
+    Size() int
+}
+
+type RWPoolLike[Route types.Route] interface {
+    PoolLike[Route]
+    Add(r Route)
+    Del(r Route)
+}
 ```
 
 ### Configuration
 
 ```go
-// SetFindRouteDomains configures domain-based route lookup.
-func (ep *Entrypoint) SetFindRouteDomains(domains []string)
-
-// SetMiddlewares loads and configures middleware chain.
-func (ep *Entrypoint) SetMiddlewares(mws []map[string]any) error
-
-// SetNotFoundRules configures the not-found handler.
-func (ep *Entrypoint) SetNotFoundRules(rules rules.Rules)
-
-// SetAccessLogger initializes access logging.
-func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) error
-
-// ShortLinkMatcher returns the short link matcher.
-func (ep *Entrypoint) ShortLinkMatcher() *ShortLinkMatcher
+type Config struct {
+    SupportProxyProtocol bool `json:"support_proxy_protocol"`
+}
 ```
 
-### Request Handling
+## Architecture
+
+### Core Components
+
+```mermaid
+classDiagram
+    class Entrypoint {
+        +task *task.Task
+        +cfg *Config
+        +middleware *middleware.Middleware
+        +shortLinkMatcher *ShortLinkMatcher
+        +streamRoutes *pool.Pool[types.StreamRoute]
+        +excludedRoutes *pool.Pool[types.Route]
+        +servers *xsync.Map[string, *httpServer]
+        +tcpListeners *xsync.Map[string, net.Listener]
+        +udpListeners *xsync.Map[string, net.PacketConn]
+        +SupportProxyProtocol() bool
+        +AddRoute(r)
+        +IterRoutes(yield)
+        +HTTPRoutes() PoolLike
+    }
+
+    class httpServer {
+        +routes *routePool
+        +ServeHTTP(w, r)
+        +AddRoute(route)
+        +DelRoute(route)
+    }
+
+    class routePool {
+        +Get(alias) (HTTPRoute, bool)
+        +AddRoute(route)
+        +DelRoute(route)
+    }
+
+    class PoolLike {
+        <<interface>>
+        +Get(alias) (Route, bool)
+        +Iter(yield) bool
+        +Size() int
+    }
+
+    class RWPoolLike {
+        <<interface>>
+        +PoolLike
+        +Add(r Route)
+        +Del(r Route)
+    }
+
+    Entrypoint --> httpServer : manages
+    Entrypoint --> routePool : HTTPRoutes()
+    Entrypoint --> PoolLike : returns
+    Entrypoint --> RWPoolLike : ExcludedRoutes()
+```
+
+### Request Processing Pipeline
+
+```mermaid
+flowchart TD
+    A[HTTP Request] --> B[Find Route by Host]
+    B --> C{Route Found?}
+    C -->|Yes| D{Middleware?}
+    C -->|No| E{Short Link?}
+    E -->|Yes| F[Short Link Handler]
+    E -->|No| G{Not Found Handler?}
+    G -->|Yes| H[Not Found Handler]
+    G -->|No| I[Serve 404]
+
+    D -->|Yes| J[Apply Middleware Chain]
+    D -->|No| K[Direct Route Handler]
+    J --> K
+
+    K --> L[Route ServeHTTP]
+    L --> M[Response]
+
+    F --> M
+    H --> N[404 Response]
+    I --> N
+```
+
+### Server Lifecycle
+
+```mermaid
+stateDiagram-v2
+    [*] --> Empty: NewEntrypoint()
+
+    Empty --> Listening: AddRoute()
+    Listening --> Listening: AddRoute()
+    Listening --> Listening: delHTTPRoute()
+    Listening --> [*]: Cancel()
+
+    Listening --> AddingServer: addHTTPRoute()
+    AddingServer --> Listening: Server starts
+
+    note right of Listening
+        servers map: addr -> httpServer
+        tcpListeners map: addr -> Listener
+        udpListeners map: addr -> PacketConn
+    end note
+```
+
+## Data Flow
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant httpServer
+    participant Entrypoint
+    participant Middleware
+    participant Route
+
+    Client->>httpServer: GET /path
+    httpServer->>Entrypoint: FindRoute(host)
+
+    alt Route Found
+        Entrypoint-->>httpServer: HTTPRoute
+        httpServer->>Middleware: ServeHTTP(routeHandler)
+        alt Has Middleware
+            Middleware->>Middleware: Process Chain
+        end
+        Middleware->>Route: Forward Request
+        Route-->>Middleware: Response
+        Middleware-->>httpServer: Response
+    else Short Link
+        httpServer->>ShortLinkMatcher: Match short code
+        ShortLinkMatcher-->>httpServer: Redirect
+    else Not Found
+        httpServer->>NotFoundHandler: Serve 404
+        NotFoundHandler-->>httpServer: 404 Page
+    end
+
+    httpServer-->>Client: Response
+```
+
+## Route Registry
+
+Routes are now managed per-entrypoint instead of global registry:
 
 ```go
-// ServeHTTP is the main HTTP handler.
-func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request)
+// Adding a route
+ep.AddRoute(route)
 
-// FindRoute looks up a route by hostname.
-func (ep *Entrypoint) FindRoute(s string) types.HTTPRoute
+// Iterating all routes
+ep.IterRoutes(func(r types.Route) bool {
+    log.Info().Str("alias", r.Name()).Msg("route")
+    return true // continue iteration
+})
+
+// Querying by alias
+route, ok := ep.GetRoute("myapp")
+
+// Grouping by provider
+byProvider := ep.RoutesByProvider()
 ```
 
-## Usage
+## Configuration Surface
+
+### Config Source
+
+Environment variables and YAML config file:
+
+```yaml
+entrypoint:
+  support_proxy_protocol: true
+```
+
+### Environment Variables
+
+| Variable                       | Description                   |
+| ------------------------------ | ----------------------------- |
+| `PROXY_SUPPORT_PROXY_PROTOCOL` | Enable PROXY protocol support |
+
+## Dependency and Integration Map
+
+| Dependency                       | Purpose                    |
+| -------------------------------- | -------------------------- |
+| `internal/route`                 | Route types and handlers   |
+| `internal/route/rules`           | Not-found rules processing |
+| `internal/logging/accesslog`     | Request logging            |
+| `internal/net/gphttp/middleware` | Middleware chain           |
+| `internal/types`                 | Route and health types     |
+| `github.com/puzpuzpuz/xsync/v4`  | Concurrent server map      |
+| `github.com/yusing/goutils/pool` | Route pool implementations |
+| `github.com/yusing/goutils/task` | Lifecycle management       |
+
+## Observability
+
+### Logs
+
+| Level   | Context               | Description             |
+| ------- | --------------------- | ----------------------- |
+| `DEBUG` | `route`, `listen_url` | Route addition/removal  |
+| `DEBUG` | `addr`, `proto`       | Server lifecycle        |
+| `ERROR` | `route`, `listen_url` | Server startup failures |
+
+### Metrics
+
+Route metrics exposed via [`GetHealthInfo`](internal/entrypoint/query.go:10) methods:
+
+```go
+// Health info for all routes
+healthMap := ep.GetHealthInfo()
+// {
+//   "myapp": {Status: "healthy", Uptime: 3600, Latency: 5ms},
+//   "excluded-route": {Status: "unknown", Detail: "n/a"},
+// }
+```
+
+## Security Considerations
+
+- Route lookup is read-only from route pools
+- Middleware chain is applied per-request
+- Proxy protocol support must be explicitly enabled
+- Access logger captures request metadata before processing
+
+## Failure Modes and Recovery
+
+| Failure               | Behavior                       | Recovery                     |
+| --------------------- | ------------------------------ | ---------------------------- |
+| Server bind fails     | Error logged, route not added  | Fix port/address conflict    |
+| Route start fails     | Route excluded, error logged   | Fix route configuration      |
+| Middleware load fails | AddRoute returns error         | Fix middleware configuration |
+| Context cancelled     | All servers stopped gracefully | Restart entrypoint           |
+
+## Usage Examples
 
 ### Basic Setup
 
 ```go
-ep := entrypoint.NewEntrypoint()
+ep := entrypoint.NewEntrypoint(parent, &entrypoint.Config{
+    SupportProxyProtocol: false,
+})
 
 // Configure domain matching
 ep.SetFindRouteDomains([]string{".example.com", "example.com"})
@@ -120,7 +327,7 @@ err := ep.SetMiddlewares([]map[string]any{
     {"rate_limit": map[string]any{"requests_per_second": 100}},
 })
 if err != nil {
-    log.Fatal(err)
+    return err
 }
 
 // Configure access logging
@@ -128,181 +335,59 @@ err = ep.SetAccessLogger(parent, &accesslog.RequestLoggerConfig{
     Path: "/var/log/godoxy/access.log",
 })
 if err != nil {
-    log.Fatal(err)
+    return err
 }
-
-// Start server
-http.ListenAndServe(":80", &ep)
 ```
 
-### Route Lookup Logic
-
-The entrypoint uses multiple strategies to find routes:
-
-1. **Subdomain Matching**: For `sub.domain.com`, looks for `sub`
-1. **Exact Match**: Looks for the full hostname
-1. **Port Stripping**: Strips port from host if present
+### Route Querying
 
 ```go
-func findRouteAnyDomain(host string) types.HTTPRoute {
-    // Try subdomain (everything before first dot)
-    idx := strings.IndexByte(host, '.')
-    if idx != -1 {
-        target := host[:idx]
-        if r, ok := routes.HTTP.Get(target); ok {
-            return r
-        }
-    }
+// Iterate all routes including excluded
+for r := range ep.IterRoutes {
+    log.Info().
+        Str("alias", r.Name()).
+        Str("provider", r.ProviderName()).
+        Bool("excluded", r.ShouldExclude()).
+        Msg("route")
+}
 
-    // Try exact match
-    if r, ok := routes.HTTP.Get(host); ok {
-        return r
-    }
-
-    // Try stripping port
-    if before, _, ok := strings.Cut(host, ":"); ok {
-        if r, ok := routes.HTTP.Get(before); ok {
-            return r
-        }
-    }
-
-    return nil
+// Get health info for all routes
+healthMap := ep.GetHealthInfoSimple()
+for alias, status := range healthMap {
+    log.Info().Str("alias", alias).Str("status", string(status)).Msg("health")
 }
 ```
 
-### Short Links
-
-Short links use a special `.short` domain:
+### Route Addition
 
 ```go
-// Request to: https://abc.short.example.com
-// Looks for route with alias "abc"
-if strings.EqualFold(host, common.ShortLinkPrefix) {
-    // Handle short link
-    ep.shortLinkTree.ServeHTTP(w, r)
+route := &route.Route{
+    Alias:  "myapp",
+    Scheme: route.SchemeHTTP,
+    Host:   "myapp",
+    Port:   route.Port{Proxy: 80, Target: 3000},
 }
+
+ep.AddRoute(route)
 ```
 
-## Data Flow
+## Context Integration
 
-```mermaid
-sequenceDiagram
-    participant Client
-    participant Entrypoint
-    participant Middleware
-    participant Route
-    participant Logger
-
-    Client->>Entrypoint: GET /path
-    Entrypoint->>Entrypoint: FindRoute(host)
-    alt Route Found
-        Entrypoint->>Logger: Get ResponseRecorder
-        Logger-->>Entrypoint: Recorder
-        Entrypoint->>Middleware: ServeHTTP(routeHandler)
-        alt Has Middleware
-            Middleware->>Middleware: Process Chain
-        end
-        Middleware->>Route: Forward Request
-        Route-->>Middleware: Response
-        Middleware-->>Entrypoint: Response
-    else Short Link
-        Entrypoint->>ShortLinkTree: Match short code
-        ShortLinkTree-->>Entrypoint: Redirect
-    else Not Found
-        Entrypoint->>NotFoundHandler: Serve 404
-        NotFoundHandler-->>Entrypoint: 404 Page
-    end
-
-    Entrypoint->>Logger: Log Request
-    Logger-->>Entrypoint: Complete
-    Entrypoint-->>Client: Response
-```
-
-## Not-Found Handling
-
-When no route is found, the entrypoint:
-
-1. Attempts to serve a static error page file
-1. Logs the 404 request
-1. Falls back to the configured error page
-1. Returns 404 status code
+Routes can access the entrypoint from request context:
 
