rebrand changed startup message, built script and Dockerfile

.gitignore

@@ -7,6 +7,7 @@ config*/
 certs*/
 bin/
 error_pages/
+!examples/error_pages/
 
 logs/
 log/

.trunk/trunk.yaml

@@ -17,6 +17,9 @@ runtimes:
     - go@1.23.2
 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
 lint:
+  disabled:
+    - markdownlint
+    - yamllint
   enabled:
     - hadolint@2.12.0
     - actionlint@1.7.3
@@ -24,14 +27,12 @@ lint:
     - git-diff-check
     - gofmt@1.20.4
     - golangci-lint@1.61.0
-    - markdownlint@0.42.0
     - osv-scanner@1.9.0
     - oxipng@9.1.2
     - prettier@3.3.3
     - shellcheck@0.10.0
     - shfmt@3.6.0
     - trufflehog@3.82.7
-    - yamllint@1.35.1
 actions:
   disabled:
     - trunk-announce

Dockerfile

@@ -26,7 +26,7 @@ RUN --mount=type=cache,target="/go/pkg/mod" \
     --mount=type=bind,src=pkg,dst=/src/pkg \
     make build && \
     mkdir -p /app/error_pages /app/certs && \
-    mv bin/go-proxy /app/go-proxy
+    mv bin/godoxy /app/godoxy
 
 # Stage 2: Final image
 FROM scratch
@@ -43,11 +43,14 @@ COPY --from=builder /app /app
 # copy schema directory
 COPY schema/ /app/schema/
 
+# copy example config
+COPY config.example.yml /app/config/config.yml
+
 # copy certs
 COPY --from=builder /etc/ssl/certs /etc/ssl/certs
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
-ENV GOPROXY_DEBUG=0
+ENV GODOXY_DEBUG=0
 
 EXPOSE 80
 EXPOSE 8888
@@ -55,4 +58,4 @@ EXPOSE 443
 
 WORKDIR /app
 
-CMD ["/app/go-proxy"]
+CMD ["/app/godoxy"]

Makefile

@@ -13,7 +13,7 @@ build:
 	scripts/build.sh
 
 test:
-	GOPROXY_TEST=1 go test ./internal/...
+	GODOXY_TEST=1 go test ./internal/...
 
 up:
 	docker compose up -d
@@ -28,23 +28,21 @@ get:
 	go get -u ./cmd && go mod tidy
 
 debug:
-	make build
-	sudo GOPROXY_DEBUG=1 bin/go-proxy
+	GODOXY_DEBUG=1 make run
 
 debug-trace:
-	make build
-	sudo GOPROXY_DEBUG=1 GOPROXY_TRACE=1 bin/go-proxy
+	GODOXY_DEBUG=1 GODOXY_TRACE=1 run
 
 profile:
-	GODEBUG=gctrace=1 make build
-	sudo GOPROXY_DEBUG=1 bin/go-proxy
+	GODEBUG=gctrace=1 make debug
+
+run: build
+	sudo setcap CAP_NET_BIND_SERVICE=+eip bin/go-proxy
+	bin/go-proxy
 
 mtrace:
 	bin/go-proxy debug-ls-mtrace > mtrace.json
 
-run:
-	make build && sudo bin/go-proxy
-
 archive:
 	git archive HEAD -o ../go-proxy-$$(date +"%Y%m%d%H%M").zip
 

README.md

@@ -1,4 +1,4 @@
-# go-proxy
+# GoDoxy
 
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
 [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
@@ -19,10 +19,11 @@ _Join our [Discord](https://discord.gg/umReR62nRd) for help and discussions_
 
 <!-- TOC -->
 
-- [go-proxy](#go-proxy)
+- [GoDoxy](#godoxy)
   - [Table of content](#table-of-content)
   - [Key Features](#key-features)
   - [Getting Started](#getting-started)
+    - [Prerequisites](#prerequisites)
     - [Setup](#setup)
     - [Manual Setup](#manual-setup)
     - [Folder structrue](#folder-structrue)
@@ -53,9 +54,16 @@ _Join our [Discord](https://discord.gg/umReR62nRd) for help and discussions_
 
 ## Getting Started
 
+### Prerequisites
+
+Setup DNS Records point to machine which runs `GoDoxy`, e.g.
+
+-   A Record: `*.y.z` -> `10.0.10.1`
+-   AAAA Record: `*.y.z` -> `::ffff:a00:a01`
+
 ### Setup
 
-1.  Pull docker image 
+1.  Pull the latest docker images
     
     ```shell
     docker pull ghcr.io/yusing/go-proxy:latest
@@ -65,20 +73,24 @@ _Join our [Discord](https://discord.gg/umReR62nRd) for help and discussions_
 
     ```shell
     docker run --rm -v .:/setup ghcr.io/yusing/go-proxy /app/go-proxy setup
-    # Then set the JWT secret
-    sed -i "s|GOPROXY_API_JWT_SECRET=.*|GOPROXY_API_JWT_SECRET=$(openssl rand -base64 32)|g" .env
     ```
 
-3.  Setup DNS Records point to machine which runs `go-proxy`, e.g.
+3. _(Optional)_ setup WebUI login
 
-    -   A Record: `*.y.z` -> `10.0.10.1`
-    -   AAAA Record: `*.y.z` -> `::ffff:a00:a01`
+    - set random JWT secret
+        ```shell
+        sed -i "s|GOPROXY_API_JWT_SECRET=.*|GOPROXY_API_JWT_SECRET=$(openssl rand -base64 32)|g" .env`
+        ```
 
-4.  Setup `docker-socket-proxy` other docker nodes _(if any)_ (see [Multi docker nodes setup](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)) and then them inside `config.yml`
+    - change username and password for WebUI authentication
+        ```shell
+        sed -i "s|GOPROXY_API_USERNAME=.*|GOPROXY_API_USERNAME=admin|g" .env
+        sed -i "s|GOPROXY_API_PASSWORD=.*|GOPROXY_API_PASSWORD=some-strong-password|g" .env
+        ```
 
-5.  Run go-proxy `docker compose up -d` 
-    then list all routes to see if further configurations are needed:
-    `docker exec go-proxy /app/go-proxy ls-routes`
+4.  _(Optional)_ setup `docker-socket-proxy` other docker nodes (see [Multi docker nodes setup](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)) then add them inside `config.yml`
+
+5.  Start the container `docker compose up -d`
 
 6.  You may now do some extra configuration
     -   With text editor (e.g. Visual Studio Code)
@@ -101,12 +113,6 @@ _Join our [Discord](https://discord.gg/umReR62nRd) for help and discussions_
    
