update default repo to main

.github/workflows/docker-image-nightly.yml

@@ -0,0 +1,22 @@
+name: Docker Image CI (nightly)
+
+on:
+  push:
+    branches:
+      - "*" # matches every branch that doesn't contain a '/'
+      - "*/*" # matches every branch containing a single '/'
+      - "**" # matches every branch
+      - "!main" # excludes main
+
+jobs:
+  build-nightly:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy
+      tag: nightly
+  build-nightly-agent:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy-agent
+      tag: nightly
+      agent: true

.github/workflows/docker-image-prod.yml

@@ -0,0 +1,20 @@
+name: Docker Image CI
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build-prod:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy
+      old_image_name: ${{ github.repository_owner }}/go-proxy
+      tag: latest
+  build-prod-agent:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy-agent
+      tag: latest
+      agent: true

.github/workflows/docker-image.yml

@@ -1,128 +1,163 @@
 name: Docker Image CI
 
 on:
-    push:
-        tags: ["*"]
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+      image_name:
+        required: true
+        type: string
+      old_image_name:
+        required: false
+        type: string
+      agent:
+        required: false
+        default: false
+        type: boolean
 
 env:
-    REGISTRY: ghcr.io
-    IMAGE_NAME: ${{ github.repository }}
+  REGISTRY: ghcr.io
+  MAKE_ARGS: agent=${{ inputs.agent && '1' || '0' }}
+  DIGEST_PATH: /tmp/digests/${{ inputs.agent && 'agent' || 'main' }}
+  DIGEST_NAME_SUFFIX: ${{ inputs.agent && 'agent' || 'main' }}
 
 jobs:
-    build:
-        name: Build multi-platform Docker image
-        runs-on: ubuntu-22.04
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: ubuntu-latest
+            platform: linux/amd64
+          - runner: ubuntu-24.04-arm
+            platform: linux/arm64
 
-        permissions:
-            contents: read
-            packages: write
-            id-token: write
-            attestations: write
+    name: Build ${{ matrix.platform }}
+    runs-on: ${{ matrix.runner }}
 
-        strategy:
-            fail-fast: false
-            matrix:
-                platform:
-                    - linux/amd64
-                    # - linux/arm/v6
-                    # - linux/arm/v7
-                    - linux/arm64
-        steps:
-            - name: Prepare
-              run: |
-                  platform=${{ matrix.platform }}
-                  echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
 
-            - name: Docker meta
-              id: meta
-              uses: docker/metadata-action@v5
-              with:
-                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
-            - name: Set up QEMU
-              uses: docker/setup-qemu-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          tags: |
+            type=raw,value=${{ inputs.tag }},event=branch
+            type=ref,event=tag
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: ${{ matrix.platform }}
 
-            - name: Login to registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ${{ env.REGISTRY }}
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-            - name: Build and push by digest
-              id: build
-              uses: docker/build-push-action@v6
-              with:
-                  platforms: ${{ matrix.platform }}
-                  labels: ${{ steps.meta.outputs.labels }}
-                  outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
-                  cache-from: type=gha
-                  cache-to: type=gha,mode=max
-                  build-args: |
-                      VERSION=${{ github.ref_name }}
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=${{ env.REGISTRY }}/${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            VERSION=${{ github.ref_name }}
+            MAKE_ARGS=${{ env.MAKE_ARGS }}
 
-            - name: Generate artifact attestation
-              uses: actions/attest-build-provenance@v1
-              with:
-                  subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-                  subject-digest: ${{ steps.build.outputs.digest }}
-                  push-to-registry: true
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
 
-            - name: Export digest
-              run: |
-                  mkdir -p /tmp/digests
-                  digest="${{ steps.build.outputs.digest }}"
-                  touch "/tmp/digests/${digest#sha256:}"
+      - name: Export digest
+        run: |
+          mkdir -p ${{ env.DIGEST_PATH }}
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ env.DIGEST_PATH }}/${digest#sha256:}"
 
-            - name: Upload digest
-              uses: actions/upload-artifact@v4
-              with:
-                  name: digests-${{ env.PLATFORM_PAIR }}
-                  path: /tmp/digests/*
-                  if-no-files-found: error
-                  retention-days: 1
-    merge:
-        runs-on: ubuntu-22.04
-        needs:
-            - build
-        permissions:
-            contents: read
-            packages: write
-            id-token: write
-        steps:
-            - name: Download digests
-              uses: actions/download-artifact@v4
-              with:
-                  path: /tmp/digests
-                  pattern: digests-*
-                  merge-multiple: true
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}-${{ env.DIGEST_NAME_SUFFIX }}
+          path: ${{ env.DIGEST_PATH }}/*
+          if-no-files-found: error
+          retention-days: 1
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+  merge:
+    needs: build
+    runs-on: ubuntu-latest
 
-            - name: Docker meta
-              id: meta
-              uses: docker/metadata-action@v5
-              with:
-                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
 
-            - name: Login to registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ${{ env.REGISTRY }}
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ env.DIGEST_PATH }}
+          pattern: digests-*-${{ env.DIGEST_NAME_SUFFIX }}
+          merge-multiple: true
 
-            - name: Create manifest list and push
-              id: push
-              working-directory: /tmp/digests
-              run: |
-                  docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-                    $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-            - name: Inspect image
-              run: |
-                  docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          tags: |
+            type=raw,value=${{ inputs.tag }},event=branch
+            type=ref,event=tag
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push
+        id: push
+        working-directory: ${{ env.DIGEST_PATH }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY }}/${{ inputs.image_name }}@sha256:%s ' *)
+
+      - name: Old image name
+        if: inputs.old_image_name != ''
+        run: |
+          docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ inputs.old_image_name }}:${{ steps.meta.outputs.version }}\
+            ${{ env.REGISTRY }}/${{ inputs.image_name }}:${{ steps.meta.outputs.version }}
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ inputs.image_name }}:${{ steps.meta.outputs.version }}
+
+      - name: Inspect image (old)
+        if: inputs.old_image_name != ''
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ inputs.old_image_name }}:${{ steps.meta.outputs.version }}

