Before configuring a proxy, you need to bind a port to listen on. You can do this in the "Ports" section.
Taxy supports four types of ports:
- HTTPS (HTTP over TLS)
- TCP over TLS
Resetting a Port
Changing the port configuration does not affect existing connections. Old connections will continue to use the old configuration. To forcibly close existing connections, you can reset the port.
Taxy supports four types of proxies:
- HTTP / HTTPS
- TCP / TCP over TLS
Multiple ports can be bound to a proxy. However, it's not possible to bind TCP / TCP over TLS ports to an HTTP / HTTPS proxy and vice versa.
Taxy supports HTTP/2 for HTTP and HTTPS proxies in both upstream and downstream connections. HTTP/2 is automatically negotiated if the client supports it. However, most web browsers will only use HTTP/2 if the connection is over TLS because they have no prior knowledge of the server's support for HTTP/2 without ALPN (Application-Layer Protocol Negotiation).
Taxy supports WebSocket (and HTTP upgrading) for HTTP and HTTPS proxies. You don't need to do anything special to enable WebSocket support.
For TCP over TLS and HTTPS proxy, Taxy requires a server certificate. There are three ways to install a server certificate:
- Generate a self-signed certificate
- Import a certificate from a file (PEM format only)
- Use ACME to automatically provision a certificate
Taxy will automatically search for a certificate from SNI (Server Name Indication) in the TLS client hello message.
If your upstream server uses certificates not trusted by the system, you will need to add them to the root certificate store. Taxy automatically trusts all certificates signed by the root certificate, in addition to the system's root certificates.
Also, if you generate a self-signed certificate, Taxy will automatically generate a CA certificate and add it to the root certificate store.
Taxy supports automatic certificate provisioning using ACME (Automatic Certificate Management Environment). ACME is supported by many certificate authorities, such as Let's Encrypt, ZeroSSL, and Google Trust Services.
Taxy supports ACME v2 with HTTP challenge only. Make sure that TCP port 80 is open and accessible from the internet.
Taxy uses TOML files for storing its configuration. The location of these files varies according to the operating system:
You can override the default location by setting the
TAXY_CONFIG_DIR environment variable or the
--config-dir command-line option.
If needed, these files can be edited manually. Note, however, that Taxy does not automatically detect changes made to the configuration files. To ensure any changes take effect, you must restart the server after editing a configuration file.
Taxy includes a built-in WebUI. By default, it is served on localhost:46492. However, you can customize the port using the
TAXY_WEBUI environment variable or the
--webui command-line option. If you wish to disable the WebUI, set the
TAXY_NO_WEBUI=1 environment variable or use the
--no-webui command-line option.
Secure cookie attribute to store the session token. This means that the WebUI will only work over HTTPS, unless it is served on localhost (although certain browsers, like Safari, may deny this even on localhost). If you want to use the WebUI over HTTP, you can set the
TAXY_INSECURE_WEBUI=1 environment variable or use the
--insecure-webui command-line option. Note that this is not recommended.
Taxy logs to the standard output as its default setting. You can change this behavior by setting the
TAXY_ACCESS_LOG environment variable or using the
--access-log command-line option.
$ taxy start --log /var/log/taxy.log --access-log /var/log/taxy-access.log
If you want to adjust the log level, you can do so by setting the
TAXY_ACCESS_LOG_LEVEL environment variable or using the
--access-log-level command-line option.