User Guide


Enables Caddy webserver to act as a Secure Web Proxy. Effectively, forwards HTTP requests in following form: GET someplace.else/thing.html HTTP/1.1 and establishes secure TCP tunnels for: CONNECT someotherweb.server HTTP/1.1

HTTP/2.0 is supported and highly recommended, as it enables multiplexing.

Full documentation


Default Forward Proxy

Spins up default unauthenticated forwardproxy. Use with care, since other people might start (ab-)using your proxy.

Authenticated Forward Proxy
forwardproxy { basicauth caddyuser1 0NtCL2JPJBgPPMmlPcJ basicauth caddyuser2 秘密 }

Spins up authenticated forwardproxy.

Probe Resistant Forward Proxy
forwardproxy { basicauth caddyuser1 0NtCL2JPJBgPPMmlPcJ probe_resistance hiddenlink-u13PJVFur3.localhost }

Enable (experimental) probe resistance, which attempts to hide the fact that the site is a forwardproxy. Proxy will no longer respond with "407 Proxy Authentication Required" if credentials are incorrect or absent, and will attempt to mimic generic forwardproxy-less Caddy server in other regards. Optionally, you can specify hiddenlink, which, when visited, will prompt 407 response. Authentication is required.

Generate and serve PAC file from memory
forwardproxy { serve_pac proxyautoconfig.pac }

Generate in memory and serve Proxy Auto-Config(see file on given path. If no path is provided, PAC file will be served at /proxy.pac

Hide user IP address from visited websites
forwardproxy { hide_ip }

Forward proxy will stop adding user's IP to "Forwarded:" header.

Related Links

Access the full documentation for this plugin off-site:

Plugin Help

Get help from the maintainers of the http.forwardproxy plugin:

Plugin Website

Visit http.forwardproxy's website for more information:

Plugin Author: Sergey Frolov
Last Updated: 18 Aug 2017, 2:55 PM
This plugin is independent of the Caddy project and is not endorsed or maintained by Caddy developers. Use at your own risk. Do not file issues for this plugin on Caddy's bug tracker.