.trunk/trunk.yaml

@@ -2,7 +2,7 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.22.9
+  version: 1.22.10
 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
 plugins:
   sources:
@@ -23,16 +23,16 @@ lint:
   enabled:
     - hadolint@2.12.1-beta
     - actionlint@1.7.7
-    - checkov@3.2.360
+    - checkov@3.2.370
     - git-diff-check
     - gofmt@1.20.4
-    - golangci-lint@1.63.4
+    - golangci-lint@1.64.5
     - osv-scanner@1.9.2
-    - oxipng@9.1.3
-    - prettier@3.4.2
+    - oxipng@9.1.4
+    - prettier@3.5.1
     - shellcheck@0.10.0
     - shfmt@3.6.0
-    - trufflehog@3.88.4
+    - trufflehog@3.88.9
 actions:
   disabled:
     - trunk-announce

.vscode/settings.example.json

@@ -1,10 +1,10 @@
 {
   "yaml.schemas": {
-    "https://github.com/yusing/go-proxy/raw/v0.9/schemas/config.schema.json": [
+    "https://github.com/yusing/go-proxy/raw/main/schemas/config.schema.json": [
       "config.example.yml",
       "config.yml"
     ],
-    "https://github.com/yusing/go-proxy/raw/v0.9/schemas/routes.schema.json": [
+    "https://github.com/yusing/go-proxy/raw/main/schemas/routes.schema.json": [
       "providers.example.yml"
     ]
   }

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: Builder
-FROM golang:1.23.5-alpine AS builder
+FROM golang:1.23.6-alpine AS builder
 HEALTHCHECK NONE
 
 # package version does not matter

README.md

@@ -13,6 +13,8 @@ For full documentation, check out **[Wiki](https://github.com/yusing/go-proxy/wi
 
 **EN** | <a href="README_CHT.md">中文</a>
 
+**Currently working on [feat/godoxy-agent](https://github.com/yusing/go-proxy/tree/feat/godoxy-agent).<br/>Fork this instead of default branch.**
+
 <!-- [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
 [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy)
 [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=yusing_go-proxy&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=yusing_go-proxy) -->
@@ -66,23 +68,19 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 
 ## Setup
 
-1.  Pull the latest docker images
+**NOTE:** GoDoxy is designed to be (and only works when) running in `host` network mode, do not change it. To change listening ports, modify `.env`.
+
+1.  Prepare a new directory for docker compose and config files.
+
+2.  Run setup script inside the directory, or [set up manually](#manual-setup)
 
     ```shell
-    docker pull ghcr.io/yusing/go-proxy:latest
+    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/yusing/go-proxy/main/scripts/setup.sh)"
     ```
 
-2.  Create new directory, `cd` into it, then run setup, or [set up manually](#manual-setup)
+3.  Start the container `docker compose up -d` and wait for it to be ready
 
-    ```shell
-    docker run --rm -v .:/setup ghcr.io/yusing/go-proxy /app/godoxy setup
-    ```
-
-3.  _(Optional)_ setup `docker-socket-proxy` other docker nodes (see [Multi docker nodes setup](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)) then add them inside `config.yml`
-
-4.  Start the container `docker compose up -d`
-
-5.  You may now do some extra configuration on WebUI `https://godoxy.domain.com`
+4.  You may now do some extra configuration on WebUI `https://godoxy.yourdomain.com`
 
 [🔼Back to top](#table-of-content)
 
@@ -90,15 +88,15 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 
 1. Make `config` directory then grab `config.example.yml` into `config/config.yml`
 
-   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/config.example.yml -O config/config.yml`
+   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/main/config.example.yml -O config/config.yml`
 
 2. Grab `.env.example` into `.env`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/.env.example -O .env`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/.env.example -O .env`
 
 3. Grab `compose.example.yml` into `compose.yml`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/compose.example.yml -O compose.yml`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/compose.example.yml -O compose.yml`
 
 ### Folder structrue
 
@@ -114,6 +112,10 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 │   │   ├── middleware2.yml
 │   ├── provider1.yml
 │   └── provider2.yml
+├── data
+│   ├── metrics # metrics data
+│   │   ├── uptime.json
+│   │   └── system_info.json
 └── .env
 ```
 

README_CHT.md

@@ -66,23 +66,19 @@
 
 ## 安裝
 
-1.  拉取最新的 Docker 映像
+**注意：** GoDoxy 設計為（且僅在）`host` 網路模式下運作，請勿更改。如需更改監聽埠，請修改 `.env`。
+
+1.  準備一個新目錄用於 docker compose 和配置文件。
+
+2.  在目錄內運行安裝腳本，或[手動安裝](#手動安裝)
 
     ```shell
-    docker pull ghcr.io/yusing/go-proxy:latest
+    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/yusing/go-proxy/main/scripts/setup.sh)"
     ```
 
-2.  建立新目錄，`cd` 進入後運行安裝，或[手動安裝](#手動安裝)
+3.  啟動容器 `docker compose up -d` 並等待就緒
 
-    ```shell
-    docker run --rm -v .:/setup ghcr.io/yusing/go-proxy /app/godoxy setup
-    ```
-
-3.  _（可選）_ 設置其他 Docker 節點的 `docker-socket-proxy`（參見 [多 Docker 節點設置](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)），然後在 `config.yml` 中添加它們
-
-4.  啟動容器 `docker compose up -d`
-
-5.  大功告成!可前往WebUI `https://gp.domain.com` 進行額外的配置
+4.  現在可以在 WebUI `https://godoxy.yourdomain.com` 進行額外配置
 
 [🔼回到頂部](#目錄)
 
@@ -90,15 +86,15 @@
 
 1. 建立 `config` 目錄，然後將 `config.example.yml` 下載到 `config/config.yml`
 
-   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/config.example.yml -O config/config.yml`
+   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/main/config.example.yml -O config/config.yml`
 
 2. 將 `.env.example` 下載到 `.env`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/.env.example -O .env`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/.env.example -O .env`
 
 3. 將 `compose.example.yml` 下載到 `compose.yml`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/compose.example.yml -O compose.yml`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/compose.example.yml -O compose.yml`
 
 ### 資料夾結構
 
@@ -114,6 +110,10 @@
 │   │   ├── middleware2.yml
 │   ├── provider1.yml
 │   └── provider2.yml
+├── data
+│   ├── metrics # metrics data
+│   │   ├── uptime.json
+│   │   └── system_info.json
 └── .env
 ```
 