 ```go
-func (ep *Entrypoint) serveNotFound(w http.ResponseWriter, r *http.Request) {
-    if served := middleware.ServeStaticErrorPageFile(w, r); !served {
-        log.Error().
-            Str("method", r.Method).
-            Str("url", r.URL.String()).
-            Str("remote", r.RemoteAddr).
-            Msgf("not found: %s", r.Host)
+// Set entrypoint in context
+entrypoint.SetCtx(r.Context(), ep)
 
-        errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
-        if ok {
-            w.WriteHeader(http.StatusNotFound)
-            w.Header().Set("Content-Type", "text/html; charset=utf-8")
-            w.Write(errorPage)
-        } else {
-            http.NotFound(w, r)
-        }
-    }
+// Get entrypoint from context
+if ep := entrypoint.FromCtx(r.Context()); ep != nil {
+    route, ok := ep.GetRoute("alias")
 }
 ```
 
-## Configuration Structure
+## Testing Notes
 
-```go
-type Config struct {
-    Middlewares []map[string]any `json:"middlewares"`
-    Rules       rules.Rules      `json:"rules"`
-    AccessLog   *accesslog.RequestLoggerConfig `json:"access_log"`
-}
-```
-
-## Middleware Integration
-
-The entrypoint supports middleware chains configured via YAML:
-
-```yaml
-entrypoint:
-  middlewares:
-    - use: rate_limit
-      average: 100
-      burst: 200
-      bypass:
-        - remote 192.168.1.0/24
-    - use: redirect_http
-```
-
-## Access Logging
-
-Access logging wraps the response recorder to capture:
-
-- Request method and URL
-- Response status code
-- Response size
-- Request duration
-- Client IP address
-
-```go
-func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-    if ep.accessLogger != nil {
-        rec := accesslog.GetResponseRecorder(w)
-        w = rec
-        defer func() {
-            ep.accessLogger.Log(r, rec.Response())
-            accesslog.PutResponseRecorder(rec)
-        }()
-    }
-    // ... handle request
-}
-```
-
-## Integration Points
-
-The entrypoint integrates with:
-
-- **Route Registry**: HTTP route lookup
-- **Middleware**: Request processing chain
-- **AccessLog**: Request logging
-- **ErrorPage**: 404 error pages
-- **ShortLink**: Short link handling
+- Benchmark tests in [`entrypoint_benchmark_test.go`](internal/entrypoint/entrypoint_benchmark_test.go)
+- Integration tests in [`entrypoint_test.go`](internal/entrypoint/entrypoint_test.go)
+- Mock route pools for unit testing
+- Short link tests in [`shortlink_test.go`](internal/entrypoint/shortlink_test.go)

internal/entrypoint/entrypoint.go

@@ -1,47 +1,143 @@
 package entrypoint
 
 import (
+	"net"
 	"net/http"
 	"strings"
 	"sync/atomic"
+	"testing"
 
+	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog/log"
-	"github.com/yusing/godoxy/internal/common"
 	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/logging/accesslog"
 	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
-	"github.com/yusing/godoxy/internal/net/gphttp/middleware/errorpage"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/route/rules"
 	"github.com/yusing/godoxy/internal/types"
+	gperr "github.com/yusing/goutils/errs"
+	"github.com/yusing/goutils/pool"
 	"github.com/yusing/goutils/task"
 )
 
+type HTTPRoutes interface {
+	Get(alias string) (types.HTTPRoute, bool)
+}
+
+type findRouteFunc func(HTTPRoutes, string) types.HTTPRoute
+
 type Entrypoint struct {
-	middleware      *middleware.Middleware
-	notFoundHandler http.Handler
-	accessLogger    accesslog.AccessLogger
-	findRouteFunc   func(host string) types.HTTPRoute
-	shortLinkTree   *ShortLinkMatcher
+	task *task.Task
+
+	cfg *Config
+
+	middleware       *middleware.Middleware
+	notFoundHandler  http.Handler
+	accessLogger     accesslog.AccessLogger
+	findRouteFunc    findRouteFunc
+	shortLinkMatcher *ShortLinkMatcher
+
+	streamRoutes   *pool.Pool[types.StreamRoute]
+	excludedRoutes *pool.Pool[types.Route]
+
+	// this only affects future http servers creation
+	httpPoolDisableLog atomic.Bool
+
+	servers      *xsync.Map[string, *httpServer]    // listen addr -> server
+	tcpListeners *xsync.Map[string, net.Listener]   // listen addr -> listener
+	udpListeners *xsync.Map[string, net.PacketConn] // listen addr -> listener
 }
 
-// nil-safe
-var ActiveConfig atomic.Pointer[entrypoint.Config]
+var _ entrypoint.Entrypoint = &Entrypoint{}
 
-func init() {
-	// make sure it's not nil
-	ActiveConfig.Store(&entrypoint.Config{})
+var emptyCfg Config
+
+func NewTestEntrypoint(t testing.TB, cfg *Config) *Entrypoint {
+	t.Helper()
+
+	task := task.GetTestTask(t)
+	ep := NewEntrypoint(task, cfg)
+	entrypoint.SetCtx(task, ep)
+	return ep
 }
 
-func NewEntrypoint() Entrypoint {
-	return Entrypoint{
-		findRouteFunc: findRouteAnyDomain,
-		shortLinkTree: newShortLinkTree(),
+func NewEntrypoint(parent task.Parent, cfg *Config) *Entrypoint {
+	if cfg == nil {
+		cfg = &emptyCfg
 	}
+
+	ep := &Entrypoint{
+		task:             parent.Subtask("entrypoint", false),
+		cfg:              cfg,
+		findRouteFunc:    findRouteAnyDomain,
+		shortLinkMatcher: newShortLinkMatcher(),
+		streamRoutes:     pool.New[types.StreamRoute]("stream_routes"),
+		excludedRoutes:   pool.New[types.Route]("excluded_routes"),
+		servers:          xsync.NewMap[string, *httpServer](),
+		tcpListeners:     xsync.NewMap[string, net.Listener](),
+		udpListeners:     xsync.NewMap[string, net.PacketConn](),
+	}
+	ep.task.OnCancel("stop", func() {
+		// servers stop on their own when context is cancelled
+		var errs gperr.Group
+		for _, listener := range ep.tcpListeners.Range {
+			errs.Go(func() error {
+				return listener.Close()
+			})
+		}
+		for _, listener := range ep.udpListeners.Range {
+			errs.Go(func() error {
+				return listener.Close()
+			})
+		}
+		if err := errs.Wait().Error(); err != nil {
+			gperr.LogError("failed to stop entrypoint listeners", err)
+		}
+	})
+	ep.task.OnFinished("cleanup", func() {
+		ep.servers.Clear()
+		ep.tcpListeners.Clear()
+		ep.udpListeners.Clear()
+	})
+	return ep
+}
+
+func (ep *Entrypoint) Task() *task.Task {
+	return ep.task
+}
+
+func (ep *Entrypoint) SupportProxyProtocol() bool {
+	return ep.cfg.SupportProxyProtocol
+}
+
+func (ep *Entrypoint) DisablePoolsLog(v bool) {
+	ep.httpPoolDisableLog.Store(v)
+	// apply to all running http servers
+	for _, srv := range ep.servers.Range {
+		srv.routes.DisableLog(v)
+	}
+	// apply to other pools
+	ep.streamRoutes.DisableLog(v)
+	ep.excludedRoutes.DisableLog(v)
 }
 
 func (ep *Entrypoint) ShortLinkMatcher() *ShortLinkMatcher {
-	return ep.shortLinkTree
+	return ep.shortLinkMatcher
+}
+
+func (ep *Entrypoint) HTTPRoutes() entrypoint.PoolLike[types.HTTPRoute] {
+	return newHTTPPoolAdapter(ep)
+}
+
+func (ep *Entrypoint) StreamRoutes() entrypoint.PoolLike[types.StreamRoute] {
+	return ep.streamRoutes
+}
+
+func (ep *Entrypoint) ExcludedRoutes() entrypoint.RWPoolLike[types.Route] {
+	return ep.excludedRoutes
+}
+
+func (ep *Entrypoint) GetServer(addr string) (HTTPServer, bool) {
+	return ep.servers.Load(addr)
 }
 
 func (ep *Entrypoint) SetFindRouteDomains(domains []string) {
@@ -74,7 +170,7 @@ func (ep *Entrypoint) SetMiddlewares(mws []map[string]any) error {
 }
 
 func (ep *Entrypoint) SetNotFoundRules(rules rules.Rules) {
-	ep.notFoundHandler = rules.BuildHandler(http.HandlerFunc(ep.serveNotFound))
+	ep.notFoundHandler = rules.BuildHandler(serveNotFound)
 }
 
 func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.RequestLoggerConfig) (err error) {
@@ -91,111 +187,39 @@ func (ep *Entrypoint) SetAccessLogger(parent task.Parent, cfg *accesslog.Request
 	return err
 }
 
-func (ep *Entrypoint) FindRoute(s string) types.HTTPRoute {
-	return ep.findRouteFunc(s)
-}
-
-func (ep *Entrypoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if ep.accessLogger != nil {
-		rec := accesslog.GetResponseRecorder(w)
-		w = rec
-		defer func() {
-			ep.accessLogger.LogRequest(r, rec.Response())
-			accesslog.PutResponseRecorder(rec)
-		}()
-	}
-
-	route := ep.findRouteFunc(r.Host)
-	switch {
-	case route != nil:
-		r = routes.WithRouteContext(r, route)
-		if ep.middleware != nil {
-			ep.middleware.ServeHTTP(route.ServeHTTP, w, r)
-		} else {
-			route.ServeHTTP(w, r)
-		}
-	case ep.tryHandleShortLink(w, r):
-		return
-	case ep.notFoundHandler != nil:
-		ep.notFoundHandler.ServeHTTP(w, r)
-	default:
-		ep.serveNotFound(w, r)
-	}
-}
-
-func (ep *Entrypoint) tryHandleShortLink(w http.ResponseWriter, r *http.Request) (handled bool) {
-	host := r.Host
-	if before, _, ok := strings.Cut(host, ":"); ok {
-		host = before
-	}
-	if strings.EqualFold(host, common.ShortLinkPrefix) {
-		if ep.middleware != nil {
-			ep.middleware.ServeHTTP(ep.shortLinkTree.ServeHTTP, w, r)
-		} else {
-			ep.shortLinkTree.ServeHTTP(w, r)
-		}
-		return true
-	}
-	return false
-}
-
-func (ep *Entrypoint) serveNotFound(w http.ResponseWriter, r *http.Request) {
-	// Why use StatusNotFound instead of StatusBadRequest or StatusBadGateway?
-	// On nginx, when route for domain does not exist, it returns StatusBadGateway.
-	// Then scraper / scanners will know the subdomain is invalid.
-	// With StatusNotFound, they won't know whether it's the path, or the subdomain that is invalid.
-	if served := middleware.ServeStaticErrorPageFile(w, r); !served {
-		log.Error().
-			Str("method", r.Method).
-			Str("url", r.URL.String()).
-			Str("remote", r.RemoteAddr).
-			Msgf("not found: %s", r.Host)
-		errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
-		if ok {
-			w.WriteHeader(http.StatusNotFound)
-			w.Header().Set("Content-Type", "text/html; charset=utf-8")
-			if _, err := w.Write(errorPage); err != nil {
-				log.Err(err).Msg("failed to write error page")
-			}
-		} else {
-			http.NotFound(w, r)