    `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.7/compose.example.yml -O compose.yml`
 
-4. Set the JWT secret
-   
-   `sed -i "s|GOPROXY_API_JWT_SECRET=.*|GOPROXY_API_JWT_SECRET=$(openssl rand -base64 32)|g" .env`
-
-5. Start the container `docker compose up -d`
-
 ### Folder structrue
 
 ```shell

cmd/main.go

@@ -48,11 +48,10 @@ func main() {
 		if err != nil {
 			log.Printf("failed to connect to api server: %s", err)
 			log.Printf("falling back to config file")
-			printJSON(config.RoutesByAlias())
 		} else {
 			printJSON(routes)
+			return
 		}
-		return
 	case common.CommandDebugListMTrace:
 		trace, err := query.ListMiddlewareTraces()
 		if err != nil {
@@ -63,7 +62,7 @@ func main() {
 	}
 
 	if args.Command == common.CommandStart {
-		logging.Info().Msgf("go-proxy version %s", pkg.GetVersion())
+		logging.Info().Msgf("GoDoxy version %s", pkg.GetVersion())
 		logging.Trace().Msg("trace enabled")
 		// logging.AddHook(notif.GetDispatcher())
 	} else {
@@ -95,6 +94,10 @@ func main() {
 	}
 
 	switch args.Command {
+	case common.CommandListRoutes:
+		cfg.StartProxyProviders()
+		printJSON(config.RoutesByAlias())
+		return
 	case common.CommandListConfigs:
 		printJSON(config.Value())
 		return
@@ -165,5 +168,5 @@ func printJSON(obj any) {
 		logging.Fatal().Err(err).Send()
 	}
 	rawLogger := log.New(os.Stdout, "", 0)
-	rawLogger.Printf("%s", j) // raw output for convenience using "jq"
+	rawLogger.Print(string(j)) // raw output for convenience using "jq"
 }

compose.example.yml

@@ -1,7 +1,8 @@
+---
 services:
     frontend:
         image: ghcr.io/yusing/go-proxy-frontend:latest
-        container_name: go-proxy-frontend
+        container_name: godoxy-frontend
         restart: unless-stopped
         network_mode: host
         env_file: .env
@@ -20,21 +21,22 @@ services:
                 - 172.16.0.0/12
     app:
         image: ghcr.io/yusing/go-proxy:latest
-        container_name: go-proxy
+        container_name: godoxy
         restart: always
         network_mode: host
         env_file: .env
         volumes:
             - /var/run/docker.sock:/var/run/docker.sock
             - ./config:/app/config
+            - ./error_pages:/app/error_pages
 
             # (Optional) choose one of below to enable https
             # 1. use existing certificate
-            # if your cert is not named `cert.crt` change `cert_path` in `config/config.yml`
-            # if your cert key is not named `priv.key` change `key_path` in `config/config.yml`
 
-            # - /path/to/certs:/app/certs
+            # - /path/to/certs/cert.crt:/app/certs/cert.crt
+            # - /path/to/certs/priv.key:/app/certs/priv.key
 
-            # 2. use autocert, certs will be stored in ./certs (or other path you specify)
+            # 2. use autocert, certs will be stored in ./certs
+            #    you can also use a docker volume to store it
 
             # - ./certs:/app/certs

config.example.yml

@@ -57,13 +57,19 @@ providers:
 #   - my.site
 #   - node1.my.app
 
+# homepage config
+#
+homepage:
+  # use default app categories detected from alias or docker image name
+  use_default_categories: true
+
 # Below are fixed options (non hot-reloadable)
 
 # timeout for shutdown (in seconds)
 #
-# timeout_shutdown: 5
+timeout_shutdown: 5
 
 # global setting redirect http requests to https (if https available, otherwise this will be ignored)
 # proxy.<alias>.middlewares.redirect_http will override this
 #
-# redirect_to_https: false
+redirect_to_https: false

examples/error_pages/404.css

@@ -0,0 +1,288 @@
+@import url("https://fonts.googleapis.com/css?family=Audiowide&display=swap");
+
+html,
+body {
+    margin: 0px;
+    overflow: hidden;
+}
+
+div {
+    position: absolute;
+    top: 0%;
+    left: 0%;
+    height: 100%;
+    width: 100%;
+    margin: 0px;
+    background: radial-gradient(circle, #240015 0%, #12000b 100%);
+    overflow: hidden;
+}
+
+.wrap {
+    position: absolute;
+    left: 50%;
+    top: 50%;
+    transform: translate(-50%, -50%);
+}
+
+h2 {
+    position: absolute;
+    top: 50%;
+    left: 50%;
+    margin-top: 150px;
+    font-size: 32px;
+    text-transform: uppercase;
+    transform: translate(-50%, -50%);
+    display: block;
+    color: #12000a;
+    font-weight: 300;
+    font-family: Audiowide;
+    text-shadow: 0px 0px 4px #12000a;
+    animation: fadeInText 3s ease-in 3.5s forwards,
+        flicker4 5s linear 7.5s infinite, hueRotate 6s ease-in-out 3s infinite;
+}
+
+#svgWrap_1,
+#svgWrap_2 {
+    position: absolute;
+    height: auto;
+    width: 600px;
+    max-width: 100%;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%);
+}
+
+#svgWrap_1,
+#svgWrap_2,
+div {
+    animation: hueRotate 6s ease-in-out 3s infinite;
+}
+
+#id1_1,
+#id2_1,
+#id3_1 {
+    stroke: #ff005d;
+    stroke-width: 3px;
+    fill: transparent;
+    filter: url(#glow);
+}
+
+#id1_2,
+#id2_2,
+#id3_2 {
+    stroke: #12000a;
+    stroke-width: 3px;
+    fill: transparent;
+    filter: url(#glow);
+}
+
+#id3_1 {
+    stroke-dasharray: 940px;
+    stroke-dashoffset: -940px;
+    animation: drawLine3 2.5s ease-in-out 0s forwards,
+        flicker3 4s linear 4s infinite;
+}
+
+#id2_1 {
+    stroke-dasharray: 735px;
