I am constantly on the lookout for new tools that can help with managing resources in the home lab. Reverse proxies are extremely important and useful since they allow you to manage routing traffic into your containerized and other resources by using a DNS name instead of an IP. This way you don’t have to access containers using their default non standard ports, etc. Also, they allow you to manage your SSL certificates using Let’s Encrypt. I have used and worked with many reverse proxies in the lab, including Nginx Proxy Manager, Traefik, Pangolin, and Caddy. However, there is a new one that I was actually blown away by in terms of features and functionality. It is called Zoraxy. Could this be the best reverse proxy to use for home labs? Let’s see.
What Zoraxy Is and its background
If you haven’t heard of this very cool reverse proxy, it is a modern reverse proxy that gives you web routing and it is extremely fast and lightweight since it is written in Go. It has a strong focus on usability. The core goal of the project is to give users and home labbers a powerful reverse proxy that has a modern interface and doesn’t need a deep knowledge of Nginx configuration syntax or complicated rules file edits.
It is very much akin to the benefits of Nginx Proxy Manager in that it encourages you to think of your resources in terms of services, domains, and routing. So, in the home lab, you just need to know where the app lives, which domain it should respond to, and if it needs TLS.
Even though it is built around the premise of being easy, it doesn’t sacrifice other more advanced features like WebSockets, automatic HTTPS, multiple routing modes, access controls, and it even does load balancing. We will get into more of what it offers below.
Check out the official project GitHub repo here: GitHub – tobychui/zoraxy.
How it is different from Nginx Proxy Manager
Nginx Proxy Manager has been the proxy that I have long recommended for beginners to use and it still is a great choice if you want to start there. However, Zoraxy has a few benefits and advantages to note. It’s written in Go so it is lighterweight. It is more configurable and gives you more options.
The interface I found to be more robust than Nginx Proxy Manager and can do more like work with more CAs like ZeroSSL or other custom SSL providers. It also has a better interface for point and click selecting your Docker containers you have running or picking a custom target as I will show below.
Take a look at the comparison below:
| Feature / Area | Zoraxy | Nginx Proxy Manager |
|---|---|---|
| Primary Focus | Simple and clear solution for routing web trffic | UI driven management of Nginx |
| Core Engine | Custom Go based proxy | Nginx |
| Web UI | Very modern and intuitive for the most part | Functional but more utilitarian |
| TLS and certificates | Built in ACME support with clear visibility | Built in Let’s Encrypt integration |
| WebSocket support | Enabled by default | Supported but sometimes requires manual tweaks |
| Routing | Domain and path based routing with visual clarity | Domain based routing with advanced options |
| Configuration | UI first with sensible defaults | UI backed by generated Nginx configs |
| Difficulty to learn? | Very intuitive, a little steeper learning curve than NPM since it has more options | Not difficult. You don’t have to even understand Nginx at all if you don’t want and just rely on the UI |
| Monitoring | Has monitoring built in and shows history of reachability | Has basic up or down for proxy hosts but not a history graph |
| SSO and OAuth 2.0 | Has SSO and OAuth 2.0 built-in | No built-in SSO or OAuth 2.0 support |
| Resource usage | Lightweight and efficient | Lightweight but tied to Nginx |
| Best suited for? | Home labs wanting a simple and fast setup and lots of features | Still the simplest interface but fewer options |
Install Zoraxy using Docker
Let’s look and see how to get up and running with Zoraxy in the home lab. The below Docker compose code is my code from a test Docker container host I have running. You will see my bind mounts listed below. Just change these to what you need in your environment.
This is pretty straightforward otherwise, including mounting the Docker socket and setting timezone, creating network, etc. I added a custom DNS server as I am doing some split horizon DNS trickery in my environment. You can strip that out if not needed.
services:
zoraxy:
image: zoraxydocker/zoraxy:latest
container_name: zoraxy
restart: unless-stopped
networks:
- zoraxy
ports:
- 80:80
- 443:443
- 8000:8000
volumes:
- /home/linuxadmin/homelabservices/zoraxy/config/:/opt/zoraxy/config/
- /home/linuxadmin/homelabservices/zoraxy/plugin/:/opt/zoraxy/plugin/
- /var/run/docker.sock:/var/run/docker.sock
extra_hosts:
- "host.docker.internal:host-gateway"
dns:
- 10.1.149.10
environment:
FASTGEOIP: "true"
TZ: "America/Chicago"
networks:
zoraxy:
driver: bridge
name: zoraxyIn the default configuration, ports 80 and 443 handle incoming traffic. Then port 8000 is used for the management interface. So once you have your Docker compose file in place, just run the standard command to bring up the stack:
docker compose up -d
You can then do a simple:
docker compose psThis will show you if the container is healthy, etc.
Browse out to port 8000 on the host. It will ask you to create your first admin account and password.
Creating the first admin account.
After creating the account and logging in, here is the default dashboard. The solution looks really really good. And I like the modern layout with the menus on the left and slick dashboards and toggles for configuration.