-		}
-	}
-}
-
-func findRouteAnyDomain(host string) types.HTTPRoute {
+func findRouteAnyDomain(routes HTTPRoutes, host string) types.HTTPRoute {
 	idx := strings.IndexByte(host, '.')
 	if idx != -1 {
 		target := host[:idx]
-		if r, ok := routes.HTTP.Get(target); ok {
+		if r, ok := routes.Get(target); ok {
 			return r
 		}
 	}
-	if r, ok := routes.HTTP.Get(host); ok {
+	if r, ok := routes.Get(host); ok {
 		return r
 	}
 	// try striping the trailing :port from the host
 	if before, _, ok := strings.Cut(host, ":"); ok {
-		if r, ok := routes.HTTP.Get(before); ok {
+		if r, ok := routes.Get(before); ok {
 			return r
 		}
 	}
 	return nil
 }
 
-func findRouteByDomains(domains []string) func(host string) types.HTTPRoute {
-	return func(host string) types.HTTPRoute {
+func findRouteByDomains(domains []string) func(routes HTTPRoutes, host string) types.HTTPRoute {
+	return func(routes HTTPRoutes, host string) types.HTTPRoute {
 		host, _, _ = strings.Cut(host, ":") // strip the trailing :port
 		for _, domain := range domains {
 			if target, ok := strings.CutSuffix(host, domain); ok {
-				if r, ok := routes.HTTP.Get(target); ok {
+				if r, ok := routes.Get(target); ok {
 					return r
 				}
 			}
 		}
 
 		// fallback to exact match
-		if r, ok := routes.HTTP.Get(host); ok {
+		if r, ok := routes.Get(host); ok {
 			return r
 		}
 		return nil

internal/entrypoint/entrypoint_benchmark_test.go

@@ -10,9 +10,11 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+	"github.com/yusing/godoxy/internal/common"
 	. "github.com/yusing/godoxy/internal/entrypoint"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
-	"github.com/yusing/godoxy/internal/route/routes"
 	routeTypes "github.com/yusing/godoxy/internal/route/types"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/goutils/task"
@@ -48,13 +50,15 @@ func (t noopTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 }
 
 func BenchmarkEntrypointReal(b *testing.B) {
-	var ep Entrypoint
+	task := task.GetTestTask(b)
+	ep := NewEntrypoint(task, nil)
 	req := http.Request{
 		Method: "GET",
 		URL:    &url.URL{Path: "/", RawPath: "/"},
 		Host:   "test.domain.tld",
 	}
 	ep.SetFindRouteDomains([]string{})
+	entrypoint.SetCtx(task, ep)
 
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Length", "1")
@@ -77,48 +81,48 @@ func BenchmarkEntrypointReal(b *testing.B) {
 		b.Fatal(err)
 	}
 
-	r := &route.Route{
+	r, err := route.NewStartedTestRoute(b, &route.Route{
 		Alias:       "test",
 		Scheme:      routeTypes.SchemeHTTP,
 		Host:        host,
 		Port:        route.Port{Proxy: portInt},
 		HealthCheck: types.HealthCheckConfig{Disable: true},
-	}
+	})
 
-	err = r.Validate()
-	if err != nil {
-		b.Fatal(err)
-	}
-
-	err = r.Start(task.RootTask("test", false))
-	if err != nil {
-		b.Fatal(err)
-	}
+	require.NoError(b, err)
+	require.False(b, r.ShouldExclude())
 
 	var w noopResponseWriter
 
+	server, ok := ep.GetServer(common.ProxyHTTPAddr)
+	if !ok {
+		b.Fatal("server not found")
+	}
+
 	b.ResetTimer()
 	for b.Loop() {
-		ep.ServeHTTP(&w, &req)
-		// if w.statusCode != http.StatusOK {
-		// 	b.Fatalf("status code is not 200: %d", w.statusCode)
-		// }
-		// if string(w.written) != "1" {
-		// 	b.Fatalf("written is not 1: %s", string(w.written))
-		// }
+		server.ServeHTTP(&w, &req)
+		if w.statusCode != http.StatusOK {
+			b.Fatalf("status code is not 200: %d", w.statusCode)
+		}
+		if string(w.written) != "1" {
+			b.Fatalf("written is not 1: %s", string(w.written))
+		}
 	}
 }
 
 func BenchmarkEntrypoint(b *testing.B) {
-	var ep Entrypoint
+	task := task.GetTestTask(b)
+	ep := NewEntrypoint(task, nil)
 	req := http.Request{
 		Method: "GET",
 		URL:    &url.URL{Path: "/", RawPath: "/"},
 		Host:   "test.domain.tld",
 	}
 	ep.SetFindRouteDomains([]string{})
+	entrypoint.SetCtx(task, ep)
 
-	r := &route.Route{
+	r, err := route.NewStartedTestRoute(b, &route.Route{
 		Alias:  "test",
 		Scheme: routeTypes.SchemeHTTP,
 		Host:   "localhost",
@@ -128,29 +132,23 @@ func BenchmarkEntrypoint(b *testing.B) {
 		HealthCheck: types.HealthCheckConfig{
 			Disable: true,
 		},
-	}
+	})
 
-	err := r.Validate()
-	if err != nil {
-		b.Fatal(err)
-	}
+	require.NoError(b, err)
+	require.False(b, r.ShouldExclude())
 
-	err = r.Start(task.RootTask("test", false))
-	if err != nil {
-		b.Fatal(err)
-	}
-
-	rev, ok := routes.HTTP.Get("test")
-	if !ok {
-		b.Fatal("route not found")
-	}
-	rev.(types.ReverseProxyRoute).ReverseProxy().Transport = noopTransport{}
+	r.(types.ReverseProxyRoute).ReverseProxy().Transport = noopTransport{}
 
 	var w noopResponseWriter
 
+	server, ok := ep.GetServer(common.ProxyHTTPAddr)
+	if !ok {
+		b.Fatal("server not found")
+	}
+
 	b.ResetTimer()
 	for b.Loop() {
-		ep.ServeHTTP(&w, &req)
+		server.ServeHTTP(&w, &req)
 		if w.statusCode != http.StatusOK {
 			b.Fatalf("status code is not 200: %d", w.statusCode)
 		}

internal/entrypoint/entrypoint_test.go

@@ -3,48 +3,70 @@ package entrypoint_test
 import (
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	. "github.com/yusing/godoxy/internal/entrypoint"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/route"
-	"github.com/yusing/godoxy/internal/route/routes"
-
+	routeTypes "github.com/yusing/godoxy/internal/route/types"
+	"github.com/yusing/godoxy/internal/types"
+	"github.com/yusing/goutils/task"
 	expect "github.com/yusing/goutils/testing"
 )
 
-var ep = NewEntrypoint()
+func addRoute(t *testing.T, alias string) {
+	t.Helper()
 
-func addRoute(alias string) {
-	routes.HTTP.Add(&route.ReveseProxyRoute{
-		Route: &route.Route{
-			Alias: alias,
-			Port: route.Port{
-				Proxy: 80,
-			},
+	ep := entrypoint.FromCtx(task.GetTestTask(t).Context())
+	require.NotNil(t, ep)
+
+	_, err := route.NewStartedTestRoute(t, &route.Route{
+		Alias:  alias,
+		Scheme: routeTypes.SchemeHTTP,
+		Port: route.Port{
+			Listening: 1000,
+			Proxy:     8080,
+		},
+		HealthCheck: types.HealthCheckConfig{
+			Disable: true,
 		},
 	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	route, ok := ep.HTTPRoutes().Get(alias)
+	require.True(t, ok, "route not found")
+	require.NotNil(t, route)
 }
 
-func run(t *testing.T, match []string, noMatch []string) {
+func run(t *testing.T, ep *Entrypoint, match []string, noMatch []string) {
 	t.Helper()
-	t.Cleanup(routes.Clear)
-	t.Cleanup(func() { ep.SetFindRouteDomains(nil) })
+
+	server, ok := ep.GetServer(":1000")
+	require.True(t, ok, "server not found")
+	require.NotNil(t, server)
 
 	for _, test := range match {
 		t.Run(test, func(t *testing.T) {
-			found := ep.FindRoute(test)
-			expect.NotNil(t, found)
+			route := server.FindRoute(test)
+			assert.NotNil(t, route)
 		})
 	}
 
 	for _, test := range noMatch {
 		t.Run(test, func(t *testing.T) {
-			found := ep.FindRoute(test)
-			expect.Nil(t, found)
+			found, ok := ep.HTTPRoutes().Get(test)
+			assert.False(t, ok)
+			assert.Nil(t, found)
 		})
 	}
 }
 
 func TestFindRouteAnyDomain(t *testing.T) {
-	addRoute("app1")
+	ep := NewTestEntrypoint(t, nil)
+
+	addRoute(t, "app1")
 
 	tests := []string{
 		"app1.com",
@@ -58,10 +80,12 @@ func TestFindRouteAnyDomain(t *testing.T) {
 		"app2.sub.domain.com",
 	}
 
-	run(t, tests, testsNoMatch)
+	run(t, ep, tests, testsNoMatch)
 }
 
 func TestFindRouteExactHostMatch(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
 	tests := []string{
 		"app2.com",
 		"app2.domain.com",
@@ -75,19 +99,20 @@ func TestFindRouteExactHostMatch(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		addRoute(test)
+		addRoute(t, test)
 	}
 
-	run(t, tests, testsNoMatch)
+	run(t, ep, tests, testsNoMatch)
 }
 
 func TestFindRouteByDomains(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
 	ep.SetFindRouteDomains([]string{
 		".domain.com",
 		".sub.domain.com",
 	})
 
-	addRoute("app1")
+	addRoute(t, "app1")
 
 	tests := []string{
 		"app1.domain.com",
@@ -103,16 +128,17 @@ func TestFindRouteByDomains(t *testing.T) {
 		"app2.sub.domain.com",
 	}
 
-	run(t, tests, testsNoMatch)
+	run(t, ep, tests, testsNoMatch)
 }
 
 func TestFindRouteByDomainsExactMatch(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
 	ep.SetFindRouteDomains([]string{
 		".domain.com",
 		".sub.domain.com",
 	})
 
-	addRoute("app1.foo.bar")
+	addRoute(t, "app1.foo.bar")
 
 	tests := []string{
 		"app1.foo.bar", // exact match
@@ -126,13 +152,14 @@ func TestFindRouteByDomainsExactMatch(t *testing.T) {
 		"app1.sub.domain.com",
 	}
 
-	run(t, tests, testsNoMatch)
+	run(t, ep, tests, testsNoMatch)
 }
 
 func TestFindRouteWithPort(t *testing.T) {
 	t.Run("AnyDomain", func(t *testing.T) {
-		addRoute("app1")
-		addRoute("app2.com")
+		ep := NewTestEntrypoint(t, nil)
+		addRoute(t, "app1")
+		addRoute(t, "app2.com")
 
 		tests := []string{
 			"app1:8080",
@@ -144,16 +171,17 @@ func TestFindRouteWithPort(t *testing.T) {
 			"app2.co",
 			"app2.co:8080",
 		}
-		run(t, tests, testsNoMatch)
+		run(t, ep, tests, testsNoMatch)
 	})
 
 	t.Run("ByDomains", func(t *testing.T) {
+		ep := NewTestEntrypoint(t, nil)
 		ep.SetFindRouteDomains([]string{
 			".domain.com",
 		})
-		addRoute("app1")
-		addRoute("app2")
-		addRoute("app3.domain.com")
+		addRoute(t, "app1")
+		addRoute(t, "app2")
+		addRoute(t, "app3.domain.com")
 
 		tests := []string{
 			"app1.domain.com:8080",
@@ -169,6 +197,120 @@ func TestFindRouteWithPort(t *testing.T) {
 			"app3.domain.co",
 			"app3.domain.co:8080",
 		}
-		run(t, tests, testsNoMatch)
+		run(t, ep, tests, testsNoMatch)
 	})
 }
+
+func TestHealthInfoQueries(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	// Add routes without health monitors (default case)
+	addRoute(t, "app1")
+	addRoute(t, "app2")
+