cmd/main.go

@@ -42,9 +42,6 @@ func main() {
 	args := common.GetArgs()
 
 	switch args.Command {
-	case common.CommandSetup:
-		internal.Setup()
-		return
 	case common.CommandReload:
 		if err := query.ReloadServer(); err != nil {
 			E.LogFatal("server reload error", err)

compose.example.yml

@@ -1,7 +1,7 @@
 ---
 services:
   frontend:
-    image: ghcr.io/yusing/go-proxy-frontend:latest
+    image: ghcr.io/yusing/godoxy-frontend:latest
     container_name: godoxy-frontend
     restart: unless-stopped
     network_mode: host
@@ -21,7 +21,7 @@ services:
       #     - 192.168.0.0/16
       #     - 172.16.0.0/12
   app:
-    image: ghcr.io/yusing/go-proxy:latest
+    image: ghcr.io/yusing/godoxy:latest
     container_name: godoxy
     restart: always
     network_mode: host

go.mod

@@ -1,30 +1,30 @@
 module github.com/yusing/go-proxy
 
-go 1.23.5
+go 1.23.6
 
 require (
-	github.com/PuerkitoBio/goquery v1.10.1
-	github.com/coder/websocket v1.8.12
-	github.com/coreos/go-oidc/v3 v3.12.0
-	github.com/docker/cli v27.5.1+incompatible
-	github.com/docker/docker v27.5.1+incompatible
-	github.com/fsnotify/fsnotify v1.8.0
-	github.com/go-acme/lego/v4 v4.21.0
-	github.com/go-playground/validator/v10 v10.24.0
-	github.com/gobwas/glob v0.2.3
-	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/gotify/server/v2 v2.6.1
-	github.com/lithammer/fuzzysearch v1.1.8
-	github.com/prometheus/client_golang v1.20.5
-	github.com/puzpuzpuz/xsync/v3 v3.5.0
-	github.com/rs/zerolog v1.33.0
-	github.com/vincent-petithory/dataurl v1.0.0
-	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.34.0
-	golang.org/x/oauth2 v0.25.0
-	golang.org/x/text v0.21.0
-	golang.org/x/time v0.9.0
-	gopkg.in/yaml.v3 v3.0.1
+	github.com/PuerkitoBio/goquery v1.10.2 // parsing HTML for extract fav icon
+	github.com/coder/websocket v1.8.12 // websocket for API and agent
+	github.com/coreos/go-oidc/v3 v3.12.0 // oidc authentication
+	github.com/docker/cli v27.5.1+incompatible // docker CLI
+	github.com/docker/docker v27.5.1+incompatible // docker daemon
+	github.com/fsnotify/fsnotify v1.8.0 // file watcher
+	github.com/go-acme/lego/v4 v4.22.2 // acme client
+	github.com/go-playground/validator/v10 v10.25.0 // validator
+	github.com/gobwas/glob v0.2.3 // glob matcher for route rules
+	github.com/golang-jwt/jwt/v5 v5.2.1 // jwt for default auth
+	github.com/gotify/server/v2 v2.6.1 // reference the Message struct for json response
+	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
+	github.com/prometheus/client_golang v1.20.5 // metrics
+	github.com/puzpuzpuz/xsync/v3 v3.5.1 // lock free map for concurrent operations
+	github.com/rs/zerolog v1.33.0 // logging
+	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
+	golang.org/x/crypto v0.33.0 // encrypting password with bcrypt
+	golang.org/x/net v0.35.0 // HTTP header utilities
+	golang.org/x/oauth2 v0.26.0 // oauth2 authentication
+	golang.org/x/text v0.22.0 // string utilities
+	golang.org/x/time v0.10.0 // time utilities
+	gopkg.in/yaml.v3 v3.0.1 // yaml parsing for different config files
 )
 
 require (
@@ -57,9 +57,10 @@ require (
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/nrdcg/porkbun v0.4.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/ovh/go-ovh v1.6.0 // indirect
+	github.com/ovh/go-ovh v1.7.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
@@ -72,11 +73,11 @@ require (
 	go.opentelemetry.io/otel/metric v1.34.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.30.0 // indirect
 	go.opentelemetry.io/otel/trace v1.34.0 // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
-	google.golang.org/protobuf v1.36.4 // indirect
+	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gotest.tools/v3 v3.5.1 // indirect
 )

go.sum

@@ -2,8 +2,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.10.1 h1:Y8JGYUkXWTGRB6Ars3+j3kN0xg1YqqlwvdTV8WTFQcU=
-github.com/PuerkitoBio/goquery v1.10.1/go.mod h1:IYiHrOMps66ag56LEH7QYDDupKXyo5A8qrjIx3ZtujY=
+github.com/PuerkitoBio/goquery v1.10.2 h1:7fh2BdHcG6VFZsK7toXBT/Bh1z5Wmy8Q9MV9HqT2AM8=
+github.com/PuerkitoBio/goquery v1.10.2/go.mod h1:0guWGjcLu9AYC7C1GHnpysHy056u9aEkUHwhdnePMCU=
 github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=
 github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -41,8 +41,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
-github.com/go-acme/lego/v4 v4.21.0 h1:arEW+8o5p7VI8Bk1kr/PDlgD1DrxtTH1gJ4b7mehL8o=
-github.com/go-acme/lego/v4 v4.21.0/go.mod h1:HrSWzm3Ckj45Ie3i+p1zKVobbQoMOaGu9m4up0dUeDI=
+github.com/go-acme/lego/v4 v4.22.2 h1:ck+HllWrV/rZGeYohsKQ5iKNnU/WAZxwOdiu6cxky+0=
+github.com/go-acme/lego/v4 v4.22.2/go.mod h1:E2FndyI3Ekv0usNJt46mFb9LVpV/XBYT+4E3tz02Tzo=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -56,8 +56,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
-github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8=
+github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
@@ -113,12 +113,14 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
+github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
-github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
+github.com/ovh/go-ovh v1.7.0 h1:V14nF7FwDjQrZt9g7jzcvAAQ3HN6DNShRFRMC3jLoPw=
+github.com/ovh/go-ovh v1.7.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -132,8 +134,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/puzpuzpuz/xsync/v3 v3.5.0 h1:i+cMcpEDY1BkNm7lPDkCtE4oElsYLn+EKF8kAu2vXT4=
-github.com/puzpuzpuz/xsync/v3 v3.5.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg=
+github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
@@ -176,8 +178,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -185,8 +187,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -199,10 +201,10 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
-golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
+golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -211,8 +213,9 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -229,8 +232,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -248,10 +251,11 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -260,8 +264,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
-golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -273,8 +277,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
 google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
 google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
-google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