+    stroke-dashoffset: -735px;
+    animation: drawLine2 2.5s ease-in-out 0.5s forwards,
+        flicker2 4s linear 4.5s infinite;
+}
+
+#id1_1 {
+    stroke-dasharray: 940px;
+    stroke-dashoffset: -940px;
+    animation: drawLine1 2.5s ease-in-out 1s forwards,
+        flicker1 4s linear 5s infinite;
+}
+
+@keyframes drawLine1 {
+    0% {
+        stroke-dashoffset: -940px;
+    }
+    100% {
+        stroke-dashoffset: 0px;
+    }
+}
+
+@keyframes drawLine2 {
+    0% {
+        stroke-dashoffset: -735px;
+    }
+    100% {
+        stroke-dashoffset: 0px;
+    }
+}
+
+@keyframes drawLine3 {
+    0% {
+        stroke-dashoffset: -940px;
+    }
+    100% {
+        stroke-dashoffset: 0px;
+    }
+}
+
+@keyframes flicker1 {
+    0% {
+        stroke: #ff005d;
+    }
+    1% {
+        stroke: transparent;
+    }
+    3% {
+        stroke: transparent;
+    }
+    4% {
+        stroke: #ff005d;
+    }
+    6% {
+        stroke: #ff005d;
+    }
+    7% {
+        stroke: transparent;
+    }
+    13% {
+        stroke: transparent;
+    }
+    14% {
+        stroke: #ff005d;
+    }
+    100% {
+        stroke: #ff005d;
+    }
+}
+
+@keyframes flicker2 {
+    0% {
+        stroke: #ff005d;
+    }
+    50% {
+        stroke: #ff005d;
+    }
+    51% {
+        stroke: transparent;
+    }
+    61% {
+        stroke: transparent;
+    }
+    62% {
+        stroke: #ff005d;
+    }
+    100% {
+        stroke: #ff005d;
+    }
+}
+
+@keyframes flicker3 {
+    0% {
+        stroke: #ff005d;
+    }
+    1% {
+        stroke: transparent;
+    }
+    10% {
+        stroke: transparent;
+    }
+    11% {
+        stroke: #ff005d;
+    }
+    40% {
+        stroke: #ff005d;
+    }
+    41% {
+        stroke: transparent;
+    }
+    45% {
+        stroke: transparent;
+    }
+    46% {
+        stroke: #ff005d;
+    }
+    100% {
+        stroke: #ff005d;
+    }
+}
+
+@keyframes flicker4 {
+    0% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    30% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    31% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    32% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    36% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    37% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    41% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    42% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    85% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    86% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    95% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    96% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+    100% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+}
+
+@keyframes fadeInText {
+    1% {
+        color: #12000a;
+        text-shadow: 0px 0px 4px #12000a;
+    }
+    70% {
+        color: #ff005d;
+        text-shadow: 0px 0px 14px #ff005d;
+    }
+    100% {
+        color: #ff005d;
+        text-shadow: 0px 0px 4px #ff005d;
+    }
+}
+
+@keyframes hueRotate {
+    0% {
+        filter: hue-rotate(0deg);
+    }
+    50% {
+        filter: hue-rotate(-120deg);
+    }
+    100% {
+        filter: hue-rotate(0deg);
+    }
+}

examples/error_pages/404.html

@@ -0,0 +1,51 @@
+{{/* Credit: https://codepen.io/code2rithik/pen/XWpVvYL */}}
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8" />
+  <title>Page Not Found</title>
+  <link rel="stylesheet" href="/$gperrorpage/404.css" type="text/css">
+  <!-- <script src="/$gperrorpage/404.js"> </script> -->
+</head>
+
+<body>
+  <script>0</script>
+  <div></div>
+  <svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250">
+    <g>
+      <path id="id3_2"
+        d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z" />
+      <path id="id2_2"
+        d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.74 16.99 3.87 6.33 6.87 13.19 8.99 20.6 2.13 7.41 3.19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.29-2.69 6-4.04 12.67-4.04 20.04v33.13c0 7.36 1.32 14.02 3.96 19.97 2.64 5.95 6.18 11.02 10.62 15.22 4.44 4.2 9.56 7.43 15.36 9.7 5.8 2.27 11.87 3.35 18.2 3.26h66.41c7.27 0 13.85-1.2 19.75-3.61s10.93-5.73 15.08-9.98 7.36-9.32 9.63-15.22c2.27-5.9 3.4-12.34 3.4-19.33v-33.15zm-16-26.91a17.89 17.89 0 0 1 2.83 6.73c.47 2.41.47 4.77 0 7.08-.47 2.31-1.39 4.48-2.76 6.51-1.37 2.03-3.14 3.75-5.31 5.17l-99.4 66.41c-1.61 1.23-3.26 2.08-4.96 2.55-1.7.47-3.45.71-5.24.71-3.02 0-5.9-.71-8.64-2.12-2.74-1.42-4.96-3.44-6.66-6.09a17.89 17.89 0 0 1-2.83-6.73c-.47-2.41-.5-4.77-.07-7.08.43-2.31 1.3-4.48 2.62-6.51 1.32-2.03 3.07-3.75 5.24-5.17l99.69-66.41a17.89 17.89 0 0 1 6.73-2.83c2.41-.47 4.77-.47 7.08 0 2.31.47 4.48 1.37 6.51 2.69 2.03 1.32 3.75 3.02 5.17 5.09z" />
+      <path id="id1_2"
+        d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z" />
+    </g>
+  </svg>
+  <svg id="svgWrap_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250">
+    <g>
+      <path id="id3_1"
+        d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z" />
+      <path id="id2_1"