+	// Test GetHealthInfo
+	t.Run("GetHealthInfo", func(t *testing.T) {
+		info := ep.GetHealthInfo()
+		expect.Equal(t, 2, len(info))
+		for _, health := range info {
+			expect.Equal(t, types.StatusUnknown, health.Status)
+			expect.Equal(t, "n/a", health.Detail)
+		}
+	})
+
+	// Test GetHealthInfoWithoutDetail
+	t.Run("GetHealthInfoWithoutDetail", func(t *testing.T) {
+		info := ep.GetHealthInfoWithoutDetail()
+		expect.Equal(t, 2, len(info))
+		for _, health := range info {
+			expect.Equal(t, types.StatusUnknown, health.Status)
+		}
+	})
+
+	// Test GetHealthInfoSimple
+	t.Run("GetHealthInfoSimple", func(t *testing.T) {
+		info := ep.GetHealthInfoSimple()
+		expect.Equal(t, 2, len(info))
+		for _, status := range info {
+			expect.Equal(t, types.StatusUnknown, status)
+		}
+	})
+}
+
+func TestRoutesByProvider(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	// Add routes with provider info
+	addRoute(t, "app1")
+	addRoute(t, "app2")
+
+	byProvider := ep.RoutesByProvider()
+	expect.Equal(t, 1, len(byProvider)) // All routes are from same implicit provider
+
+	routes, ok := byProvider[""]
+	expect.True(t, ok)
+	expect.Equal(t, 2, len(routes))
+}
+
+func TestNumRoutes(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	expect.Equal(t, 0, ep.NumRoutes())
+
+	addRoute(t, "app1")
+	expect.Equal(t, 1, ep.NumRoutes())
+
+	addRoute(t, "app2")
+	expect.Equal(t, 2, ep.NumRoutes())
+}
+
+func TestIterRoutes(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	addRoute(t, "app1")
+	addRoute(t, "app2")
+	addRoute(t, "app3")
+
+	count := 0
+	for r := range ep.IterRoutes {
+		count++
+		expect.NotNil(t, r)
+	}
+	expect.Equal(t, 3, count)
+}
+
+func TestGetRoute(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	// Route not found case
+	_, ok := ep.GetRoute("nonexistent")
+	expect.False(t, ok)
+
+	addRoute(t, "app1")
+
+	route, ok := ep.GetRoute("app1")
+	expect.True(t, ok)
+	expect.NotNil(t, route)
+}
+
+func TestHTTPRoutesPool(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	pool := ep.HTTPRoutes()
+	expect.Equal(t, 0, pool.Size())
+
+	addRoute(t, "app1")
+	expect.Equal(t, 1, pool.Size())
+
+	// Verify route is accessible
+	route, ok := pool.Get("app1")
+	expect.True(t, ok)
+	expect.NotNil(t, route)
+}
+
+func TestExcludedRoutesPool(t *testing.T) {
+	ep := NewTestEntrypoint(t, nil)
+
+	excludedPool := ep.ExcludedRoutes()
+	expect.Equal(t, 0, excludedPool.Size())
+}

internal/entrypoint/http_pool_adapter.go

@@ -0,0 +1,51 @@
+package entrypoint
+
+import (
+	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/types"
+)
+
+// httpPoolAdapter implements the PoolLike interface for the HTTP routes.
+type httpPoolAdapter struct {
+	ep *Entrypoint
+}
+
+func newHTTPPoolAdapter(ep *Entrypoint) httpPoolAdapter {
+	return httpPoolAdapter{ep: ep}
+}
+
+func (h httpPoolAdapter) Iter(yield func(alias string, route types.HTTPRoute) bool) {
+	for addr, srv := range h.ep.servers.Range {
+		// default routes are added to both HTTP and HTTPS servers, we don't need to iterate over them twice.
+		if addr == common.ProxyHTTPSAddr {
+			continue
+		}
+		for alias, route := range srv.routes.Iter {
+			if !yield(alias, route) {
+				return
+			}
+		}
+	}
+}
+
+func (h httpPoolAdapter) Get(alias string) (types.HTTPRoute, bool) {
+	for addr, srv := range h.ep.servers.Range {
+		if addr == common.ProxyHTTPSAddr {
+			continue
+		}
+		if route, ok := srv.routes.Get(alias); ok {
+			return route, true
+		}
+	}
+	return nil, false
+}
+
+func (h httpPoolAdapter) Size() (n int) {
+	for addr, srv := range h.ep.servers.Range {
+		if addr == common.ProxyHTTPSAddr {
+			continue
+		}
+		n += srv.routes.Size()
+	}
+	return
+}

internal/entrypoint/http_server.go

@@ -0,0 +1,172 @@
+package entrypoint
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/rs/zerolog/log"
+	acl "github.com/yusing/godoxy/internal/acl/types"
+	autocert "github.com/yusing/godoxy/internal/autocert/types"
+	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/logging/accesslog"
+	"github.com/yusing/godoxy/internal/net/gphttp/middleware"
+	"github.com/yusing/godoxy/internal/net/gphttp/middleware/errorpage"
+	"github.com/yusing/godoxy/internal/route/routes"
+	"github.com/yusing/godoxy/internal/types"
+	"github.com/yusing/goutils/pool"
+	"github.com/yusing/goutils/server"
+)
+
+// httpServer is a server that listens on a given address and serves HTTP routes.
+type HTTPServer interface {
+	Listen(addr string, proto HTTPProto) error
+	AddRoute(route types.HTTPRoute)
+	DelRoute(route types.HTTPRoute)
+	FindRoute(s string) types.HTTPRoute
+	ServeHTTP(w http.ResponseWriter, r *http.Request)
+}
+
+type httpServer struct {
+	srv *server.Server
+	ep  *Entrypoint
+
+	stopFunc func(reason any)
+
+	addr   string
+	routes *pool.Pool[types.HTTPRoute]
+}
+
+type HTTPProto string
+
+const (
+	HTTPProtoHTTP  HTTPProto = "http"
+	HTTPProtoHTTPS HTTPProto = "https"
+)
+
+func NewHTTPServer(ep *Entrypoint) HTTPServer {
+	return newHTTPServer(ep)
+}
+
+func newHTTPServer(ep *Entrypoint) *httpServer {
+	return &httpServer{ep: ep}
+}
+
+// Listen starts the server and stop when entrypoint is stopped.
+func (srv *httpServer) Listen(addr string, proto HTTPProto) error {
+	if srv.srv != nil {
+		return errors.New("server already started")
+	}
+
+	opts := server.Options{
+		Name:                 addr,
+		Handler:              srv,
+		ACL:                  acl.FromCtx(srv.ep.task.Context()),
+		SupportProxyProtocol: srv.ep.cfg.SupportProxyProtocol,
+	}
+
+	switch proto {
+	case HTTPProtoHTTP:
+		opts.HTTPAddr = addr
+	case HTTPProtoHTTPS:
+		opts.HTTPSAddr = addr
+		opts.CertProvider = autocert.FromCtx(srv.ep.task.Context())
+	}
+
+	task := srv.ep.task.Subtask("http_server", false)
+	server, err := server.StartServer(task, opts)
+	if err != nil {
+		return err
+	}
+	srv.stopFunc = task.FinishAndWait
+	srv.addr = addr
+	srv.srv = server
+	srv.routes = pool.New[types.HTTPRoute](fmt.Sprintf("[%s] %s", proto, addr))
+	srv.routes.DisableLog(srv.ep.httpPoolDisableLog.Load())
+	return nil
+}
+
+func (srv *httpServer) Close() {
+	srv.stopFunc(nil)
+}
+
+func (srv *httpServer) AddRoute(route types.HTTPRoute) {
+	srv.routes.Add(route)
+}
+
+func (srv *httpServer) DelRoute(route types.HTTPRoute) {
+	srv.routes.Del(route)
+}
+
+func (srv *httpServer) FindRoute(s string) types.HTTPRoute {
+	return srv.ep.findRouteFunc(srv.routes, s)
+}
+
+func (srv *httpServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if srv.ep.accessLogger != nil {
+		rec := accesslog.GetResponseRecorder(w)
+		w = rec
+		defer func() {
+			srv.ep.accessLogger.LogRequest(r, rec.Response())
+			accesslog.PutResponseRecorder(rec)
+		}()
+	}
+
+	route := srv.ep.findRouteFunc(srv.routes, r.Host)
+	switch {
+	case route != nil:
+		r = routes.WithRouteContext(r, route)
+		if srv.ep.middleware != nil {
+			srv.ep.middleware.ServeHTTP(route.ServeHTTP, w, r)
+		} else {
+			route.ServeHTTP(w, r)
+		}
+	case srv.tryHandleShortLink(w, r):
+		return
+	case srv.ep.notFoundHandler != nil:
+		srv.ep.notFoundHandler.ServeHTTP(w, r)
+	default:
+		serveNotFound(w, r)
+	}
+}
+
+func (srv *httpServer) tryHandleShortLink(w http.ResponseWriter, r *http.Request) (handled bool) {
+	host := r.Host
+	if before, _, ok := strings.Cut(host, ":"); ok {
+		host = before
+	}
+	if strings.EqualFold(host, common.ShortLinkPrefix) {
+		if srv.ep.middleware != nil {
+			srv.ep.middleware.ServeHTTP(srv.ep.shortLinkMatcher.ServeHTTP, w, r)
+		} else {
+			srv.ep.shortLinkMatcher.ServeHTTP(w, r)
+		}
+		return true
+	}
+	return false
+}
+
+func serveNotFound(w http.ResponseWriter, r *http.Request) {
+	// Why use StatusNotFound instead of StatusBadRequest or StatusBadGateway?
+	// On nginx, when route for domain does not exist, it returns StatusBadGateway.
+	// Then scraper / scanners will know the subdomain is invalid.
+	// With StatusNotFound, they won't know whether it's the path, or the subdomain that is invalid.
+	if served := middleware.ServeStaticErrorPageFile(w, r); !served {
+		log.Error().
+			Str("method", r.Method).
+			Str("url", r.URL.String()).
+			Str("remote", r.RemoteAddr).
+			Msgf("not found: %s", r.Host)
+		errorPage, ok := errorpage.GetErrorPageByStatus(http.StatusNotFound)
+		if ok {
+			w.WriteHeader(http.StatusNotFound)
+			w.Header().Set("Content-Type", "text/html; charset=utf-8")
+			if _, err := w.Write(errorPage); err != nil {
+				log.Err(err).Msg("failed to write error page")
+			}
+		} else {
+			http.NotFound(w, r)
+		}
+	}
+}

internal/entrypoint/query.go

@@ -0,0 +1,91 @@
+package entrypoint
+
+import (
+	"github.com/yusing/godoxy/internal/types"
+)
+
+// GetHealthInfo returns a map of route name to health info.
+//
+// The health info is for all routes, including excluded routes.
+func (ep *Entrypoint) GetHealthInfo() map[string]types.HealthInfo {
+	healthMap := make(map[string]types.HealthInfo, ep.NumRoutes())
+	for r := range ep.IterRoutes {
+		healthMap[r.Name()] = getHealthInfo(r)
+	}
+	return healthMap
+}
+
+// GetHealthInfoWithoutDetail returns a map of route name to health info without detail.
+//
+// The health info is for all routes, including excluded routes.
+func (ep *Entrypoint) GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail {
+	healthMap := make(map[string]types.HealthInfoWithoutDetail, ep.NumRoutes())
+	for r := range ep.IterRoutes {
+		healthMap[r.Name()] = getHealthInfoWithoutDetail(r)
+	}
+	return healthMap
+}
+
+// GetHealthInfoSimple returns a map of route name to health status.
+//
+// The health status is for all routes, including excluded routes.
+func (ep *Entrypoint) GetHealthInfoSimple() map[string]types.HealthStatus {
