The latest articles on DEV Community by SalzDevs (@salzdevs). https://dev.to/salzdevs https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3931872%2F4800a0ae-da30-45cc-a286-b02c3925c67e.png https://dev.to/salzdevs en SalzDevs Thu, 14 May 2026 19:43:30 +0000 https://dev.to/salzdevs/building-a-forward-proxy-in-go-with-middleware-and-auth-e https://dev.to/salzdevs/building-a-forward-proxy-in-go-with-middleware-and-auth-e <p>I’ve been building <a href="https://github.com/SalzDevs/groxy" rel="noopener noreferrer">Groxy</a>, a pre-v1 Go library for creating forward proxy servers.</p> <p><strong>It supports:</strong></p> <ul> <li>HTTP forwarding</li> <li>HTTPS CONNECT tunneling</li> <li>middleware</li> <li>blocking/body transforms</li> <li>access logs</li> <li>proxy authentication</li> <li>opt-in HTTPS inspection</li> </ul> <h2> <strong>Minimal proxy</strong> </h2> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">proxy</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">groxy</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">groxy</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="s">"127.0.0.1:8080"</span><span class="p">,</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">proxy</span><span class="o">.</span><span class="n">Start</span><span class="p">())</span> </code></pre> </div> <p><strong>Try it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-x</span> http://127.0.0.1:8080 http://example.com curl <span class="nt">-x</span> http://127.0.0.1:8080 https://example.com </code></pre> </div> <p><strong>Middleware</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">proxy</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span> <span class="n">groxy</span><span class="o">.</span><span class="n">AddRequestHeader</span><span class="p">(</span><span class="s">"X-From-Groxy"</span><span class="p">,</span> <span class="s">"true"</span><span class="p">),</span> <span class="n">groxy</span><span class="o">.</span><span class="n">AccessLog</span><span class="p">(</span><span class="n">log</span><span class="o">.</span><span class="n">Default</span><span class="p">()),</span> <span class="p">)</span> </code></pre> </div> <p><strong>Proxy auth</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">proxy</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">groxy</span><span class="o">.</span><span class="n">ProxyBasicAuth</span><span class="p">(</span><span class="s">"admin"</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"PROXY_PASSWORD"</span><span class="p">)))</span> </code></pre> </div> <p>Or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">proxy</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">groxy</span><span class="o">.</span><span class="n">ProxyBasicAuthFunc</span><span class="p">(</span><span class="k">func</span><span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span> <span class="k">return</span> <span class="n">users</span><span class="o">.</span><span class="n">Verify</span><span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="p">)</span> <span class="p">}))</span> </code></pre> </div> <p>Auth protects both HTTP proxy requests and HTTPS CONNECT tunnels.</p> <p><strong>HTTPS inspection</strong></p> <p>By default, HTTPS is tunneled normally.</p> <p>Inspection is explicit opt-in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">HTTPSInspection</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">groxy</span><span class="o">.</span><span class="n">HTTPSInspectionConfig</span><span class="p">{</span> <span class="n">CA</span><span class="o">:</span> <span class="n">ca</span><span class="p">,</span> <span class="n">Intercept</span><span class="o">:</span> <span class="n">groxy</span><span class="o">.</span><span class="n">MatchHosts</span><span class="p">(</span><span class="s">"example.com"</span><span class="p">,</span> <span class="s">"*.example.com"</span><span class="p">),</span> <span class="p">}</span> </code></pre> </div> <p>Only inspect traffic you own or are authorized to inspect.</p> <h1> <strong>Feedback wanted</strong> </h1> <p>Groxy is pre-v1, so I’m looking for API/security feedback before stabilizing it.</p> <p>Repo: <a href="https://github.com/SalzDevs/groxy" rel="noopener noreferrer">https://github.com/SalzDevs/groxy</a><br> Docs: <a href="https://pkg.go.dev/github.com/SalzDevs/groxy" rel="noopener noreferrer">https://pkg.go.dev/github.com/SalzDevs/groxy</a></p> go opensource security networking