+        d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.74 16.99 3.87 6.33 6.87 13.19 8.99 20.6 2.13 7.41 3.19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.29-2.69 6-4.04 12.67-4.04 20.04v33.13c0 7.36 1.32 14.02 3.96 19.97 2.64 5.95 6.18 11.02 10.62 15.22 4.44 4.2 9.56 7.43 15.36 9.7 5.8 2.27 11.87 3.35 18.2 3.26h66.41c7.27 0 13.85-1.2 19.75-3.61s10.93-5.73 15.08-9.98 7.36-9.32 9.63-15.22c2.27-5.9 3.4-12.34 3.4-19.33v-33.15zm-16-26.91a17.89 17.89 0 0 1 2.83 6.73c.47 2.41.47 4.77 0 7.08-.47 2.31-1.39 4.48-2.76 6.51-1.37 2.03-3.14 3.75-5.31 5.17l-99.4 66.41c-1.61 1.23-3.26 2.08-4.96 2.55-1.7.47-3.45.71-5.24.71-3.02 0-5.9-.71-8.64-2.12-2.74-1.42-4.96-3.44-6.66-6.09a17.89 17.89 0 0 1-2.83-6.73c-.47-2.41-.5-4.77-.07-7.08.43-2.31 1.3-4.48 2.62-6.51 1.32-2.03 3.07-3.75 5.24-5.17l99.69-66.41a17.89 17.89 0 0 1 6.73-2.83c2.41-.47 4.77-.47 7.08 0 2.31.47 4.48 1.37 6.51 2.69 2.03 1.32 3.75 3.02 5.17 5.09z" />
+      <path id="id1_1"
+        d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z" />
+    </g>
+  </svg>
+
+  <svg>
+    <defs>
+      <filter id="glow">
+        <fegaussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur>
+        <femerge>
+          <femergenode in="coloredBlur"></femergenode>
+          <femergenode in="SourceGraphic"></femergenode>
+        </femerge>
+      </filter>
+    </defs>
+  </svg>
+
+  <h2>Page Not Found</h2>
+</body>
+
+</html>

examples/microbin.yml

@@ -1,16 +0,0 @@
-services:
-  app:
-    container_name: microbin
-    cpu_shares: 10
-    deploy:
-      resources:
-        limits:
-          memory: 256M
-    env_file: .env
-    image: danielszabo99/microbin:latest
-    ports:
-      - 8080
-    restart: unless-stopped
-    volumes:
-      - ./data:/app/microbin_data
-# microbin.domain.tld

examples/siyuan.yml

@@ -1,16 +0,0 @@
-services:
-  main:
-    image: b3log/siyuan:v3.1.0
-    container_name: siyuan
-    command:
-      - --workspace=/siyuan/workspace/
-      - --accessAuthCode=<some password>
-    user: 1000:1000
-    volumes:
-      - ./workspace:/siyuan/workspace
-    restart: unless-stopped
-    environment:
-      - TZ=Asia/Hong_Kong
-    ports:
-      - 6806
-# siyuan.domain.tld

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema v1.2.4
 	golang.org/x/net v0.30.0
 	golang.org/x/text v0.19.0
+	golang.org/x/time v0.7.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -57,7 +58,6 @@ require (
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gotest.tools/v3 v3.5.1 // indirect

internal/api/handler.go

@@ -9,6 +9,8 @@ import (
 	"github.com/yusing/go-proxy/internal/api/v1/auth"
 	. "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
+	"github.com/yusing/go-proxy/internal/logging"
+	"github.com/yusing/go-proxy/internal/net/http/middleware"
 )
 
 type ServeMux struct{ *http.ServeMux }
@@ -18,7 +20,7 @@ func NewServeMux() ServeMux {
 }
 
 func (mux ServeMux) HandleFunc(method, endpoint string, handler http.HandlerFunc) {
-	mux.ServeMux.HandleFunc(fmt.Sprintf("%s %s", method, endpoint), checkHost(handler))
+	mux.ServeMux.HandleFunc(fmt.Sprintf("%s %s", method, endpoint), checkHost(rateLimited(handler)))
 }
 
 func NewHandler() http.Handler {
@@ -56,3 +58,16 @@ func checkHost(f http.HandlerFunc) http.HandlerFunc {
 		f(w, r)
 	}
 }
+
+func rateLimited(f http.HandlerFunc) http.HandlerFunc {
+	m, err := middleware.RateLimiter.WithOptionsClone(middleware.OptionsRaw{
+		"average": 10,
+		"burst":   10,
+	})
+	if err != nil {
+		logging.Fatal().Err(err).Msg("unable to create API rate limiter")
+	}
+	return func(w http.ResponseWriter, r *http.Request) {
+		m.ModifyRequest(f, w, r)
+	}
+}

internal/api/v1/auth/auth.go

@@ -90,7 +90,7 @@ func LogoutHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
-	if common.IsDebugSkipAuth {
+	if common.IsDebugSkipAuth || common.APIJWTSecret == nil {
 		return next
 	}
 

internal/common/crypto.go

@@ -23,6 +23,9 @@ func generateJWTKey(size int) string {
 }
 
 func decodeJWTKey(key string) []byte {
+	if key == "" {
+		return nil
+	}
 	bytes, err := base64.StdEncoding.DecodeString(key)
 	if err != nil {
 		log.Panic().Err(err).Msg("failed to decode jwt key")

internal/common/env.go

@@ -12,55 +12,73 @@ import (
 )
 
 var (
-	NoSchemaValidation = GetEnvBool("GOPROXY_NO_SCHEMA_VALIDATION", true)
-	IsTest             = GetEnvBool("GOPROXY_TEST", false) || strings.HasSuffix(os.Args[0], ".test")
-	IsDebug            = GetEnvBool("GOPROXY_DEBUG", IsTest)
-	IsDebugSkipAuth    = GetEnvBool("GOPROXY_DEBUG_SKIP_AUTH", false)
-	IsTrace            = GetEnvBool("GOPROXY_TRACE", false) && IsDebug
+	prefixes = []string{"GODOXY_", "GOPROXY_", ""}
+
+	NoSchemaValidation = GetEnvBool("NO_SCHEMA_VALIDATION", true)
+	IsTest             = GetEnvBool("TEST", false) || strings.HasSuffix(os.Args[0], ".test")
+	IsDebug            = GetEnvBool("DEBUG", IsTest)
+	IsDebugSkipAuth    = GetEnvBool("DEBUG_SKIP_AUTH", false)
+	IsTrace            = GetEnvBool("TRACE", false) && IsDebug
 
 	ProxyHTTPAddr,
 	ProxyHTTPHost,
 	ProxyHTTPPort,
-	ProxyHTTPURL = GetAddrEnv("GOPROXY_HTTP_ADDR", ":80", "http")
+	ProxyHTTPURL = GetAddrEnv("HTTP_ADDR", ":80", "http")
 
 	ProxyHTTPSAddr,
 	ProxyHTTPSHost,
 	ProxyHTTPSPort,
-	ProxyHTTPSURL = GetAddrEnv("GOPROXY_HTTPS_ADDR", ":443", "https")
+	ProxyHTTPSURL = GetAddrEnv("HTTPS_ADDR", ":443", "https")
 
 	APIHTTPAddr,
 	APIHTTPHost,
 	APIHTTPPort,
-	APIHTTPURL = GetAddrEnv("GOPROXY_API_ADDR", "127.0.0.1:8888", "http")