+	healthMap := make(map[string]types.HealthStatus, ep.NumRoutes())
+	for r := range ep.IterRoutes {
+		healthMap[r.Name()] = getHealthInfoSimple(r)
+	}
+	return healthMap
+}
+
+// RoutesByProvider returns a map of provider name to routes.
+//
+// The routes are all routes, including excluded routes.
+func (ep *Entrypoint) RoutesByProvider() map[string][]types.Route {
+	rts := make(map[string][]types.Route)
+	for r := range ep.IterRoutes {
+		rts[r.ProviderName()] = append(rts[r.ProviderName()], r)
+	}
+	return rts
+}
+
+func getHealthInfo(r types.Route) types.HealthInfo {
+	mon := r.HealthMonitor()
+	if mon == nil {
+		return types.HealthInfo{
+			HealthInfoWithoutDetail: types.HealthInfoWithoutDetail{
+				Status: types.StatusUnknown,
+			},
+			Detail: "n/a",
+		}
+	}
+	return types.HealthInfo{
+		HealthInfoWithoutDetail: types.HealthInfoWithoutDetail{
+			Status:  mon.Status(),
+			Uptime:  mon.Uptime(),
+			Latency: mon.Latency(),
+		},
+		Detail: mon.Detail(),
+	}
+}
+
+func getHealthInfoWithoutDetail(r types.Route) types.HealthInfoWithoutDetail {
+	mon := r.HealthMonitor()
+	if mon == nil {
+		return types.HealthInfoWithoutDetail{
+			Status: types.StatusUnknown,
+		}
+	}
+	return types.HealthInfoWithoutDetail{
+		Status:  mon.Status(),
+		Uptime:  mon.Uptime(),
+		Latency: mon.Latency(),
+	}
+}
+
+func getHealthInfoSimple(r types.Route) types.HealthStatus {
+	mon := r.HealthMonitor()
+	if mon == nil {
+		return types.StatusUnknown
+	}
+	return mon.Status()
+}

internal/entrypoint/routes.go

@@ -0,0 +1,121 @@
+package entrypoint
+
+import (
+	"errors"
+	"net"
+	"strconv"
+
+	"github.com/rs/zerolog/log"
+	"github.com/yusing/godoxy/internal/common"
+	"github.com/yusing/godoxy/internal/types"
+)
+
+func (ep *Entrypoint) IterRoutes(yield func(r types.Route) bool) {
+	for _, r := range ep.HTTPRoutes().Iter {
+		if !yield(r) {
+			break
+		}
+	}
+	for _, r := range ep.streamRoutes.Iter {
+		if !yield(r) {
+			break
+		}
+	}
+	for _, r := range ep.excludedRoutes.Iter {
+		if !yield(r) {
+			break
+		}
+	}
+}
+
+func (ep *Entrypoint) NumRoutes() int {
+	return ep.HTTPRoutes().Size() + ep.streamRoutes.Size() + ep.excludedRoutes.Size()
+}
+
+func (ep *Entrypoint) GetRoute(alias string) (types.Route, bool) {
+	if r, ok := ep.HTTPRoutes().Get(alias); ok {
+		return r, true
+	}
+	if r, ok := ep.streamRoutes.Get(alias); ok {
+		return r, true
+	}
+	if r, ok := ep.excludedRoutes.Get(alias); ok {
+		return r, true
+	}
+	return nil, false
+}
+
+func (ep *Entrypoint) AddRoute(r types.Route) {
+	if r.ShouldExclude() {
+		ep.excludedRoutes.Add(r)
+		r.Task().OnCancel("remove_route", func() {
+			ep.excludedRoutes.Del(r)
+		})
+		return
+	}
+	switch r := r.(type) {
+	case types.HTTPRoute:
+		if err := ep.AddHTTPRoute(r); err != nil {
+			log.Error().
+				Err(err).
+				Str("route", r.Key()).
+				Str("listen_url", r.ListenURL().String()).
+				Msg("failed to add HTTP route")
+		}
+		ep.shortLinkMatcher.AddRoute(r.Key())
+		r.Task().OnCancel("remove_route", func() {
+			ep.delHTTPRoute(r)
+			ep.shortLinkMatcher.DelRoute(r.Key())
+		})
+	case types.StreamRoute:
+		ep.streamRoutes.Add(r)
+		r.Task().OnCancel("remove_route", func() {
+			ep.streamRoutes.Del(r)
+		})
+	}
+}
+
+// AddHTTPRoute adds a HTTP route to the entrypoint's server.
+//
+// If the server does not exist, it will be created, started and return any error.
+func (ep *Entrypoint) AddHTTPRoute(route types.HTTPRoute) error {
+	if port := route.ListenURL().Port(); port == "" || port == "0" {
+		host := route.ListenURL().Hostname()
+		var httpAddr, httpsAddr string
+		if host == "" {
+			httpAddr = common.ProxyHTTPAddr
+			httpsAddr = common.ProxyHTTPSAddr
+		} else {
+			httpAddr = net.JoinHostPort(host, strconv.Itoa(common.ProxyHTTPPort))
+			httpsAddr = net.JoinHostPort(host, strconv.Itoa(common.ProxyHTTPSPort))
+		}
+		return errors.Join(ep.addHTTPRoute(route, httpAddr, HTTPProtoHTTP), ep.addHTTPRoute(route, httpsAddr, HTTPProtoHTTPS))
+	}
+
+	return ep.addHTTPRoute(route, route.ListenURL().Host, HTTPProtoHTTPS)
+}
+
+func (ep *Entrypoint) addHTTPRoute(route types.HTTPRoute, addr string, proto HTTPProto) error {
+	var err error
+	srv, _ := ep.servers.LoadOrCompute(addr, func() (newSrv *httpServer, cancel bool) {
+		newSrv = newHTTPServer(ep)
+		err = newSrv.Listen(addr, proto)
+		cancel = err != nil
+		return
+	})
+	if err != nil {
+		return err
+	}
+
+	srv.AddRoute(route)
+	return nil
+}
+
+func (ep *Entrypoint) delHTTPRoute(route types.HTTPRoute) {
+	addr := route.ListenURL().Host
+	srv, _ := ep.servers.Load(addr)
+	if srv != nil {
+		srv.DelRoute(route)
+	}
+	// TODO: close if no servers left
+}

internal/entrypoint/shortlink.go

@@ -14,7 +14,7 @@ type ShortLinkMatcher struct {
 	subdomainRoutes *xsync.Map[string, struct{}]
 }
 
-func newShortLinkTree() *ShortLinkMatcher {
+func newShortLinkMatcher() *ShortLinkMatcher {
 	return &ShortLinkMatcher{
 		fqdnRoutes:      xsync.NewMap[string, string](),
 		subdomainRoutes: xsync.NewMap[string, struct{}](),

internal/entrypoint/shortlink_test.go

@@ -6,13 +6,15 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/yusing/godoxy/internal/common"
 	. "github.com/yusing/godoxy/internal/entrypoint"
+	"github.com/yusing/goutils/task"
 )
 
 func TestShortLinkMatcher_FQDNAlias(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	matcher := ep.ShortLinkMatcher()
 	matcher.AddRoute("app.domain.com")
 
@@ -45,7 +47,7 @@ func TestShortLinkMatcher_FQDNAlias(t *testing.T) {
 }
 
 func TestShortLinkMatcher_SubdomainAlias(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	matcher := ep.ShortLinkMatcher()
 	matcher.SetDefaultDomainSuffix(".example.com")
 	matcher.AddRoute("app")
@@ -70,7 +72,7 @@ func TestShortLinkMatcher_SubdomainAlias(t *testing.T) {
 }
 
 func TestShortLinkMatcher_NotFound(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	matcher := ep.ShortLinkMatcher()
 	matcher.SetDefaultDomainSuffix(".example.com")
 	matcher.AddRoute("app")
@@ -93,7 +95,7 @@ func TestShortLinkMatcher_NotFound(t *testing.T) {
 }
 
 func TestShortLinkMatcher_AddDelRoute(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	matcher := ep.ShortLinkMatcher()
 	matcher.SetDefaultDomainSuffix(".example.com")
 
@@ -131,7 +133,7 @@ func TestShortLinkMatcher_AddDelRoute(t *testing.T) {
 }
 
 func TestShortLinkMatcher_NoDefaultDomainSuffix(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	matcher := ep.ShortLinkMatcher()
 	// no SetDefaultDomainSuffix called
 
@@ -158,15 +160,19 @@ func TestShortLinkMatcher_NoDefaultDomainSuffix(t *testing.T) {
 }
 
 func TestEntrypoint_ShortLinkDispatch(t *testing.T) {
-	ep := NewEntrypoint()
+	ep := NewEntrypoint(task.GetTestTask(t), nil)
 	ep.ShortLinkMatcher().SetDefaultDomainSuffix(".example.com")
 	ep.ShortLinkMatcher().AddRoute("app")
 
+	server := NewHTTPServer(ep)
+	err := server.Listen("localhost:0", HTTPProtoHTTP)
+	require.NoError(t, err)
+
 	t.Run("shortlink host", func(t *testing.T) {
 		req := httptest.NewRequest("GET", "/app", nil)
 		req.Host = common.ShortLinkPrefix
 		w := httptest.NewRecorder()
-		ep.ServeHTTP(w, req)
+		server.ServeHTTP(w, req)
 
 		assert.Equal(t, http.StatusTemporaryRedirect, w.Code)
 		assert.Equal(t, "https://app.example.com/", w.Header().Get("Location"))
@@ -176,7 +182,7 @@ func TestEntrypoint_ShortLinkDispatch(t *testing.T) {
 		req := httptest.NewRequest("GET", "/app", nil)
 		req.Host = common.ShortLinkPrefix + ":8080"
 		w := httptest.NewRecorder()
-		ep.ServeHTTP(w, req)
+		server.ServeHTTP(w, req)
 
 		assert.Equal(t, http.StatusTemporaryRedirect, w.Code)
 		assert.Equal(t, "https://app.example.com/", w.Header().Get("Location"))
@@ -186,7 +192,7 @@ func TestEntrypoint_ShortLinkDispatch(t *testing.T) {
 		req := httptest.NewRequest("GET", "/app", nil)
 		req.Host = "app.example.com"
 		w := httptest.NewRecorder()
-		ep.ServeHTTP(w, req)
+		server.ServeHTTP(w, req)
 
 		// Should not redirect, should try normal route lookup (which will 404)
 		assert.NotEqual(t, http.StatusTemporaryRedirect, w.Code)

internal/entrypoint/types/context.go

@@ -0,0 +1,18 @@
+package entrypoint
+
+import (
+	"context"
+)
+
+type ContextKey struct{}
+
+func SetCtx(ctx interface{ SetValue(any, any) }, ep Entrypoint) {
+	ctx.SetValue(ContextKey{}, ep)
+}
+
+func FromCtx(ctx context.Context) Entrypoint {
+	if ep, ok := ctx.Value(ContextKey{}).(Entrypoint); ok {
+		return ep
+	}
+	return nil
+}

internal/entrypoint/types/entrypoint.go

@@ -0,0 +1,37 @@
+package entrypoint
+
+import (
+	"github.com/yusing/godoxy/internal/types"
+)
+
+type Entrypoint interface {
+	SupportProxyProtocol() bool
+
+	DisablePoolsLog(v bool)
+
+	GetRoute(alias string) (types.Route, bool)
+	AddRoute(r types.Route)
+	IterRoutes(yield func(r types.Route) bool)
+	NumRoutes() int
+	RoutesByProvider() map[string][]types.Route
+
+	HTTPRoutes() PoolLike[types.HTTPRoute]
+	StreamRoutes() PoolLike[types.StreamRoute]
+	ExcludedRoutes() RWPoolLike[types.Route]
+
+	GetHealthInfo() map[string]types.HealthInfo
+	GetHealthInfoWithoutDetail() map[string]types.HealthInfoWithoutDetail
+	GetHealthInfoSimple() map[string]types.HealthStatus
+}
+
+type PoolLike[Route types.Route] interface {
+	Get(alias string) (Route, bool)
+	Iter(yield func(alias string, r Route) bool)
+	Size() int
+}
+
+type RWPoolLike[Route types.Route] interface {
+	PoolLike[Route]
+	Add(r Route)
+	Del(r Route)
+}

internal/health/check/docker.go

@@ -2,12 +2,13 @@ package healthcheck
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	"github.com/yusing/godoxy/internal/types"
 	httputils "github.com/yusing/goutils/http"
@@ -43,7 +44,7 @@ func Docker(ctx context.Context, state *DockerHealthcheckState, timeout time.Dur