Simple walkthroughs to help learn Zoraxy
One of the very cool features I think about Zoraxy is the Quick Start walkthrough wizard. You can click one of the three types of endpoints that you want to configure, and Zoraxy will step you through the process, highlighting the areas of the interface where you need to make the configuration changes.
Let me show you what the HTTPS Green Lock(s) wizard looks like. Here you can click one of the three options.
After clicking the HTTPS Green Locks, you can see the checkbox on that selector, then the dialog box opens to Enable HTTPS for your site.
Here we are shown how to change the listening port.
Next, we can enable TLS serving.
Also, you can enable port 80 HTTP.
If you want to force a redirect to HTTPS, we can do that as well.
HTTPS is now enabled.
TLS/SSL certificates configuration as the next part of the wizard.
Showing how to setup ACME configuration and auto renew.
The ACME tool in Zoraxy.
Configuring the auto renew settings, email, and where you can generate a new certificate. Like NPM and others, you can use DNS challenge. It supports a wide range of DNS providers.
Enabling auto renew.
Certificate installed as part of the wizard.
Configuring the ACME tool
After stepping through the wizard above where it shows you where everything is, I wanted to start configuring things manually just to learn the process. To get to the area of the interface where you can open the ACME tool and start configuring, you can navigate to TLS / SSL certificates > Open ACME Tool. This will pop out the side blade in the interface where you can configure the DNS challenge, etc.
You can see below, I am using Cloudflare. The information I found that it needed is the AuthEmail and AuthToken. Just put in your domain name, select the DNS challenge option, and configure your provider that you need for obtaining the certificate.
Creating a new Proxy Host
If I could make a suggestion to the developer here on the interface, it would be to combine the Create Proxy Rules menu with the HTTP Proxy menu as this would be more intuitive. I know I immediately went to the HTTP Proxy menu when I wanted to create a new proxy host. It seems like this additional menu is a bit redundant. But this is just a small gripe and hopefully something that might be considered.
Take a look at the darkened area here. I have clicked the Create Proxy Rules menu. This launches the New Proxy Rule workflow. What I really like about Zoraxy is the visibility it gives you when creating your proxy rules. I spun up a new Nginx container to have something to play around with for proxy traffic. Note how I clicked the Show Containers with Unexposed Ports. I had put the Ngin container on the same network as my Zoraxy container so I didn’t expose any ports. This allows you to see the containers on Zoraxy’s networks, but notice you also get Containers using Host Network and Containers on different networks. This is really cool that it gives you this level of information and granularity building your rule.
Here, I have expanded the Advanced settings so you can see some of the other settings you can set up. Note how if your container is setup on the backend to use SSL, you can set the Ignore TLS/SSL Verification Error if it is using a self-signed certificate. This is a handy setting.
The proxy host will also automatically request a new SSL certificate for the host.
You can see below we have a proper certificate provisioned for the Nginx website.
Access control
Zoraxy has a healthy configuration section for setting up access control for your hosts. You can whitelist and ban various IPs or ranges, or perform Quick bans.
Network tools
Zoraxy has various network tools built into the interface that I think are a nice touch to have access to a few scanners at your fingertips when you are figuring out how you want to route traffic into your containers or other services. These include:
- Multicast DNS (mDNS) scanner
- IP Scanner
- Port Scanner
- Traceroute/Ping
Uptime monitoring
A really cool GUI feaure that is built in is the Uptime Monitor. This almost looks like an uptime Kuma type monitor visually that allows you to not only see the current status of a proxy host, but the history of the proxy host which is nice to be able to see a history of reachability for your services.
SSO and OAuth 2.0
Another nice feature that makes the login experience much better is the integration of SSO and OAuth 2.0. Especially if you are already using something like Authelia, Authentik, or OAuth2 Proxy, you can forward your authentication requests to these providers. There is also OAuth 2.0 configuration possibilities here as well.
Utilities and plugins
Zoraxy also has a wide range of other utilities, including system backup and restore, IP CIDR conversions, and also a plugins feature that is experimental. This will allow the solution to be extensible with plugins written for Zoraxy.
Here is a quick look at the Toolbox tab
It has a plugins feature that shows to be experimental at this point, but will be a great addition to extend the solution.
Wrapping up
I’ve only scratched the surface of all the settings and “nerd knobs” of Zoraxy. It has a crazy amount that you can do with it. But, it has quickly become my new favorite GUI-based reverse proxy. It has many advantages in terms of features and capabilities over Nginx Proxy Manager and it is super efficient and quick since it is written in Go. I still think for the absolute simplest solution for beginners, Nginx Proxy Manager still edges Zoraxy out, simply due to the fact it has less you can configure so might be slightly more beginner friendly. But, in terms of features and capabilities Zoraxy is impressive. Let me know in the comments if you are using Zoraxy. If so do you like it? If you aren’t currently using it, are you going to try it out?
Google is updating how articles are shown. Don’t miss our leading home lab and tech content, written by humans, by setting Virtualization Howto as a preferred source.
About The Author