+	APIHTTPURL = GetAddrEnv("API_ADDR", "127.0.0.1:8888", "http")
 
-	APIJWTSecret    = decodeJWTKey(GetEnv("GOPROXY_API_JWT_SECRET", generateJWTKey(32)))
-	APIJWTTokenTTL  = GetDurationEnv("GOPROXY_API_JWT_TOKEN_TTL", time.Hour)
-	APIUser         = GetEnv("GOPROXY_API_USER", "admin")
-	APIPasswordHash = HashPassword(GetEnv("GOPROXY_API_PASSWORD", "password"))
+	APIJWTSecret    = decodeJWTKey(GetEnvString("API_JWT_SECRET", ""))
+	APIJWTTokenTTL  = GetDurationEnv("API_JWT_TOKEN_TTL", time.Hour)
+	APIUser         = GetEnvString("API_USER", "admin")
+	APIPasswordHash = HashPassword(GetEnvString("API_PASSWORD", "password"))
 )
 
-func GetEnvBool(key string, defaultValue bool) bool {
-	value, ok := os.LookupEnv(key)
+func init() {
+	if APIJWTSecret == nil && GetArgs().Command == CommandStart {
+		log.Warn().Msg("API JWT secret is empty, authentication is disabled")
+	}
+}
+
+func GetEnv[T any](key string, defaultValue T, parser func(string) (T, error)) T {
+	var value string
+	var ok bool
+	for _, prefix := range prefixes {
+		value, ok = os.LookupEnv(prefix + key)
+		if ok && value != "" {
+			break
+		}
+	}
 	if !ok || value == "" {
 		return defaultValue
 	}
-	b, err := strconv.ParseBool(value)
-	if err != nil {
-		log.Fatal().Msgf("env %s: invalid boolean value: %s", key, value)
+	parsed, err := parser(value)
+	if err == nil {
+		return parsed
 	}
-	return b
+	log.Fatal().Err(err).Msgf("env %s: invalid %T value: %s", key, parsed, value)
+	return defaultValue
 }
 
-func GetEnv(key, defaultValue string) string {
-	value, ok := os.LookupEnv(key)
-	if !ok || value == "" {
-		value = defaultValue
-	}
-	return value
+func GetEnvString(key string, defaultValue string) string {
+	return GetEnv(key, defaultValue, func(s string) (string, error) {
+		return s, nil
+	})
+}
+
+func GetEnvBool(key string, defaultValue bool) bool {
+	return GetEnv(key, defaultValue, strconv.ParseBool)
 }
 
 func GetAddrEnv(key, defaultValue, scheme string) (addr, host, port, fullURL string) {
-	addr = GetEnv(key, defaultValue)
+	addr = GetEnvString(key, defaultValue)
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
 		log.Fatal().Msgf("env %s: invalid address: %s", key, addr)
@@ -73,13 +91,5 @@ func GetAddrEnv(key, defaultValue, scheme string) (addr, host, port, fullURL str
 }
 
 func GetDurationEnv(key string, defaultValue time.Duration) time.Duration {
-	value, ok := os.LookupEnv(key)
-	if !ok || value == "" {
-		return defaultValue
-	}
-	d, err := time.ParseDuration(value)
-	if err != nil {
-		log.Fatal().Msgf("env %s: invalid duration value: %s", key, value)
-	}
-	return d
+	return GetEnv(key, defaultValue, time.ParseDuration)
 }

internal/config/query.go

@@ -69,6 +69,20 @@ func HomepageConfig() homepage.Config {
 			)
 		}
 
+		if instance.value.Homepage.UseDefaultCategories {
+			if en.Container != nil && item.Category == "" {
+				if category, ok := homepage.PredefinedCategories[en.Container.ImageName]; ok {
+					item.Category = category
+				}
+			}
+
+			if item.Category == "" {
+				if category, ok := homepage.PredefinedCategories[strings.ToLower(alias)]; ok {
+					item.Category = category
+				}
+			}
+		}
+
 		switch {
 		case entry.IsDocker(r):
 			if item.Category == "" {
@@ -89,7 +103,7 @@ func HomepageConfig() homepage.Config {
 
 		if item.URL == "" {
 			if len(domains) > 0 {
-				item.URL = fmt.Sprintf("%s://%s.%s:%s", proto, strings.ToLower(alias), domains[0], port)
+				item.URL = fmt.Sprintf("%s://%s%s:%s", proto, strings.ToLower(alias), domains[0], port)
 			}
 		}
 		item.AltURL = r.TargetURL().String()

internal/config/types/config.go

@@ -6,6 +6,7 @@ type (
 		AutoCert        AutoCertConfig `json:"autocert" yaml:",flow"`
 		ExplicitOnly    bool           `json:"explicit_only" yaml:"explicit_only"`
 		MatchDomains    []string       `json:"match_domains" yaml:"match_domains"`
+		Homepage        HomepageConfig `json:"homepage" yaml:"homepage"`
 		TimeoutShutdown int            `json:"timeout_shutdown" yaml:"timeout_shutdown"`
 		RedirectToHTTPS bool           `json:"redirect_to_https" yaml:"redirect_to_https"`
 	}
@@ -18,8 +19,10 @@ type (
 
 func DefaultConfig() *Config {
 	return &Config{
-		Providers:       Providers{},
 		TimeoutShutdown: 3,
+		Homepage: HomepageConfig{
+			UseDefaultCategories: true,
+		},
 		RedirectToHTTPS: false,
 	}
 }

internal/config/types/homepage_config.go

@@ -0,0 +1,5 @@
+package types
+
+type HomepageConfig struct {
+	UseDefaultCategories bool `json:"use_default_categories" yaml:"use_default_categories"`
+}

internal/docker/container.go

@@ -20,7 +20,7 @@ type (
 		ContainerID   string `json:"container_id" yaml:"-"`
 		ImageName     string `json:"image_name" yaml:"-"`
 
-		Labels map[string]string `json:"labels" yaml:"-"`
+		Labels map[string]string `json:"-" yaml:"-"`
 
 		PublicPortMapping  PortMapping `json:"public_ports" yaml:"-"`  // non-zero publicPort:types.Port
 		PrivatePortMapping PortMapping `json:"private_ports" yaml:"-"` // privatePort:types.Port

internal/homepage/categories.go

@@ -0,0 +1,64 @@
+package homepage
+
+// PredefinedCategories by alias or docker image name
+var PredefinedCategories = map[string]string{
+	"sonarr":       "Torrenting",