 	defer cancel()
 
 	// the actual inspect response is intercepted and returned as RequestInterceptedError
-	_, err := state.client.ContainerInspect(ctx, state.containerId)
+	_, err := state.client.ContainerInspect(ctx, state.containerId, client.ContainerInspectOptions{})
 
 	var interceptedErr *httputils.RequestInterceptedError
 	if !httputils.AsRequestInterceptedError(err, &interceptedErr) {
@@ -105,7 +106,7 @@ func interceptDockerInspectResponse(resp *http.Response) (intercepted bool, err
 	}
 
 	var state container.State
-	err = json.Unmarshal(body, &state)
+	err = sonic.Unmarshal(body, &state)
 	release(body)
 	if err != nil {
 		return false, err

internal/homepage/icons/list/list_icons.go

@@ -2,12 +2,12 @@ package iconlist
 
 import (
 	"context"
-	"encoding/json"
 	"net/http"
 	"slices"
 	"strings"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -55,20 +55,20 @@ func init() {
 
 func InitCache() {
 	m := make(IconMap)
-	err := serialization.LoadFileIfExist(common.IconListCachePath, &m, json.Unmarshal)
+	err := serialization.LoadFileIfExist(common.IconListCachePath, &m, sonic.Unmarshal)
 	if err != nil {
 		// backward compatible
 		oldFormat := struct {
 			Icons      IconMap
 			LastUpdate time.Time
 		}{}
-		err = serialization.LoadFileIfExist(common.IconListCachePath, &oldFormat, json.Unmarshal)
+		err = serialization.LoadFileIfExist(common.IconListCachePath, &oldFormat, sonic.Unmarshal)
 		if err != nil {
 			log.Error().Err(err).Msg("failed to load icons")
 		} else {
 			m = oldFormat.Icons
 			// store it to disk immediately
-			_ = serialization.SaveFile(common.IconListCachePath, &m, 0o644, json.Marshal)
+			_ = serialization.SaveFile(common.IconListCachePath, &m, 0o644, sonic.Marshal)
 		}
 	} else if len(m) > 0 {
 		log.Info().
@@ -84,7 +84,7 @@ func InitCache() {
 
 	task.OnProgramExit("save_icons_cache", func() {
 		icons := iconsCache.Load()
-		_ = serialization.SaveFile(common.IconListCachePath, &icons, 0o644, json.Marshal)
+		_ = serialization.SaveFile(common.IconListCachePath, &icons, 0o644, sonic.Marshal)
 	})
 
 	go backgroundUpdateIcons()
@@ -105,7 +105,7 @@ func backgroundUpdateIcons() {
 				// swap old cache with new cache
 				iconsCache.Store(newCache)
 				// save it to disk
-				err := serialization.SaveFile(common.IconListCachePath, &newCache, 0o644, json.Marshal)
+				err := serialization.SaveFile(common.IconListCachePath, &newCache, 0o644, sonic.Marshal)
 				if err != nil {
 					log.Warn().Err(err).Msg("failed to save icons")
 				}
@@ -270,7 +270,7 @@ func UpdateWalkxCodeIcons(m IconMap) error {
 	}
 
 	data := make(map[string][]string)
-	err = json.Unmarshal(body, &data)
+	err = sonic.Unmarshal(body, &data)
 	release(body)
 	if err != nil {
 		return err
@@ -349,7 +349,7 @@ func UpdateSelfhstIcons(m IconMap) error {
 	}
 
 	data := make([]SelfhStIcon, 0)
-	err = json.Unmarshal(body, &data) //nolint:musttag
+	err = sonic.Unmarshal(body, &data) //nolint:musttag
 	release(body)
 	if err != nil {
 		return err

internal/homepage/integrations/qbittorrent/client.go

@@ -2,11 +2,11 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"io"
 	"net/http"
 	"net/url"
 
+	"github.com/bytedance/sonic"
 	"github.com/yusing/godoxy/internal/homepage/widgets"
 	gperr "github.com/yusing/goutils/errs"
 )
@@ -59,7 +59,7 @@ func jsonRequest[T any](ctx context.Context, client *Client, endpoint string, qu
 	}
 	defer resp.Body.Close()
 
-	err = json.NewDecoder(resp.Body).Decode(&result)
+	err = sonic.ConfigDefault.NewDecoder(resp.Body).Decode(&result)
 	if err != nil {
 		return result, err
 	}

internal/homepage/integrations/qbittorrent/logs.go

@@ -2,10 +2,11 @@ package qbittorrent
 
 import (
 	"context"
-	"encoding/json"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 const endpointLogs = "/api/v2/log/main"
@@ -44,7 +45,7 @@ func (l *LogEntry) Level() string {
 }
 
 func (l *LogEntry) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"id":        l.ID,
 		"timestamp": l.Timestamp,
 		"level":     l.Level(),

internal/idlewatcher/debug.go

@@ -1,10 +1,10 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"iter"
 	"strconv"
 
+	"github.com/bytedance/sonic"
 	strutils "github.com/yusing/goutils/strings"
 )
 
@@ -14,7 +14,7 @@ type watcherDebug struct {
 
 func (w watcherDebug) MarshalJSON() ([]byte, error) {
 	state := w.state.Load()
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"name": w.Name(),
 		"state": map[string]string{
 			"status": string(state.status),

internal/idlewatcher/events.go

@@ -1,10 +1,11 @@
 package idlewatcher
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 type WakeEvent struct {
@@ -39,7 +40,7 @@ func (w *Watcher) newWakeEvent(eventType WakeEventType, message string, err erro
 }
 
 func (e *WakeEvent) WriteSSE(w io.Writer) error {
-	data, err := json.Marshal(e)
+	data, err := sonic.Marshal(e)
 	if err != nil {
 		return err
 	}

internal/idlewatcher/provider/docker.go

@@ -3,7 +3,8 @@ package provider
 import (
 	"context"
 
-	"github.com/docker/docker/api/types/container"
+	"github.com/moby/moby/api/types/container"
+	"github.com/moby/moby/client"
 	"github.com/yusing/godoxy/internal/docker"
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	"github.com/yusing/godoxy/internal/types"
@@ -17,7 +18,7 @@ type DockerProvider struct {
 	containerID string
 }
 
-var startOptions = container.StartOptions{}
+var startOptions = client.ContainerStartOptions{}
 
 func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string) (idlewatcher.Provider, error) {
 	client, err := docker.NewClient(dockerCfg)
@@ -32,34 +33,41 @@ func NewDockerProvider(dockerCfg types.DockerProviderConfig, containerID string)
 }
 
 func (p *DockerProvider) ContainerPause(ctx context.Context) error {
-	return p.client.ContainerPause(ctx, p.containerID)
+	_, err := p.client.ContainerPause(ctx, p.containerID, client.ContainerPauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerUnpause(ctx context.Context) error {
-	return p.client.ContainerUnpause(ctx, p.containerID)
+	_, err := p.client.ContainerUnpause(ctx, p.containerID, client.ContainerUnpauseOptions{})
+	return err
 }
 
 func (p *DockerProvider) ContainerStart(ctx context.Context) error {
-	return p.client.ContainerStart(ctx, p.containerID, startOptions)
+	_, err := p.client.ContainerStart(ctx, p.containerID, startOptions)
+	return err
 }
 
 func (p *DockerProvider) ContainerStop(ctx context.Context, signal types.ContainerSignal, timeout int) error {
-	return p.client.ContainerStop(ctx, p.containerID, container.StopOptions{
+	_, err := p.client.ContainerStop(ctx, p.containerID, client.ContainerStopOptions{
 		Signal:  string(signal),
 		Timeout: &timeout,
 	})
+	return err
 }
 
 func (p *DockerProvider) ContainerKill(ctx context.Context, signal types.ContainerSignal) error {
-	return p.client.ContainerKill(ctx, p.containerID, string(signal))
+	_, err := p.client.ContainerKill(ctx, p.containerID, client.ContainerKillOptions{
+		Signal: string(signal),
+	})
+	return err
 }
 
 func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.ContainerStatus, error) {
-	status, err := p.client.ContainerInspect(ctx, p.containerID)
+	status, err := p.client.ContainerInspect(ctx, p.containerID, client.ContainerInspectOptions{})
 	if err != nil {
 		return idlewatcher.ContainerStatusError, err
 	}
-	switch status.State.Status {
+	switch status.Container.State.Status {
 	case container.StateRunning:
 		return idlewatcher.ContainerStatusRunning, nil
 	case container.StateExited, container.StateDead, container.StateRestarting:
@@ -67,12 +75,12 @@ func (p *DockerProvider) ContainerStatus(ctx context.Context) (idlewatcher.Conta
 	case container.StatePaused:
 		return idlewatcher.ContainerStatusPaused, nil
 	}
-	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(status.State.Status)
+	return idlewatcher.ContainerStatusError, idlewatcher.ErrUnexpectedContainerStatus.Subject(string(status.Container.State.Status))
 }
 
 func (p *DockerProvider) Watch(ctx context.Context) (eventCh <-chan watcher.Event, errCh <-chan gperr.Error) {
 	return p.watcher.EventsWithOptions(ctx, watcher.DockerListOptions{
-		Filters: watcher.NewDockerFilter(
+		Filters: watcher.NewDockerFilters(
 			watcher.DockerFilterContainer,
 			watcher.DockerFilterContainerNameID(p.containerID),
 			watcher.DockerFilterStart,

internal/idlewatcher/watcher.go

@@ -14,11 +14,11 @@ import (
 	"github.com/yusing/ds/ordered"
 	config "github.com/yusing/godoxy/internal/config/types"
 	"github.com/yusing/godoxy/internal/docker"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/health/monitor"
 	"github.com/yusing/godoxy/internal/idlewatcher/provider"
 	idlewatcher "github.com/yusing/godoxy/internal/idlewatcher/types"
 	nettypes "github.com/yusing/godoxy/internal/net/types"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/types"
 	"github.com/yusing/godoxy/internal/watcher/events"
 	gperr "github.com/yusing/goutils/errs"
@@ -173,7 +173,7 @@ func NewWatcher(parent task.Parent, r types.Route, cfg *types.IdlewatcherConfig)
 		}
 
 		if !ok {
-			depRoute, ok = routes.GetIncludeExcluded(dep)
+			depRoute, ok = entrypoint.FromCtx(parent.Context()).GetRoute(dep)
 			if !ok {
 				depErrors.Addf("dependency %q not found", dep)
 				continue

internal/jsonstore/README.md

@@ -261,7 +261,7 @@ func loadNS[T store](ns namespace) T {
     }
     defer file.Close()
 
-    if err := json.NewDecoder(file).Decode(&store); err != nil {
+    if err := sonic.ConfigDefault.NewDecoder(file).Decode(&store); err != nil {
         log.Err(err).Msg("failed to decode store")
     }
 
@@ -316,7 +316,7 @@ type MapStore[VT any] struct {
 
