mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-05-28 19:28:38 +02:00
Page:
Add Routing Via Config File
Pages
Add Routing Via Config File
Custom Headers
FAQ Frequently Asked Questions
Getting Started
Home
Migrate Zoraxy to another Server
Move Certificates to Zoraxy
Move to Zoraxy from Nginx Proxy Manager
Screenshots
Startupparameters for Zoraxy
Troubleshooting Workarounds
Updating Zoraxy
Zoraxy in Docker with Portainer and Nginx as examples
Clone
3
Add Routing Via Config File
Toby Chui edited this page 2025-02-09 13:53:15 +08:00
Table of Contents
Other than editing routing in the web UI, you can also create a config file and let Zoraxy load it on startup. You can put your config file under conf/proxy/ as JSON file with file extension ".config". For example, here is an example of (ST).test.localhost.config
** This config structure is for Zoraxy v3.1.7 or above**
{
"ProxyType": 1,
"RootOrMatchingDomain": "test1.localhost",
"MatchingDomainAlias": [
"test2.localhost"
],
"ActiveOrigins": [
{
"OriginIpOrDomain": "example.com",
"RequireTLS": true,
"SkipCertValidations": false,
"SkipWebSocketOriginCheck": true,
"Weight": 1,
"MaxConn": 0
}
],
"InactiveOrigins": [
{
"OriginIpOrDomain": "broken.example.com",
"RequireTLS": true,
"SkipCertValidations": false,
"SkipWebSocketOriginCheck": true,
"Weight": 1,
"MaxConn": 0
}
],
"UseStickySession": false,
"UseActiveLoadBalance": false,
"Disabled": false,
"BypassGlobalTLS": false,
"VirtualDirectories": [
{
"MatchingPath": "/firework/",
"Domain": "example.com/fw/",
"RequireTLS": true,
"SkipCertValidations": false,
"Disabled": false
}
],
"HeaderRewriteRules": {
"UserDefinedHeaders": [
{
"Direction": 0,
"Key": "X-Foo-Bar",
"Value": "hello,world",
"IsRemove": false
}
],
"RequestHostOverwrite": "",
"HSTSMaxAge": 0,
"EnablePermissionPolicyHeader": true,
"PermissionPolicy": {
"accelerometer": [
"*"
],
"ambient_light_sensor": [
"*"
],
"autoplay": [
"*"
],
"battery": [],
"camera": [
"self"
],
"cross_origin_isolated": [
"self"
],
"display_capture": [
"self"
],
"document_domain": [
"*"
],
"encrypted_media": [
"*"
],
"execution_while_not_rendered": [
"*"
],
"execution_while_out_of_viewport": [
"*"
],
"fullscreen": [
"*"
],
"geolocation": [],
"gyroscope": [],
"keyboard_map": [],
"magnetometer": [],
"microphone": [
"*"
],
"midi": [],
"navigation_override": [],
"payment": [],
"picture_in_picture": [
"*"
],
"publickey_credentials_get": [],
"screen_wake_lock": [],
"sync_xhr": [
"*"
],
"usb": [],
"web_share": [
"*"
],
"xr_spatial_tracking": [],
"clipboard_read": [
"*"
],
"clipboard_write": [
"*"
],
"gamepad": [],
"speaker_selection": [],
"conversion_measurement": [],
"focus_without_user_activation": [
"*"
],
"hid": [],
"idle_detection": [
"*"
],
"interest_cohort": [
"*"
],
"serial": [],
"sync_script": [],
"trust_token_redemption": [],
"unload": [
"*"
],
"window_placement": [
"*"
],
"vertical_scroll": [
"*"
]
},
"DisableHopByHopHeaderRemoval": false
},
"EnableWebsocketCustomHeaders": false,
"AuthenticationProvider": {
"AuthMethod": 0,
"BasicAuthCredentials": [
{
"Username": "user",
"PasswordHash": "SHA_512_HASHED_PASSWORD"
}
],
"BasicAuthExceptionRules": [
{
"PathPrefix": "/public/"
}
],
"BasicAuthGroupIDs": null,
"AutheliaURL": "",
"UseHTTPS": false
},
"RequireRateLimit": false,
"RateLimit": 100,
"DisableUptimeMonitor": false,
"AccessFilterUUID": "default",
"DefaultSiteOption": 0,
"DefaultSiteValue": "",
"Tags": [
"private",
"storage",
]
}
ProxyType (Host or Vdir)
- Root (Reserved)
- Host
- Vdir
Auth Methods (AuthMethod) value
- No auth
- Basic Auth
- Authelia (Experimental)
Deprecated Structures
This config structure is for Zoraxy v3.0.2 or above
{
"ProxyType": 1,
"RootOrMatchingDomain": "a.example.com",
"MatchingDomainAlias": [
"b.example.com",
"c.example.com"
],
"Domain": "target.example.com",
"RequireTLS": true,
"BypassGlobalTLS": true,
"SkipCertValidations": false,
"SkipWebSocketOriginCheck": true,
"VirtualDirectories": [
{
"MatchingPath": "/teacat/",
"Domain": "sorae.co",
"RequireTLS": true,
"SkipCertValidations": false,
"Disabled": false
},
{
"MatchingPath": "/imus/",
"Domain": "imuslab.com",
"RequireTLS": true,
"SkipCertValidations": true,
"Disabled": false
}
],
"UserDefinedHeaders": [
{
"Key": "X-Custom-Header",
"Value": "foo,bar"
}
],
"RequireBasicAuth": false,
"BasicAuthCredentials": [
{
"Username": "test",
"PasswordHash": "PASSWORD_SHA512_HASH_HERE"
},
{
"Username": "user",
"PasswordHash": "PASSWORD_SHA512_HASH_HERE"
}
],
"BasicAuthExceptionRules": [
{
"PathPrefix": "/public/api"
}
],
"AccessFilterUUID": "default",
"Disabled": false,
"DefaultSiteOption": 0,
"DefaultSiteValue": ""
}
Here is another example that is use for default site (previously named Proxy Root). The file must be named as root.config
{
"ProxyType": 0,
"RootOrMatchingDomain": "/",
"Domain": "imuslab.com",
"RequireTLS": true,
"BypassGlobalTLS": false,
"SkipCertValidations": false,
"VirtualDirectories": null,
"RequireBasicAuth": false,
"BasicAuthCredentials": null,
"BasicAuthExceptionRules": null,
"DefaultSiteOption": 1,
"DefaultSiteValue": "imuslab.com",
"Disabled": false
}
Here are some key items for the proxy config
- ProxyType: 0 = root and 1 = host. For root, name your config file root.config
- RootOrMatchingDomain: Matching rules or keywords, use
/for default site router - Domain: Proxy target / backend
- RequireTLS: Proxy target require TLS (https) connection
- BypassGlobalTLS: Allow this rules to be accessed via port 80 endpoint (if enabled)
- SkipCertValidations: Skip proxy target TLS error, for self sign certificate
- SkipWebSocketOriginCheck: Skip websocket origin check, default enable and usually won't cause any security issues
- AccessFilterUUID: The ID of the access rule filter used, must be matching with the "ID" field inside the access config file