+	"radarr":       "Torrenting",
+	"bazarr":       "Torrenting",
+	"lidarr":       "Torrenting",
+	"readarr":      "Torrenting",
+	"prowlarr":     "Torrenting",
+	"watcharr":     "Torrenting",
+	"qbittorrent":  "Torrenting",
+	"qbit":         "Torrenting",
+	"qbt":          "Torrenting",
+	"transmission": "Torrenting",
+
+	"jellyfin":   "Media",
+	"jellyseerr": "Media",
+	"emby":       "Media",
+	"plex":       "Media",
+	"navidrome":  "Media",
+	"immich":     "Media",
+	"tautulli":   "Media",
+	"nextcloud":  "Media",
+	"invidious":  "Media",
+
+	"uptime":             "Monitoring",
+	"uptime-kuma":        "Monitoring",
+	"prometheus":         "Monitoring",
+	"grafana":            "Monitoring",
+	"netdata":            "Monitoring",
+	"changedetection.io": "Monitoring",
+	"changedetection":    "Monitoring",
+	"influxdb":           "Monitoring",
+	"influx":             "Monitoring",
+	"dozzle":             "Monitoring",
+
+	"adguardhome":  "Networking",
+	"adgh":         "Networking",
+	"adg":          "Networking",
+	"pihole":       "Networking",
+	"flaresolverr": "Networking",
+
+	"homebridge":     "Home Automation",
+	"home-assistant": "Home Automation",
+
+	"dockge":       "Container Management",
+	"portainer-ce": "Container Management",
+	"portainer-be": "Container Management",
+
+	"rss":        "RSS",
+	"rsshub":     "RSS",
+	"rss-bridge": "RSS",
+	"miniflux":   "RSS",
+	"freshrss":   "RSS",
+
+	"paperless":     "Documents",
+	"paperless-ngx": "Documents",
+	"s-pdf":         "Documents",
+
+	"minio":       "Storage",
+	"filebrowser": "Storage",
+	"rclone":      "Storage",
+}

internal/logging/logging.go

@@ -51,7 +51,7 @@ func init() {
 	).Level(level).With().Timestamp().Logger()
 }
 
-func DiscardLogger() { logger = zerolog.Nop() }
+func DiscardLogger() { zerolog.SetGlobalLevel(zerolog.Disabled) }
 
 func AddHook(h zerolog.Hook) { logger = logger.Hook(h) }
 

internal/net/http/middleware/cidr_whitelist.go

@@ -10,7 +10,7 @@ import (
 )
 
 type cidrWhitelist struct {
-	*cidrWhitelistOpts
+	cidrWhitelistOpts
 	m *Middleware
 }
 
@@ -22,18 +22,15 @@ type cidrWhitelistOpts struct {
 	cachedAddr F.Map[string, bool] // cache for trusted IPs
 }
 
-var CIDRWhiteList = &cidrWhitelist{
-	m: &Middleware{withOptions: NewCIDRWhitelist},
-}
-
-var cidrWhitelistDefaults = func() *cidrWhitelistOpts {
-	return &cidrWhitelistOpts{
+var (
+	CIDRWhiteList         = &Middleware{withOptions: NewCIDRWhitelist}
+	cidrWhitelistDefaults = cidrWhitelistOpts{
 		Allow:      []*types.CIDR{},
 		StatusCode: http.StatusForbidden,
 		Message:    "IP not allowed",
 		cachedAddr: F.NewMapOf[string, bool](),
 	}
-}
+)
 
 func NewCIDRWhitelist(opts OptionsRaw) (*Middleware, E.Error) {
 	wl := new(cidrWhitelist)
@@ -41,8 +38,8 @@ func NewCIDRWhitelist(opts OptionsRaw) (*Middleware, E.Error) {
 		impl:   wl,
 		before: wl.checkIP,
 	}
-	wl.cidrWhitelistOpts = cidrWhitelistDefaults()
-	err := Deserialize(opts, wl.cidrWhitelistOpts)
+	wl.cidrWhitelistOpts = cidrWhitelistDefaults
+	err := Deserialize(opts, &wl.cidrWhitelistOpts)
 	if err != nil {
 		return nil, err
 	}

internal/net/http/middleware/cidr_whitelist_test.go

@@ -27,8 +27,8 @@ func TestCIDRWhitelist(t *testing.T) {
 		for range 10 {
 			result, err := newMiddlewareTest(deny, nil)
 			ExpectNoError(t, err)
-			ExpectEqual(t, result.ResponseStatus, cidrWhitelistDefaults().StatusCode)
-			ExpectEqual(t, string(result.Data), cidrWhitelistDefaults().Message)
+			ExpectEqual(t, result.ResponseStatus, cidrWhitelistDefaults.StatusCode)
+			ExpectEqual(t, string(result.Data), cidrWhitelistDefaults.Message)
 		}
 	})
 

internal/net/http/middleware/cloudflare_real_ip.go

@@ -29,9 +29,7 @@ var (
 	cfCIDRsLogger     = logger.With().Str("name", "CloudflareRealIP").Logger()
 )
 
-var CloudflareRealIP = &realIP{
-	m: &Middleware{withOptions: NewCloudflareRealIP},
-}
+var CloudflareRealIP = &Middleware{withOptions: NewCloudflareRealIP}
 
 func NewCloudflareRealIP(_ OptionsRaw) (*Middleware, E.Error) {
 	cri := new(realIP)
@@ -46,7 +44,7 @@ func NewCloudflareRealIP(_ OptionsRaw) (*Middleware, E.Error) {
 			next(w, r)
 		},
 	}
-	cri.realIPOpts = &realIPOpts{
+	cri.realIPOpts = realIPOpts{
 		Header:    "CF-Connecting-IP",
 		Recursive: true,
 	}

internal/net/http/middleware/errors.go

@@ -0,0 +1,5 @@
+package middleware
+
+import E "github.com/yusing/go-proxy/internal/error"
+
+var ErrZeroValue = E.New("cannot be zero")

internal/net/http/middleware/forward_auth.go

@@ -19,7 +19,7 @@ import (
 
 type (
 	forwardAuth struct {
-		*forwardAuthOpts
+		forwardAuthOpts
 		m      *Middleware
 		client http.Client
 	}
@@ -33,14 +33,11 @@ type (
 	}
 )
 
-var ForwardAuth = &forwardAuth{
-	m: &Middleware{withOptions: NewForwardAuthfunc},
-}
+var ForwardAuth = &Middleware{withOptions: NewForwardAuthfunc}
 
 func NewForwardAuthfunc(optsRaw OptionsRaw) (*Middleware, E.Error) {
 	fa := new(forwardAuth)
-	fa.forwardAuthOpts = new(forwardAuthOpts)
-	if err := Deserialize(optsRaw, fa.forwardAuthOpts); err != nil {
+	if err := Deserialize(optsRaw, &fa.forwardAuthOpts); err != nil {
 		return nil, err
 	}
 	if _, err := url.Parse(fa.Address); err != nil {

internal/net/http/middleware/middleware.go

@@ -28,7 +28,6 @@ type (