 ```go
 func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
-    return json.Marshal(xsync.ToPlainMap(s.Map))
+    return sonic.Marshal(xsync.ToPlainMap(s.Map))
 }
 ```
 
@@ -325,7 +325,7 @@ func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
 ```go
 func (s *MapStore[VT]) UnmarshalJSON(data []byte) error {
     tmp := make(map[string]VT)
-    if err := json.Unmarshal(data, &tmp); err != nil {
+    if err := sonic.Unmarshal(data, &tmp); err != nil {
         return err
     }
     s.Map = xsync.NewMap[string, VT](xsync.WithPresize(len(tmp)))
@@ -349,7 +349,7 @@ The jsonstore package integrates with:
 Errors are logged but don't prevent store usage:
 
 ```go
-if err := json.Unmarshal(data, &tmp); err != nil {
+if err := sonic.Unmarshal(data, &tmp); err != nil {
     log.Err(err).
         Str("path", path).
         Msg("failed to load store")

internal/jsonstore/jsonstore.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"reflect"
 
+	"github.com/bytedance/sonic"
 	"github.com/puzpuzpuz/xsync/v4"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
@@ -65,7 +66,7 @@ func loadNS[T store](ns namespace) T {
 		}
 	} else {
 		defer file.Close()
-		if err := json.NewDecoder(file).Decode(&store); err != nil {
+		if err := sonic.ConfigDefault.NewDecoder(file).Decode(&store); err != nil {
 			log.Err(err).
 				Str("path", path).
 				Msg("failed to load store")
@@ -83,7 +84,7 @@ func save() error {
 	errs := gperr.NewBuilder("failed to save data stores")
 	for ns, store := range stores {
 		path := filepath.Join(storesPath, string(ns)+".json")
-		if err := serialization.SaveFile(path, &store, 0o644, json.Marshal); err != nil {
+		if err := serialization.SaveFile(path, &store, 0o644, sonic.Marshal); err != nil {
 			errs.Add(err)
 		}
 	}
@@ -113,12 +114,12 @@ func (s *MapStore[VT]) Initialize() {
 }
 
 func (s MapStore[VT]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(xsync.ToPlainMap(s.Map))
+	return sonic.Marshal(xsync.ToPlainMap(s.Map))
 }
 
 func (s *MapStore[VT]) UnmarshalJSON(data []byte) error {
 	tmp := make(map[string]VT)
-	if err := json.Unmarshal(data, &tmp); err != nil {
+	if err := sonic.Unmarshal(data, &tmp); err != nil {
 		return err
 	}
 	s.Map = xsync.NewMap[string, VT](xsync.WithPresize(len(tmp)))
@@ -134,10 +135,10 @@ func (obj *ObjectStore[Ptr]) Initialize() {
 }
 
 func (obj ObjectStore[Ptr]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(obj.ptr)
+	return sonic.Marshal(obj.ptr)
 }
 
 func (obj *ObjectStore[Ptr]) UnmarshalJSON(data []byte) error {
 	obj.Initialize()
-	return json.Unmarshal(data, obj.ptr)
+	return sonic.Unmarshal(data, obj.ptr)
 }

internal/metrics/period/entries.go

@@ -3,6 +3,8 @@ package period
 import (
 	"encoding/json"
 	"time"
+
+	"github.com/bytedance/sonic"
 )
 
 type Entries[T any] struct {
@@ -73,7 +75,7 @@ type entriesJSON[T any] struct {
 }
 
 func (e *Entries[T]) MarshalJSON() ([]byte, error) {
-	return json.Marshal(entriesJSON[T]{
+	return sonic.Marshal(entriesJSON[T]{
 		Entries:  e.Get(),
 		Interval: e.interval,
 	})

internal/metrics/period/poller.go

@@ -10,6 +10,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/synk"
@@ -97,7 +98,7 @@ func (p *Poller[T, AggregateT]) save() error {
 	}
 	defer f.Close()
 
-	err = json.NewEncoder(f).Encode(p.period)
+	err = sonic.ConfigDefault.NewEncoder(f).Encode(p.period)
 	if err != nil {
 		return err
 	}
@@ -152,8 +153,8 @@ func (p *Poller[T, AggregateT]) pollWithTimeout(ctx context.Context) {
 	p.lastResult.Store(data)
 }
 
-func (p *Poller[T, AggregateT]) Start() {
-	t := task.RootTask("poller."+p.name, true)
+func (p *Poller[T, AggregateT]) Start(parent task.Parent) {
+	t := parent.Subtask("poller."+p.name, true)
 	l := log.With().Str("name", p.name).Logger()
 	err := p.load()
 	if err != nil {

internal/metrics/systeminfo/system_info_test.go

@@ -6,6 +6,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/bytedance/sonic"
 	"github.com/shirou/gopsutil/v4/disk"
 	"github.com/shirou/gopsutil/v4/mem"
 	"github.com/shirou/gopsutil/v4/net"
@@ -81,12 +82,12 @@ var (
 
 func TestSystemInfo(t *testing.T) {
 	// Test marshaling
-	data, err := json.Marshal(testInfo)
+	data, err := sonic.Marshal(testInfo)
 	expect.NoError(t, err)
 
 	// Test unmarshaling back
 	var decoded SystemInfo
-	err = json.Unmarshal(data, &decoded)
+	err = sonic.Unmarshal(data, &decoded)
 	expect.NoError(t, err)
 
 	// Compare original and decoded
@@ -126,7 +127,7 @@ func TestSerialize(t *testing.T) {
 	for _, query := range allQueries {
 		t.Run(string(query), func(t *testing.T) {
 			_, result := aggregate(entries, url.Values{"aggregate": []string{string(query)}})
-			s, err := json.Marshal(result)
+			s, err := sonic.Marshal(result)
 			expect.NoError(t, err)
 			var v []map[string]any
 			expect.NoError(t, json.Unmarshal(s, &v))

internal/metrics/uptime/uptime.go

@@ -2,22 +2,23 @@ package uptime
 
 import (
 	"context"
-	"encoding/json"
 	"net/url"
 	"slices"
 	"time"
 
+	"github.com/bytedance/sonic"
 	"github.com/lithammer/fuzzysearch/fuzzy"
+	config "github.com/yusing/godoxy/internal/config/types"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	"github.com/yusing/godoxy/internal/metrics/period"
 	metricsutils "github.com/yusing/godoxy/internal/metrics/utils"
-	"github.com/yusing/godoxy/internal/route/routes"
 	"github.com/yusing/godoxy/internal/types"
 )
 
 type (
 	StatusByAlias struct {
-		Map       map[string]routes.HealthInfoWithoutDetail `json:"statuses"`
-		Timestamp int64                                     `json:"timestamp"`
+		Map       map[string]types.HealthInfoWithoutDetail `json:"statuses"`
+		Timestamp int64                                    `json:"timestamp"`
 	} // @name RouteStatusesByAlias
 	Status struct {
 		Status    types.HealthStatus `json:"status" swaggertype:"string" enums:"healthy,unhealthy,unknown,napping,starting"`
@@ -41,13 +42,13 @@ var Poller = period.NewPoller("uptime", getStatuses, aggregateStatuses)
 
 func getStatuses(ctx context.Context, _ StatusByAlias) (StatusByAlias, error) {
 	return StatusByAlias{
-		Map:       routes.GetHealthInfoWithoutDetail(),
+		Map:       entrypoint.FromCtx(ctx).GetHealthInfoWithoutDetail(),
 		Timestamp: time.Now().Unix(),
 	}, nil
 }
 
 func (s *Status) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"status":    s.Status.String(),
 		"latency":   s.Latency,
 		"timestamp": s.Timestamp,
@@ -127,11 +128,13 @@ func (rs RouteStatuses) aggregate(limit int, offset int) Aggregated {
 		up, down, idle, latency := rs.calculateInfo(statuses)
 
 		status := types.StatusUnknown
-		r, ok := routes.GetIncludeExcluded(alias)
-		if ok {
-			mon := r.HealthMonitor()
-			if mon != nil {
-				status = mon.Status()
+		if state := config.ActiveState.Load(); state != nil {
+			r, ok := entrypoint.FromCtx(state.Context()).GetRoute(alias)
+			if ok {
+				mon := r.HealthMonitor()
+				if mon != nil {
+					status = mon.Status()
+				}
 			}
 		}
 
@@ -149,5 +152,5 @@ func (rs RouteStatuses) aggregate(limit int, offset int) Aggregated {
 }
 
 func (result Aggregated) MarshalJSON() ([]byte, error) {
-	return json.Marshal([]RouteAggregate(result))
+	return sonic.Marshal([]RouteAggregate(result))
 }

internal/net/gphttp/middleware/bypass_test.go

@@ -10,12 +10,12 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/yusing/godoxy/internal/common"
 	"github.com/yusing/godoxy/internal/entrypoint"
 	. "github.com/yusing/godoxy/internal/net/gphttp/middleware"
 	"github.com/yusing/godoxy/internal/route"
 	routeTypes "github.com/yusing/godoxy/internal/route/types"
 	"github.com/yusing/goutils/http/reverseproxy"
-	"github.com/yusing/goutils/task"
 	expect "github.com/yusing/goutils/testing"
 )
 
@@ -231,14 +231,15 @@ func TestEntrypointBypassRoute(t *testing.T) {
 	expect.NoError(t, err)
 
 	expect.NoError(t, err)
-	entry := entrypoint.NewEntrypoint()
-	r := &route.Route{
+	entry := entrypoint.NewTestEntrypoint(t, nil)
+	_, err = route.NewStartedTestRoute(t, &route.Route{
 		Alias: "test-route",
 		Host:  host,
 		Port: routeTypes.Port{
 			Proxy: portInt,
 		},
-	}
+	})
+	expect.NoError(t, err)
 
 	err = entry.SetMiddlewares([]map[string]any{
 		{
@@ -254,13 +255,13 @@ func TestEntrypointBypassRoute(t *testing.T) {
 	})
 	expect.NoError(t, err)
 
-	err = r.Validate()
-	expect.NoError(t, err)
-	r.Start(task.RootTask("test", false))
-
 	recorder := httptest.NewRecorder()
 	req := httptest.NewRequest("GET", "http://test-route.example.com", nil)
-	entry.ServeHTTP(recorder, req)
+	server, ok := entry.GetServer(common.ProxyHTTPAddr)
+	if !ok {
+		t.Fatal("server not found")
+	}
+	server.ServeHTTP(recorder, req)
 	expect.Equal(t, recorder.Code, http.StatusOK, "should bypass http redirect")
 	expect.Equal(t, recorder.Body.String(), "test")
 	expect.Equal(t, recorder.Header().Get("Test-Header"), "test-value")

internal/net/gphttp/middleware/captcha/hcaptcha.go

@@ -3,7 +3,6 @@ package captcha
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"net"
 	"net/http"
@@ -12,6 +11,7 @@ import (
 
 	_ "embed"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -70,7 +70,7 @@ func (p *HcaptchaProvider) Verify(r *http.Request) error {
 		Success bool     `json:"success"`
 		Error   []string `json:"error-codes"`
 	}
-	if err := json.NewDecoder(resp.Body).Decode(&respData); err != nil {
+	if err := sonic.ConfigDefault.NewDecoder(resp.Body).Decode(&respData); err != nil {
 		return err
 	}
 

internal/net/gphttp/middleware/crowdsec.go

@@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/yusing/godoxy/internal/route/routes"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	httputils "github.com/yusing/goutils/http"
 	ioutils "github.com/yusing/goutils/io"
 )
@@ -66,7 +66,7 @@ func (m *crowdsecMiddleware) finalize() error {
 // before implements RequestModifier.
 func (m *crowdsecMiddleware) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
 	// Build CrowdSec URL
-	crowdsecURL, err := m.buildCrowdSecURL()
+	crowdsecURL, err := m.buildCrowdSecURL(r.Context())
 	if err != nil {
 		Crowdsec.LogError(r).Err(err).Msg("failed to build CrowdSec URL")
 		w.WriteHeader(http.StatusInternalServerError)
@@ -167,10 +167,10 @@ func (m *crowdsecMiddleware) before(w http.ResponseWriter, r *http.Request) (pro
 }
 
 // buildCrowdSecURL constructs the CrowdSec server URL based on route or IP configuration
-func (m *crowdsecMiddleware) buildCrowdSecURL() (string, error) {
+func (m *crowdsecMiddleware) buildCrowdSecURL(ctx context.Context) (string, error) {
 	// Try to get route first
 	if m.Route != "" {
-		if route, ok := routes.HTTP.Get(m.Route); ok {
+		if route, ok := entrypoint.FromCtx(ctx).GetRoute(m.Route); ok {
 			// Using route name
 			targetURL := *route.TargetURL()
 			targetURL.Path = m.Endpoint

internal/net/gphttp/middleware/forwardauth.go

@@ -8,7 +8,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/yusing/godoxy/internal/route/routes"
+	entrypoint "github.com/yusing/godoxy/internal/entrypoint/types"
 	httputils "github.com/yusing/goutils/http"
 	"github.com/yusing/goutils/http/httpheaders"
 )
@@ -46,7 +46,7 @@ func (m *forwardAuthMiddleware) setup() {
 
 // before implements RequestModifier.
 func (m *forwardAuthMiddleware) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
-	route, ok := routes.HTTP.Get(m.Route)
+	route, ok := entrypoint.FromCtx(r.Context()).HTTPRoutes().Get(m.Route)
 	if !ok {
 		ForwardAuth.LogWarn(r).Str("route", m.Route).Msg("forwardauth route not found")
 		w.WriteHeader(http.StatusInternalServerError)

internal/net/gphttp/middleware/middleware.go

@@ -1,12 +1,12 @@
 package middleware
 
 import (
-	"encoding/json"
 	"maps"
 	"net/http"
 	"reflect"
 	"sort"
 
+	"github.com/bytedance/sonic"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/serialization"
@@ -152,7 +152,7 @@ func (m *Middleware) MarshalJSON() ([]byte, error) {
 		commonOptions
 		any
 	}
-	return json.MarshalIndent(map[string]any{
+	return sonic.MarshalIndent(map[string]any{
 		"name": m.name,
 		"options": allOptions{
 			commonOptions: m.commonOptions,

internal/net/gphttp/middleware/test_utils.go

@@ -3,12 +3,12 @@ package middleware
 import (
 	"bytes"
 	_ "embed"
-	"encoding/json"
 	"io"
 	"maps"
 	"net/http"
 	"net/http/httptest"
 
+	"github.com/bytedance/sonic"
 	"github.com/yusing/godoxy/internal/common"
 	nettypes "github.com/yusing/godoxy/internal/net/types"
 	gperr "github.com/yusing/goutils/errs"
@@ -24,7 +24,7 @@ func init() {
 		return
 	}
 	tmp := map[string]string{}
-	err := json.Unmarshal(testHeadersRaw, &tmp)
+	err := sonic.Unmarshal(testHeadersRaw, &tmp)
 	if err != nil {
 		panic(err)
 	}

internal/net/types/url.go

@@ -1,8 +1,9 @@
 package nettypes
 
 import (
-	"encoding/json"
 	urlPkg "net/url"
+
+	"github.com/bytedance/sonic"
 )
 
 type URL struct {
@@ -46,7 +47,7 @@ func (u *URL) MarshalJSON() (text []byte, err error) {
 	if u == nil {
 		return []byte("null"), nil
 	}
-	return json.Marshal(u.URL.String())
+	return sonic.Marshal(u.URL.String())
 }
 
 func (u *URL) Equals(other *URL) bool {

internal/notif/body.go

@@ -2,9 +2,9 @@ package notif
 
 import (
 	"bytes"
-	"encoding/json"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -69,7 +69,7 @@ func (f FieldsBody) Format(format LogFormat) ([]byte, error) {
 		}
 		return msg.Bytes(), nil
 	case LogFormatRawJSON:
-		return json.Marshal(f)
+		return sonic.Marshal(f)
 	}
 	return f.Format(LogFormatMarkdown)
 }
@@ -87,7 +87,7 @@ func (l ListBody) Format(format LogFormat) ([]byte, error) {
 		}
 		return msg.Bytes(), nil
 	case LogFormatRawJSON:
-		return json.Marshal(l)
+		return sonic.Marshal(l)
 	}
 	return l.Format(LogFormatMarkdown)
 }
@@ -97,7 +97,7 @@ func (m MessageBody) Format(format LogFormat) ([]byte, error) {
 	case LogFormatPlain, LogFormatMarkdown:
 		return []byte(m), nil
 	case LogFormatRawJSON:
-		return json.Marshal(m)
+		return sonic.Marshal(m)
 	}
 	return []byte(m), nil
 }
@@ -105,7 +105,7 @@ func (m MessageBody) Format(format LogFormat) ([]byte, error) {
 func (m MessageBodyBytes) Format(format LogFormat) ([]byte, error) {
 	switch format {
 	case LogFormatRawJSON:
-		return json.Marshal(string(m))
+		return sonic.Marshal(string(m))
 	}
 	return m, nil
 }
@@ -113,7 +113,7 @@ func (m MessageBodyBytes) Format(format LogFormat) ([]byte, error) {
 func (e errorBody) Format(format LogFormat) ([]byte, error) {
 	switch format {
 	case LogFormatRawJSON:
-		return json.Marshal(e.Error)
+		return sonic.Marshal(e.Error)
 	case LogFormatPlain:
 		return gperr.Plain(e.Error), nil
 	case LogFormatMarkdown:

internal/notif/gotify.go

@@ -1,10 +1,10 @@
 package notif
 
 import (
-	"encoding/json"
 	"fmt"
 	"io"
 
+	"github.com/bytedance/sonic"
 	"github.com/gotify/server/v2/model"
 	"github.com/rs/zerolog"
 	gperr "github.com/yusing/goutils/errs"
@@ -65,7 +65,7 @@ func (client *GotifyClient) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 		}
 	}
 
-	data, err := json.Marshal(msg)
+	data, err := sonic.Marshal(msg)
 	if err != nil {
 		return nil, err
 	}
@@ -76,7 +76,7 @@ func (client *GotifyClient) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 // fmtError implements Provider.
 func (client *GotifyClient) fmtError(respBody io.Reader) error {
 	var errm model.Error
-	err := json.NewDecoder(respBody).Decode(&errm)
+	err := sonic.ConfigDefault.NewDecoder(respBody).Decode(&errm)
 	if err != nil {
 		return fmt.Errorf("failed to decode err response: %w", err)
 	}

internal/notif/webhook.go

@@ -2,11 +2,11 @@ package notif
 
 import (
 	_ "embed"
-	"encoding/json"
 	"io"
 	"net/http"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 )
 
@@ -99,7 +99,7 @@ func (webhook *Webhook) fmtError(respBody io.Reader) error {
 }
 
 func (webhook *Webhook) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
-	title, err := json.Marshal(logMsg.Title)
+	title, err := sonic.Marshal(logMsg.Title)
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +118,7 @@ func (webhook *Webhook) MarshalMessage(logMsg *LogMessage) ([]byte, error) {
 		return nil, err
 	}
 	if webhook.MIMEType == MimeTypeJSON {
-		message, err = json.Marshal(string(message))
+		message, err = sonic.Marshal(string(message))
 		if err != nil {
 			return nil, err
 		}
@@ -147,5 +147,5 @@ func validateJSONPayload(payload string) bool {
 		"$color", "",
 	)
 	payload = replacer.Replace(payload)
-	return json.Valid([]byte(payload))
+	return sonic.Valid([]byte(payload))
 }

internal/proxmox/client.go

@@ -2,7 +2,6 @@ package proxmox
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
@@ -13,6 +12,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/bytedance/sonic"
 	"github.com/luthermonson/go-proxmox"
 	"golang.org/x/sync/errgroup"
 )
@@ -201,7 +201,7 @@ func (c *Client) Name() string {
 }
 
 func (c *Client) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"version": c.Version,
 		"cluster": map[string]any{
 			"name":    c.Cluster.Name,

internal/proxmox/node.go

@@ -2,10 +2,10 @@ package proxmox
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"strings"
 
+	"github.com/bytedance/sonic"
 	gperr "github.com/yusing/goutils/errs"
 	"github.com/yusing/goutils/pool"
 )
@@ -82,7 +82,7 @@ func (n *Node) String() string {
 }
 
 func (n *Node) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return sonic.Marshal(map[string]any{
 		"name": n.name,
 		"id":   n.id,
 	})

internal/route/README.md

@@ -30,9 +30,11 @@ Internal package with stable core types. Route configuration schema is versioned
 type Route struct {
     Alias  string       // Unique route identifier
     Scheme Scheme       // http, https, h2c, tcp, udp, fileserver
-    Host   string       // Virtual host
+    Host   string       // Virtual host / target address
     Port   Port         // Listen and target ports
 
+    Bind   string       // Bind address for listening (IP address, optional)
+
     // File serving
     Root  string        // Document root
     SPA   bool          // Single-page app mode
@@ -196,6 +198,7 @@ type Route struct {
     Alias  string       `json:"alias"`
     Scheme Scheme       `json:"scheme"`
     Host   string       `json:"host,omitempty"`
+    Bind   string       `json:"bind,omitempty"`  // Listen bind address
     Port   Port         `json:"port"`
     Root   string       `json:"root,omitempty"`
     SPA    bool         `json:"spa,omitempty"`
@@ -218,23 +221,28 @@ labels:
 routes:
   myapp:
     scheme: http
-    root: /var/www/myapp
-    spa: true
+    host: myapp.local
+    bind: 192.168.1.100 # Optional: bind to specific address
+    port:
+      proxy: 80
+      target: 3000
 ```
 