internal/autocert/constants.go

@@ -5,6 +5,7 @@ import (
 	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
 	"github.com/go-acme/lego/v4/providers/dns/duckdns"
 	"github.com/go-acme/lego/v4/providers/dns/ovh"
+	"github.com/go-acme/lego/v4/providers/dns/porkbun"
 )
 
 const (
@@ -20,6 +21,7 @@ const (
 	ProviderClouddns   = "clouddns"
 	ProviderDuckdns    = "duckdns"
 	ProviderOVH        = "ovh"
+	ProviderPorkbun    = "porkbun"
 )
 
 var providersGenMap = map[string]ProviderGenerator{
@@ -28,4 +30,5 @@ var providersGenMap = map[string]ProviderGenerator{
 	ProviderClouddns:   providerGenerator(clouddns.NewDefaultConfig, clouddns.NewDNSProviderConfig),
 	ProviderDuckdns:    providerGenerator(duckdns.NewDefaultConfig, duckdns.NewDNSProviderConfig),
 	ProviderOVH:        providerGenerator(ovh.NewDefaultConfig, ovh.NewDNSProviderConfig),
+	ProviderPorkbun:    providerGenerator(porkbun.NewDefaultConfig, porkbun.NewDNSProviderConfig),
 }

internal/common/args.go

@@ -12,7 +12,6 @@ type Args struct {
 
 const (
 	CommandStart              = ""
-	CommandSetup              = "setup"
 	CommandValidate           = "validate"
 	CommandListConfigs        = "ls-config"
 	CommandListRoutes         = "ls-routes"
@@ -25,7 +24,6 @@ const (
 
 var ValidCommands = []string{
 	CommandStart,
-	CommandSetup,
 	CommandValidate,
 	CommandListConfigs,
 	CommandListRoutes,
@@ -36,6 +34,15 @@ var ValidCommands = []string{
 	CommandDebugListMTrace,
 }
 
+func validateArg(arg string) error {
+	for _, v := range ValidCommands {
+		if arg == v {
+			return nil
+		}
+	}
+	return fmt.Errorf("invalid command %q", arg)
+}
+
 func GetArgs() Args {
 	var args Args
 	flag.Parse()
@@ -45,12 +52,3 @@ func GetArgs() Args {
 	}
 	return args
 }
-
-func validateArg(arg string) error {
-	for _, v := range ValidCommands {
-		if arg == v {
-			return nil
-		}
-	}
-	return fmt.Errorf("invalid command %q", arg)
-}

internal/net/http/middleware/cloudflare_real_ip.go

@@ -30,6 +30,14 @@ const (
 var (
 	cfCIDRsLastUpdate time.Time
 	cfCIDRsMu         sync.Mutex
+
+	// RFC 1918.
+	localCIDRs = []*types.CIDR{
+		{IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 255)}, // 127.0.0.1/32
+		{IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 0, 0, 0)},        // 10.0.0.0/8
+		{IP: net.IPv4(172, 16, 0, 0), Mask: net.IPv4Mask(255, 240, 0, 0)},    // 172.16.0.0/12
+		{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0)},   // 192.168.0.0/16
+	}
 )
 
 var CloudflareRealIP = NewMiddleware[cloudflareRealIP]()
@@ -37,7 +45,7 @@ var CloudflareRealIP = NewMiddleware[cloudflareRealIP]()
 // setup implements MiddlewareWithSetup.
 func (cri *cloudflareRealIP) setup() {
 	cri.realIP.RealIPOpts = RealIPOpts{
-		Header:    "Cf-Connecting-Ip",
+		Header:    "CF-Connecting-IP",
 		Recursive: cri.Recursive,
 	}
 }
@@ -72,12 +80,7 @@ func tryFetchCFCIDR() (cfCIDRs []*types.CIDR) {
 	}
 
 	if common.IsTest {
-		cfCIDRs = []*types.CIDR{
-			{IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 0, 0, 0)},
-			{IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 0, 0, 0)},
-			{IP: net.IPv4(172, 16, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0)},
-			{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
-		}
+		cfCIDRs = localCIDRs
 	} else {
 		cfCIDRs = make([]*types.CIDR, 0, 30)
 		err := errors.Join(
@@ -122,6 +125,6 @@ func fetchUpdateCFIPRange(endpoint string, cfCIDRs *[]*types.CIDR) error {
 
 		*cfCIDRs = append(*cfCIDRs, (*types.CIDR)(cidr))
 	}
-
+	*cfCIDRs = append(*cfCIDRs, localCIDRs...)
 	return nil
 }

internal/route/provider/docker.go

@@ -102,8 +102,11 @@ func (p *DockerProvider) routesFromContainerLabels(container *docker.Container)
 