 	CloneWithOptFunc   func(opts OptionsRaw) (*Middleware, E.Error)
 
 	OptionsRaw = map[string]any
-	Options    any
 
 	Middleware struct {
 		_ U.NoCopy

internal/net/http/middleware/middlewares.go

@@ -35,20 +35,23 @@ func All() map[string]*Middleware {
 
 // initialize middleware names and label parsers.
 func init() {
+	// snakes and cases will be stripped on `Get`
+	// so keys are lowercase without snake.
 	allMiddlewares = map[string]*Middleware{
 		"setxforwarded":    SetXForwarded,
 		"hidexforwarded":   HideXForwarded,
 		"redirecthttp":     RedirectHTTP,
-		"modifyresponse":   ModifyResponse.m,
-		"modifyrequest":    ModifyRequest.m,
+		"modifyresponse":   ModifyResponse,
+		"modifyrequest":    ModifyRequest,
 		"errorpage":        CustomErrorPage,
 		"customerrorpage":  CustomErrorPage,
-		"realip":           RealIP.m,
-		"cloudflarerealip": CloudflareRealIP.m,
-		"cidrwhitelist":    CIDRWhiteList.m,
+		"realip":           RealIP,
+		"cloudflarerealip": CloudflareRealIP,
+		"cidrwhitelist":    CIDRWhiteList,
+		"ratelimit":        RateLimiter,
 
 		// !experimental
-		"forwardauth": ForwardAuth.m,
+		"forwardauth": ForwardAuth,
 		// "oauth2":      OAuth2.m,
 	}
 	names := make(map[*Middleware][]string)

internal/net/http/middleware/modify_request.go

@@ -7,7 +7,7 @@ import (
 
 type (
 	modifyRequest struct {
-		*modifyRequestOpts
+		modifyRequestOpts
 		m *Middleware
 	}
 	// order: set_headers -> add_headers -> hide_headers
@@ -18,9 +18,7 @@ type (
 	}
 )
 
-var ModifyRequest = &modifyRequest{
-	m: &Middleware{withOptions: NewModifyRequest},
-}
+var ModifyRequest = &Middleware{withOptions: NewModifyRequest}
 
 func NewModifyRequest(optsRaw OptionsRaw) (*Middleware, E.Error) {
 	mr := new(modifyRequest)
@@ -34,8 +32,7 @@ func NewModifyRequest(optsRaw OptionsRaw) (*Middleware, E.Error) {
 		impl:   mr,
 		before: Rewrite(mrFunc),
 	}
-	mr.modifyRequestOpts = new(modifyRequestOpts)
-	err := Deserialize(optsRaw, mr.modifyRequestOpts)
+	err := Deserialize(optsRaw, &mr.modifyRequestOpts)
 	if err != nil {
 		return nil, err
 	}

internal/net/http/middleware/modify_request_test.go

@@ -15,7 +15,7 @@ func TestSetModifyRequest(t *testing.T) {
 	}
 
 	t.Run("set_options", func(t *testing.T) {
-		mr, err := ModifyRequest.m.WithOptionsClone(opts)
+		mr, err := ModifyRequest.WithOptionsClone(opts)
 		ExpectNoError(t, err)
 		ExpectDeepEqual(t, mr.impl.(*modifyRequest).SetHeaders, opts["set_headers"].(map[string]string))
 		ExpectDeepEqual(t, mr.impl.(*modifyRequest).AddHeaders, opts["add_headers"].(map[string]string))
@@ -23,7 +23,7 @@ func TestSetModifyRequest(t *testing.T) {
 	})
 
 	t.Run("request_headers", func(t *testing.T) {
-		result, err := newMiddlewareTest(ModifyRequest.m, &testArgs{
+		result, err := newMiddlewareTest(ModifyRequest, &testArgs{
 			middlewareOpt: opts,
 		})
 		ExpectNoError(t, err)

internal/net/http/middleware/modify_response.go

@@ -9,16 +9,14 @@ import (
 
 type (
 	modifyResponse struct {
-		*modifyResponseOpts
+		modifyResponseOpts
 		m *Middleware
 	}
 	// order: set_headers -> add_headers -> hide_headers
 	modifyResponseOpts = modifyRequestOpts
 )
 
-var ModifyResponse = &modifyResponse{
-	m: &Middleware{withOptions: NewModifyResponse},
-}
+var ModifyResponse = &Middleware{withOptions: NewModifyResponse}
 
 func NewModifyResponse(optsRaw OptionsRaw) (*Middleware, E.Error) {
 	mr := new(modifyResponse)
@@ -28,8 +26,7 @@ func NewModifyResponse(optsRaw OptionsRaw) (*Middleware, E.Error) {
 	} else {
 		mr.m.modifyResponse = mr.modifyResponse
 	}
-	mr.modifyResponseOpts = new(modifyResponseOpts)
-	err := Deserialize(optsRaw, mr.modifyResponseOpts)
+	err := Deserialize(optsRaw, &mr.modifyResponseOpts)
 	if err != nil {
 		return nil, err
 	}

internal/net/http/middleware/modify_response_test.go

@@ -15,7 +15,7 @@ func TestSetModifyResponse(t *testing.T) {
 	}
 
 	t.Run("set_options", func(t *testing.T) {
-		mr, err := ModifyResponse.m.WithOptionsClone(opts)
+		mr, err := ModifyResponse.WithOptionsClone(opts)
 		ExpectNoError(t, err)
 		ExpectDeepEqual(t, mr.impl.(*modifyResponse).SetHeaders, opts["set_headers"].(map[string]string))
 		ExpectDeepEqual(t, mr.impl.(*modifyResponse).AddHeaders, opts["add_headers"].(map[string]string))
@@ -23,7 +23,7 @@ func TestSetModifyResponse(t *testing.T) {
 	})
 
 	t.Run("request_headers", func(t *testing.T) {
-		result, err := newMiddlewareTest(ModifyResponse.m, &testArgs{
+		result, err := newMiddlewareTest(ModifyResponse, &testArgs{
 			middlewareOpt: opts,
 		})
 		ExpectNoError(t, err)

internal/net/http/middleware/rate_limit.go

@@ -0,0 +1,87 @@
+package middleware
+
+import (
+	"net"
+	"net/http"
+	"sync"
+	"time"
+
+	E "github.com/yusing/go-proxy/internal/error"
+	"golang.org/x/time/rate"
+)
+
+type (
+	requestMap  = map[string]*rate.Limiter
+	rateLimiter struct {
+		requestMap requestMap
+		newLimiter func() *rate.Limiter
+		m          *Middleware
+
+		mu sync.Mutex
+	}
+
+	rateLimiterOpts struct {
+		Average int           `json:"average"`
+		Burst   int           `json:"burst"`
+		Period  time.Duration `json:"period"`
+	}
+)
+
+var (
+	RateLimiter            = &Middleware{withOptions: NewRateLimiter}
+	rateLimiterOptsDefault = rateLimiterOpts{
