This is the project we used to build enterprise-oriented generic proxy solutions, including but not limited to proxy / reverse proxy (WIP) / load balancer (TBD) / NAT traversal (WIP).
The G3 project consists of many applications, each of which has a separate subdirectory containing its own code, documentation, etc.
In addition to the application directories, there are some public directories:
- doc Contains project-level documentation.
- sphinx is used to generate HTML reference documents for each application.
- scripts Contains various auxiliary scripts, including coverage testing, packaging scripts, etc.
A generic forward proxy solution, but you can also use it as tcp streaming / transparent proxy / reverse proxy as we have basic support built in.
- Async Rust: fast and reliable
- Http1 / Socks5 forward proxy protocol, SNI Proxy and TCP TPROXY
- Support easy-proxy and masque/http Well-Known URI
- Proxy Chaining, with support for dynamic selection of upstream proxies
- Plenty of egress route selection methods, with support for custom egress selection agent
- TCP/TLS Stream Proxy, Basic HTTP Reverse Proxy
- TLS over OpenSSL / BoringSSL / AWS-LC / AWS-LC-FIPS / Tongsuo, and even rustls
- TLS MITM interception, decrypted traffic dump, HTTP1/HTTP2/IMAP/SMTP interception
- ICAP adaptation for HTTP1/HTTP2/IMAP/SMTP, can integrate seamlessly with 3rd-party security products
- Graceful reload
- Customizable load balancing and failover strategies
- User Auth, with a rich set of config options
- Can set differential site config for each user
- Rich ACL/Limit rules, at ingress / egress / user level
- Rich monitoring metrics, at ingress / egress / user / user-site level
- Support for a variety of observability tools
README | User Guide | Reference Doc
A StatsD compatible stats aggregator.
A work in progress reverse proxy solution.
A benchmark tool that supports:
- HTTP: HTTP/1.1, HTTP/2, HTTP/3
- WebSocket
- TLS Handshake
- DNS: UDP, TCP, DNS over TLS, DNS over HTTP, DNS over QUIC, DNS over HTTP/3
- Thrift RPC
- Cloudflare Keyless
A tool to make root CA / intermediate CA / TLS server / TLS client / TLCP server / TLCP client certificates.
Fake certificate generator for g3proxy.
IP location lookup service for g3proxy GeoIP support.
A simple implementation of Cloudflare keyless server.
Linux is fully supported.
The code also compiles on the following platforms:
- macOS
- Windows >= 10
- FreeBSD >= 14.3
- NetBSD >= 10.1
- OpenBSD >= 7.8
Follow Dev-Setup.
Follow Standards.
Pre-Built packages can be found at cloudsmith.
But it is still recommended to build packages yourself, see Build and Package for more details.
See Long-Term Support.
Please check Contributing for more details.
Please check Code of Conduct for more details.
If you discover a potential security issue in this project, or think you may have discovered a security issue, we ask that you notify Bytedance Security via our security center or vulnerability reporting email.
Please do not create a public GitHub issue.
This project is licensed under the Apache-2.0 License.
g3proxy has joined 404Starlink