 	// init entries map for all aliases
 	for _, a := range container.Aliases {
-		routes[a] = &route.Route{}
-		routes[a].Metadata.Container = container
+		routes[a] = &route.Route{
+			Metadata: route.Metadata{
+				Container: container,
+			},
+		}
 	}
 
 	errs := E.NewBuilder("label errors")
@@ -157,8 +160,11 @@ func (p *DockerProvider) routesFromContainerLabels(container *docker.Container)
 		// init entry if not exist
 		r, ok := routes[alias]
 		if !ok {
-			r = &route.Route{}
-			r.Metadata.Container = container
+			r = &route.Route{
+				Metadata: route.Metadata{
+					Container: container,
+				},
+			}
 			routes[alias] = r
 		}
 

internal/route/provider/docker_test.go

@@ -29,6 +29,7 @@ func makeRoutes(cont *types.Container, dockerHostIP ...string) route.Routes {
 	} else {
 		host = client.DefaultDockerHost
 	}
+	cont.ID = "test"
 	p.name = "test"
 	routes := Must(p.routesFromContainerLabels(D.FromDocker(cont, host)))
 	for _, r := range routes {
@@ -55,37 +56,35 @@ func TestApplyLabel(t *testing.T) {
 		"GET /static",
 	}
 	middlewaresExpect := map[string]map[string]any{
-		"middleware1": {
-			"prop1": "value1",
-			"prop2": "value2",
-		},
-		"middleware2": {
-			"prop3": "value3",
-			"prop4": "value4",
+		"request": {
+			"set_headers": map[string]any{
+				"X-Header": "value1",
+			},
+			"add_headers": map[string]any{
+				"X-Header2": "value2",
+			},
 		},
 	}
 	entries := makeRoutes(&types.Container{
 		Names: dummyNames,
 		Labels: map[string]string{
-			D.LabelAliases:                          "a,b",
-			D.LabelIdleTimeout:                      "",
-			D.LabelStopMethod:                       common.StopMethodDefault,
-			D.LabelStopSignal:                       "SIGTERM",
-			D.LabelStopTimeout:                      common.StopTimeoutDefault,
-			D.LabelWakeTimeout:                      common.WakeTimeoutDefault,
-			"proxy.*.no_tls_verify":                 "true",
-			"proxy.*.scheme":                        "https",
-			"proxy.*.host":                          "app",
-			"proxy.*.port":                          "4567",
-			"proxy.a.path_patterns":                 pathPatterns,
-			"proxy.a.middlewares.middleware1.prop1": "value1",
-			"proxy.a.middlewares.middleware1.prop2": "value2",
-			"proxy.a.middlewares.middleware2.prop3": "value3",
-			"proxy.a.middlewares.middleware2.prop4": "value4",
-			"proxy.a.homepage.show":                 "true",
-			"proxy.a.homepage.icon":                 "png/adguard-home.png",
-			"proxy.a.healthcheck.path":              "/ping",
-			"proxy.a.healthcheck.interval":          "10s",
+			D.LabelAliases:          "a,b",
+			D.LabelIdleTimeout:      "",
+			D.LabelStopMethod:       common.StopMethodDefault,
+			D.LabelStopSignal:       "SIGTERM",
+			D.LabelStopTimeout:      common.StopTimeoutDefault,
+			D.LabelWakeTimeout:      common.WakeTimeoutDefault,
+			"proxy.*.no_tls_verify": "true",
+			"proxy.*.scheme":        "https",
+			"proxy.*.host":          "app",
+			"proxy.*.port":          "4567",
+			"proxy.a.path_patterns": pathPatterns,
+			"proxy.a.middlewares.request.set_headers.X-Header":  "value1",
+			"proxy.a.middlewares.request.add_headers.X-Header2": "value2",
+			"proxy.a.homepage.show":                             "true",
+			"proxy.a.homepage.icon":                             "png/adguard-home.png",
+			"proxy.a.healthcheck.path":                          "/ping",
+			"proxy.a.healthcheck.interval":                      "10s",
 		},
 	})
 
@@ -198,6 +197,7 @@ func TestApplyLabelWithRefIndexError(t *testing.T) {
 		Labels: map[string]string{
 			D.LabelAliases:    "a,b",
 			"proxy.#1.host":   "localhost",
+			"proxy.*.port":    "4444",
 			"proxy.#4.scheme": "https",
 		},
 	}, "")

internal/route/route.go

@@ -77,6 +77,9 @@ func (r *Route) Validate() (err E.Error) {
 	switch r.Scheme {
 	case types.SchemeFileServer:
 		r.impl, err = NewFileServer(r)
+		if err != nil {
+			errs.Add(err)
+		}
 	case types.SchemeHTTP, types.SchemeHTTPS:
 		if r.Port.Listening != 0 {
 			errs.Addf("unexpected listening port for %s scheme", r.Scheme)
@@ -86,9 +89,6 @@ func (r *Route) Validate() (err E.Error) {
 		r.LisURL = E.Collect(errs, net.ParseURL, fmt.Sprintf("%s://%s:%d", r.Scheme, r.Host, r.Port.Listening))
 		fallthrough
 	default:
-		if r.Port.Proxy == 0 && !r.IsDocker() {
-			errs.Adds("missing proxy port")
-		}
 		if r.LoadBalance != nil && r.LoadBalance.Link == "" {
 			r.LoadBalance = nil
 		}
@@ -233,6 +233,9 @@ func (r *Route) UseAccessLog() bool {
 }
 
 func (r *Route) Finalize() {
+	r.Alias = strings.ToLower(strings.TrimSpace(r.Alias))
+	r.Host = strings.ToLower(strings.TrimSpace(r.Host))
+
 	isDocker := r.Container != nil
 	cont := r.Container
 

internal/route/rules/errors.go

@@ -11,8 +11,8 @@ var (
 	ErrInvalidCommandSequence = E.New("invalid command sequence")
 	ErrInvalidSetTarget       = E.New("invalid `rule.set` target")
 