+		Period: time.Second,
+	}
+)
+
+func NewRateLimiter(optsRaw OptionsRaw) (*Middleware, E.Error) {
+	rl := new(rateLimiter)
+	opts := rateLimiterOptsDefault
+	err := Deserialize(optsRaw, &opts)
+	if err != nil {
+		return nil, err
+	}
+	switch {
+	case opts.Average == 0:
+		return nil, ErrZeroValue.Subject("average")
+	case opts.Burst == 0:
+		return nil, ErrZeroValue.Subject("burst")
+	case opts.Period == 0:
+		return nil, ErrZeroValue.Subject("period")
+	}
+	rl.requestMap = make(requestMap, 0)
+	rl.newLimiter = func() *rate.Limiter {
+		return rate.NewLimiter(rate.Limit(opts.Average)*rate.Every(opts.Period), opts.Burst)
+	}
+	rl.m = &Middleware{
+		impl:   rl,
+		before: rl.limit,
+	}
+	return rl.m, nil
+}
+
+func (rl *rateLimiter) limit(next http.HandlerFunc, w ResponseWriter, r *Request) {
+	rl.mu.Lock()
+
+	host, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		rl.m.Debug().Msgf("unable to parse remote address %s", r.RemoteAddr)
+		http.Error(w, "Internal error", http.StatusInternalServerError)
+		return
+	}
+
+	limiter, ok := rl.requestMap[host]
+	if !ok {
+		limiter = rl.newLimiter()
+		rl.requestMap[host] = limiter
+	}
+
+	rl.mu.Unlock()
+
+	if limiter.Allow() {
+		next(w, r)
+		return
+	}
+
+	http.Error(w, "rate limit exceeded", http.StatusTooManyRequests)
+}

internal/net/http/middleware/rate_limit_test.go

@@ -0,0 +1,27 @@
+package middleware
+
+import (
+	"net/http"
+	"testing"
+
+	. "github.com/yusing/go-proxy/internal/utils/testing"
+)
+
+func TestRateLimit(t *testing.T) {
+	opts := OptionsRaw{
+		"average": "10",
+		"burst":   "10",
+		"period":  "1s",
+	}
+
+	rl, err := NewRateLimiter(opts)
+	ExpectNoError(t, err)
+	for range 10 {
+		result, err := newMiddlewareTest(rl, nil)
+		ExpectNoError(t, err)
+		ExpectEqual(t, result.ResponseStatus, http.StatusOK)
+	}
+	result, err := newMiddlewareTest(rl, nil)
+	ExpectNoError(t, err)
+	ExpectEqual(t, result.ResponseStatus, http.StatusTooManyRequests)
+}

internal/net/http/middleware/rate_limiter.go

@@ -1,12 +0,0 @@
-package middleware
-
-type (
-	rateLimiter struct {
-		*rateLimiterOpts
-		m *Middleware
-	}
-
-	rateLimiterOpts struct {
-		Count int `json:"count"`
-	}
-)

internal/net/http/middleware/real_ip.go

@@ -10,7 +10,7 @@ import (
 // https://nginx.org/en/docs/http/ngx_http_realip_module.html
 
 type realIP struct {
-	*realIPOpts
+	realIPOpts
 	m *Middleware
 }
 
@@ -30,16 +30,13 @@ type realIPOpts struct {
 	Recursive bool `json:"recursive"`
 }
 
-var RealIP = &realIP{
-	m: &Middleware{withOptions: NewRealIP},
-}
-
-var realIPOptsDefault = func() *realIPOpts {
-	return &realIPOpts{
+var (
+	RealIP            = &Middleware{withOptions: NewRealIP}
+	realIPOptsDefault = realIPOpts{
 		Header: "X-Real-IP",
 		From:   []*types.CIDR{},
 	}
-}
+)
 
 func NewRealIP(opts OptionsRaw) (*Middleware, E.Error) {
 	riWithOpts := new(realIP)
@@ -47,11 +44,14 @@ func NewRealIP(opts OptionsRaw) (*Middleware, E.Error) {
 		impl:   riWithOpts,
 		before: Rewrite(riWithOpts.setRealIP),
 	}
-	riWithOpts.realIPOpts = realIPOptsDefault()
-	err := Deserialize(opts, riWithOpts.realIPOpts)
+	riWithOpts.realIPOpts = realIPOptsDefault
+	err := Deserialize(opts, &riWithOpts.realIPOpts)
 	if err != nil {
 		return nil, err
 	}
+	if len(riWithOpts.From) == 0 {
+		return nil, E.New("no allowed CIDRs").Subject("from")
+	}
 	return riWithOpts.m, nil
 }
 
@@ -70,9 +70,10 @@ func (ri *realIP) setRealIP(req *Request) {
 	if err != nil {
 		clientIPStr = req.RemoteAddr
 	}
-	clientIP := net.ParseIP(clientIPStr)
 
-	var isTrusted = false
+	clientIP := net.ParseIP(clientIPStr)
+	isTrusted := false
+
 	for _, CIDR := range ri.From {
 		if CIDR.Contains(clientIP) {
 			isTrusted = true

internal/route/provider/docker.go

@@ -31,7 +31,7 @@ var (
 
 func DockerProviderImpl(name, dockerHost string, explicitOnly bool) (ProviderImpl, error) {
 	if dockerHost == common.DockerHostFromEnv {
-		dockerHost = common.GetEnv("DOCKER_HOST", client.DefaultDockerHost)
+		dockerHost = common.GetEnvString("DOCKER_HOST", client.DefaultDockerHost)
 	}
 	return &DockerProvider{
 		name,

internal/setup.go

@@ -12,7 +12,7 @@ import (
 )
 
 var (
-	branch          = common.GetEnv("GOPROXY_BRANCH", "v0.7")
+	branch          = common.GetEnvString("BRANCH", "v0.7")
 	baseURL         = "https://github.com/yusing/go-proxy/raw/" + branch
 	requiredConfigs = []Config{
 		{common.ConfigBasePath, true, false, ""},

schema/config.schema.json

@@ -1,7 +1,7 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "type": "object",
-  "title": "go-proxy config file",
+  "title": "GoDoxy config file",
   "properties": {
     "autocert": {
       "title": "Autocert configuration",

schema/providers.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "go-proxy providers file",
+  "title": "GoDoxy standalone include file",
   "oneOf": [
     {
       "type": "object"

scripts/build.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
 
 mkdir -p bin
-echo building go-proxy version ${VERSION}, build flags \"${BUILD_FLAGS}\"
-go build -ldflags "${BUILD_FLAGS}" -pgo=auto -o bin/go-proxy ./cmd
+echo building GoDoxy version ${VERSION}, build flags \"${BUILD_FLAGS}\"
+go build -ldflags "${BUILD_FLAGS}" -pgo=auto -o bin/godoxy ./cmd