+### Route with Custom Bind Address
+
 ## Dependency and Integration Map
 
-| Dependency                       | Purpose                          |
-| -------------------------------- | -------------------------------- |
-| `internal/route/routes`          | Route registry and lookup        |
-| `internal/route/rules`           | Request/response rule processing |
-| `internal/route/stream`          | TCP/UDP stream proxying          |
-| `internal/route/provider`        | Route discovery and loading      |
-| `internal/health/monitor`        | Health checking                  |
-| `internal/idlewatcher`           | Idle container management        |
-| `internal/logging/accesslog`     | Request logging                  |
-| `internal/homepage`              | Dashboard integration            |
-| `github.com/yusing/goutils/errs` | Error handling                   |
+| Dependency                         | Purpose                           |
+| ---------------------------------- | --------------------------------- |
+| `internal/route/routes/context.go` | Route context helpers (only file) |
+| `internal/route/rules`             | Request/response rule processing  |
+| `internal/route/stream`            | TCP/UDP stream proxying           |
+| `internal/route/provider`          | Route discovery and loading       |
+| `internal/health/monitor`          | Health checking                   |
+| `internal/idlewatcher`             | Idle container management         |
+| `internal/logging/accesslog`       | Request logging                   |
+| `internal/homepage`                | Dashboard integration             |
+| `github.com/yusing/goutils/errs`   | Error handling                    |
 
 ## Observability
 
@@ -305,6 +313,18 @@ route := &route.Route{
 }
 ```
 
+### Route with Custom Bind Address
+
+```go
+route := &route.Route{
+    Alias:  "myapp",
+    Scheme: route.SchemeHTTP,
+    Host:   "myapp.local",
+    Bind:   "192.168.1.100",  // Bind to specific interface
+    Port:   route.Port{Proxy: 80, Target: 3000, Listening: 8443},
+}
+```
+
 ### File Server Route
 
 ```go