-	ErrExpectNoArg       = E.New("expect no arg")
-	ErrExpectOneArg      = E.New("expect 1 arg")
-	ErrExpectTwoArgs     = E.New("expect 2 args")
-	ErrExpectKVOptionalV = E.New("expect 'key' or 'key value'")
+	ErrExpectNoArg       = E.Wrap(ErrInvalidArguments, "expect no arg")
+	ErrExpectOneArg      = E.Wrap(ErrInvalidArguments, "expect 1 arg")
+	ErrExpectTwoArgs     = E.Wrap(ErrInvalidArguments, "expect 2 args")
+	ErrExpectKVOptionalV = E.Wrap(ErrInvalidArguments, "expect 'key' or 'key value'")
 )

internal/setup.go

@@ -1,127 +0,0 @@
-package internal
-
-import (
-	"io"
-	"log"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-
-	"github.com/yusing/go-proxy/internal/common"
-)
-
-var (
-	branch          = common.GetEnvString("BRANCH", "v0.9")
-	baseURL         = "https://github.com/yusing/go-proxy/raw/" + branch
-	requiredConfigs = []Config{
-		{common.ConfigBasePath, true, false, ""},
-		{common.DotEnvPath, false, true, common.DotEnvExamplePath},
-		{common.ComposeFileName, false, true, common.ComposeExampleFileName},
-		{path.Join(common.ConfigBasePath, common.ConfigFileName), false, true, common.ConfigExampleFileName},
-	}
-)
-
-type Config struct {
-	Pathname         string
-	IsDir            bool
-	NeedDownload     bool
-	DownloadFileName string
-}
-
-func Setup() {
-	log.Println("setting up go-proxy")
-	log.Println("branch:", branch)
-
-	if err := os.Chdir("/setup"); err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-
-	for _, config := range requiredConfigs {
-		config.setup()
-	}
-
-	log.Println("setup finished")
-}
-
-func (c *Config) setup() {
-	if c.IsDir {
-		mkdir(c.Pathname)
-		return
-	}
-	if !c.NeedDownload {
-		touch(c.Pathname)
-		return
-	}
-
-	fetch(c.DownloadFileName, c.Pathname)
-}
-
-func hasFileOrDir(path string) bool {
-	_, err := os.Stat(path)
-	return err == nil
-}
-
-func mkdir(pathname string) {
-	_, err := os.Stat(pathname)
-	if err != nil && os.IsNotExist(err) {
-		log.Printf("creating directory %q\n", pathname)
-		err := os.MkdirAll(pathname, 0o755)
-		if err != nil {
-			log.Fatalf("failed: %s\n", err)
-		}
-		return
-	}
-	if err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-}
-
-func touch(pathname string) {
-	if hasFileOrDir(pathname) {
-		return
-	}
-	log.Printf("creating file %q\n", pathname)
-	_, err := os.Create(pathname)
-	if err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-}
-
-func fetch(remoteFilename string, outFileName string) {
-	if hasFileOrDir(outFileName) {
-		if remoteFilename == outFileName {
-			log.Printf("%q already exists, not overwriting\n", outFileName)
-			return
-		}
-		log.Printf("%q already exists, downloading to %q\n", outFileName, remoteFilename)
-		outFileName = remoteFilename
-	}
-	log.Printf("downloading %q to %q\n", remoteFilename, outFileName)
-
-	url, err := url.JoinPath(baseURL, remoteFilename)
-	if err != nil {
-		log.Fatalf("unexpected error: %s\n", err)
-	}
-
-	resp, err := http.Get(url)
-	if err != nil {
-		log.Fatalf("http request failed: %s\n", err)
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		resp.Body.Close()
-		log.Fatalf("error reading response body: %s\n", err)
-	}
-
-	err = os.WriteFile(outFileName, body, 0o644)
-	if err != nil {
-		resp.Body.Close()
-		log.Fatalf("failed to write to file: %s\n", err)
-	}
-
-	log.Print("done")
-
-	resp.Body.Close()
-}

next-release.md

@@ -1,6 +1,84 @@
-GoDoxy v0.9.1 expected changes
+## GoDoxy v0.10.0
 
-- Support Ntfy notifications
-- Prometheus metrics server now inside API server under `/v1/metrics`
-  - `GODOXY_PROMETHEUS_ADDR` removed
-  - `GODOXY_PROMETHEUS_ENABLED` added, default `false`
+### GoDoxy Agent
+
+Maintain secure connection between main server and agent server by authenticating and encrypting connection with mTLS.
+
+Main benefits:
+
+- No more exposing docker socket: drops the need of `docker-socket-proxy`
+- No more exposing app ports: fewer attack surface
+  ```yaml
+  services:
+    app:
+      ...
+      # ports: # this part is not needed on agent server
+      #  - 6789
+  ```
+- Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted
+- Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI)
+
+#### How to setup
+
+Prerequisites:
+
+- GoDoxy main server must be running
+
+1. Create a directory for agent server, cd into it
+2. Copy `agent.compose.yml` into the directory
+3. Modify `agent.compose.yml` to set `REGISTRATION_ALLOWED_HOSTS`
+4. Run `docker-compose up -d` to start agent
+5. Follow instructions on screen to run command on GoDoxy main server
+6. Add config output to GoDoxy main server in `config.yml` under `providers.agents`
+   ```yaml
+   providers:
+     agents:
+       - 12.34.5.6:8889
+   ```
+
+### How does it work
+
+Setup flow:
+
+```mermaid
+flowchart TD
+    subgraph Agent Server
+        A[Create a directory] -->
+        B[Setup agent.compose.yml] -->
+        C[Set REGISTRATION_ALLOWED_HOSTS] -->
+        D[Run agent] -->
+        E[Wait for main server to register]
+
+        F[Respond to main server]
+        G[Agent now run in agent mode]
+    end
+    subgraph Main Server
+      E -->
+      H[Run register command] -->
+      I[Send registration request] --> F -->
+      J[Store client certs] -->
+      K[Send done request] --> G -->
+      L[Add agent to config.yml]
+    end
+```
+
+Run flow:
+
+```mermaid
+flowchart TD
+    subgraph Agent HTTPS Server
+        aa[Load CA and SSL certs] -->
+        ab[Start HTTPS server] -->
+
+        ac[Receive request] -->
+        ad[Verify client cert] -->
+        ae[Handle request] --> ac
+    end
+    subgraph Main Server
+        ma[Load client certs] -->
+        mb[Query agent version] --> ac
+        mb --> mc[Check if agent version matches] -->
+        md[Query agent info] --> ac
+        md --> ae --> me[Store agent info]
+    end
+```

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "godoxy-schemas",
-	"version": "0.9.2-2",
+	"version": "0.9.6",
 	"description": "JSON Schema and typescript types for GoDoxy configuration",
 	"license": "MIT",
 	"repository": {

schemas/config/autocert.d.ts

@@ -1,7 +1,7 @@
 import { DomainOrWildcard, Email } from "../types";
-export declare const AUTOCERT_PROVIDERS: readonly ["local", "cloudflare", "clouddns", "duckdns", "ovh"];
+export declare const AUTOCERT_PROVIDERS: readonly ["local", "cloudflare", "clouddns", "duckdns", "ovh", "porkbun"];
 export type AutocertProvider = (typeof AUTOCERT_PROVIDERS)[number];
-export type AutocertConfig = LocalOptions | CloudflareOptions | CloudDNSOptions | DuckDNSOptions | OVHOptionsWithAppKey | OVHOptionsWithOAuth2Config;
+export type AutocertConfig = LocalOptions | CloudflareOptions | CloudDNSOptions | DuckDNSOptions | OVHOptionsWithAppKey | OVHOptionsWithOAuth2Config | PorkbunOptions;
 export interface AutocertConfigBase {
     email: Email;
     domains: DomainOrWildcard[];
@@ -34,6 +34,13 @@ export interface DuckDNSOptions extends AutocertConfigBase {
         token: string;
     };
 }
+export interface PorkbunOptions extends AutocertConfigBase {
+    provider: "porkbun";
+    options: {
+        api_key: string;
+        secret_api_key: string;
+    };
+}
 export declare const OVH_ENDPOINTS: readonly ["ovh-eu", "ovh-ca", "ovh-us", "kimsufi-eu", "kimsufi-ca", "soyoustart-eu", "soyoustart-ca"];
 export type OVHEndpoint = (typeof OVH_ENDPOINTS)[number];
 export interface OVHOptionsWithAppKey extends AutocertConfigBase {

schemas/config/autocert.js

@@ -4,6 +4,7 @@ export const AUTOCERT_PROVIDERS = [
     "clouddns",
     "duckdns",
     "ovh",
+    "porkbun",
 ];
 export const OVH_ENDPOINTS = [
     "ovh-eu",

schemas/config/autocert.ts

@@ -6,6 +6,7 @@ export const AUTOCERT_PROVIDERS = [
   "clouddns",
   "duckdns",
   "ovh",
+  "porkbun",
 ] as const;
 
 export type AutocertProvider = (typeof AUTOCERT_PROVIDERS)[number];
@@ -16,7 +17,8 @@ export type AutocertConfig =
   | CloudDNSOptions
   | DuckDNSOptions
   | OVHOptionsWithAppKey
-  | OVHOptionsWithOAuth2Config;
+  | OVHOptionsWithOAuth2Config
+  | PorkbunOptions;
 
 export interface AutocertConfigBase {
   /* ACME email */
@@ -59,6 +61,13 @@ export interface DuckDNSOptions extends AutocertConfigBase {
   };
 }
 
+export interface PorkbunOptions extends AutocertConfigBase {
+  provider: "porkbun";
+  options: {
+    api_key: string;
+    secret_api_key: string;
+  };
+}
 export const OVH_ENDPOINTS = [
   "ovh-eu",
   "ovh-ca",

scripts/setup.sh

@@ -0,0 +1,219 @@
+#!/bin/bash
+
+set -e # Exit on error
+
+# Detect download tool
+if command -v curl >/dev/null 2>&1; then
+	DOWNLOAD_TOOL="curl"
+	DOWNLOAD_CMD="curl -fsSL -o"
+elif command -v wget >/dev/null 2>&1; then
+	DOWNLOAD_TOOL="wget"
+	DOWNLOAD_CMD="wget -qO"
+else
+	read -p "Neither curl nor wget is installed, install curl? (y/n): " INSTALL
+	if [ "$INSTALL" == "y" ]; then
+		install_pkg "curl"
+	else
+		echo "Error: Neither curl nor wget is installed. Please install one of them and try again."
+		exit 1
+	fi
+fi
+
+echo "Using ${DOWNLOAD_TOOL} for downloads"
+
+# get_default_branch() {
+#     local repo="$1"  # Format: owner/repo
+#     local branch
+
+#     if [ "$DOWNLOAD_TOOL" = "curl" ]; then
+#         branch=$(curl -sL "https://api.github.com/repos/${repo}" | grep -o '"default_branch": *"[^"]*"' | cut -d'"' -f4)
+#     elif [ "$DOWNLOAD_TOOL" = "wget" ]; then
+#         branch=$(wget -qO- "https://api.github.com/repos/${repo}" | grep -o '"default_branch": *"[^"]*"' | cut -d'"' -f4)
+#     fi
+
+#     if [ -z "$branch" ]; then
+#         echo "main"  # Fallback to 'main' if detection fails
+#     else
+#         echo "$branch"
+#     fi
+# }
+
+# Environment variables with defaults
+REPO="yusing/go-proxy"
+BRANCH=${BRANCH:-"main"}
+REPO_URL="https://github.com/$REPO"
+WIKI_URL="${REPO_URL}/wiki"
+BASE_URL="${REPO_URL}/raw/${BRANCH}"
+
+# Config paths
+CONFIG_BASE_PATH="config"
+DOT_ENV_PATH=".env"
+DOT_ENV_EXAMPLE_PATH=".env.example"
+COMPOSE_FILE_NAME="compose.yml"
+COMPOSE_EXAMPLE_FILE_NAME="compose.example.yml"
+CONFIG_FILE_NAME="config.yml"
+CONFIG_EXAMPLE_FILE_NAME="config.example.yml"
+
+echo "Setting up GoDoxy"
+echo "Branch: ${BRANCH}"
+
+install_pkg() {
+	# detect package manager
+	if command -v apt >/dev/null 2>&1; then
+		apt install -y "$1"
+	elif command -v yum >/dev/null 2>&1; then
+		yum install -y "$1"
+	elif command -v pacman >/dev/null 2>&1; then
+		pacman -S --noconfirm "$1"
+	else
+		echo "Error: No supported package manager found"
+		exit 1
+	fi
+}
+
+check_pkg() {
+	local cmd="$1"
+	local pkg="$2"
+	if ! command -v "$cmd" >/dev/null 2>&1; then
+		# check if user is root
+		if [ "$EUID" -ne 0 ]; then
+			echo "Error: $pkg is not installed and you are not running as root. Please install it and try again."
+			exit 1
+		fi
+		read -p "$pkg is not installed, install it? (y/n): " INSTALL
+		if [ "$INSTALL" == "y" ]; then
+			install_pkg "$pkg"
+		else
+			echo "Error: $pkg is not installed. Please install it and try again."
+			exit 1
+		fi
+	fi
+}
+
+# Function to check if file/directory exists
+has_file_or_dir() {
+	[ -e "$1" ]
+}
+
+# Function to create directory
+mkdir_if_not_exists() {
+	if [ ! -d "$1" ]; then
+		echo "Creating directory \"$1\""
+		mkdir -p "$1"
+	fi
+}
+
+# Function to create empty file
+touch_if_not_exists() {
+	if [ ! -f "$1" ]; then
+		echo "Creating file \"$1\""
+		touch "$1"
+	fi
+}
+
+# Function to download file
+fetch_file() {
+	local remote_file="$1"
+	local out_file="$2"
+
+	if has_file_or_dir "$out_file"; then
+		if [ "$remote_file" = "$out_file" ]; then
+			echo "\"$out_file\" already exists, not overwriting"
+			return
+		fi
+		read -p "Do you want to overwrite \"$out_file\"? (y/n): " OVERWRITE
+		if [ "$OVERWRITE" != "y" ]; then
+			echo "Skipping \"$remote_file\""
+			return
+		fi
+	fi
+
+	echo "Downloading \"$remote_file\" to \"$out_file\""
+	if ! $DOWNLOAD_CMD "$out_file" "${BASE_URL}/${remote_file}"; then
+		echo "Error: Failed to download ${remote_file}"
+		rm -f "$out_file" # Clean up partial download
+		exit 1
+	fi
+	echo "Done"
+}
+
+ask_while_empty() {
+	local prompt="$1"
+	local var_name="$2"
+	local value=""
+	while [ -z "$value" ]; do
+		read -p "$prompt" value
+		if [ -z "$value" ]; then
+			echo "Error: $var_name cannot be empty, please try again"
+		fi
+	done
+	eval "$var_name=\"$value\""
+}
+
+check_pkg "openssl" "openssl"
+check_pkg "docker" "docker-ce"
+
+# Setup required configurations
+# 1. Config base directory
+mkdir_if_not_exists "$CONFIG_BASE_PATH"
+
+# 2. .env file
+fetch_file "$DOT_ENV_EXAMPLE_PATH" "$DOT_ENV_PATH"
+# set random JWT secret
+JWT_SECRET=$(openssl rand -base64 32)
+sed -i "s/GODOXY_API_JWT_SECRET=.*/GODOXY_API_JWT_SECRET=${JWT_SECRET}/" "$DOT_ENV_PATH"
+
+# 3. docker-compose.yml
+fetch_file "$COMPOSE_EXAMPLE_FILE_NAME" "$COMPOSE_FILE_NAME"
+
+# 4. config.yml
+fetch_file "$CONFIG_EXAMPLE_FILE_NAME" "${CONFIG_BASE_PATH}/${CONFIG_FILE_NAME}"
+
+# 5. setup authentication
+
+# ask for user and password
+echo "Setting up login user"
+ask_while_empty "Enter login username: " LOGIN_USERNAME
+ask_while_empty "Enter login password: " LOGIN_PASSWORD
+echo "Setting up login user \"$LOGIN_USERNAME\" with password \"$LOGIN_PASSWORD\""
+sed -i "s/GODOXY_API_USERNAME=.*/GODOXY_API_USERNAME=${LOGIN_USERNAME}/" "$DOT_ENV_PATH"
+sed -i "s/GODOXY_API_PASSWORD=.*/GODOXY_API_PASSWORD=${LOGIN_PASSWORD}/" "$DOT_ENV_PATH"
+
+# 6. setup autocert
+
+# ask if want to enable autocert
+echo "Setting up autocert for SSL certificate"
+ask_while_empty "Do you want to enable autocert? (y/n): " ENABLE_AUTOCERT
+
+# quit if not using autocert
+if [ "$ENABLE_AUTOCERT" == "y" ]; then
+	# ask for domain
+	echo "Setting up autocert"
+	ask_while_empty "Enter domain (e.g. example.com): " DOMAIN
+
+	# ask for email
+	ask_while_empty "Enter email for Let's Encrypt: " EMAIL
+
+	# ask if using cloudflare
+	ask_while_empty "Are you using cloudflare? (y/n): " USE_CLOUDFLARE
+
+	# ask for cloudflare api key
+	if [ "$USE_CLOUDFLARE" = "y" ]; then
+		ask_while_empty "Enter cloudflare api key: " CLOUDFLARE_API_KEY
+		cat <<EOF >>"$CONFIG_BASE_PATH/$CONFIG_FILE_NAME"
+autocert:
+  provider: cloudflare
+  email: $EMAIL
+  domains:
+    - "*.${DOMAIN}"
+    - "${DOMAIN}"
+  options:
+    auth_token: "$CLOUDFLARE_API_KEY"
+EOF
+	else
+		echo "Not using cloudflare, skipping autocert setup"
+		echo "Please refer to ${WIKI_URL}/Supported-DNS-01-Providers for more information"
+	fi
+fi
+
+echo "Setup finished"