Skip to content

Goxii, wierd name, I know. It's Go + Proxy, which tells you just about all you need to know. This proxy works on the TCP layer and provides IP based filtering to protect assets behind a VLAN from unwanted access. This was primarily designed to work with Docker networks as a way of not exposing some development ports to my internal network.

Notifications You must be signed in to change notification settings

MalaryLib/Goxii

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

> goxii 8080 172.20.0.2 443

Using Goxii

Pre-Requisites

Goxii is designed as a drop-in proxy for securing docker containers that host internal data and or information. Before using Goxii, please install the following software:

Now what?

Using Goxii is pretty straight forward. You can simply clone this repository:

git clone https://github.com/MalaryLib/Goxii.git
Configuring Goxii

Because this is a container, all of the configuration is first done in the compose.yml file located in this repository.

Options How to configure What does this change?
Destination IP compose.yml This is where your destination container is located. Must be an IP address as of Goxii-v1.0.
Destination Port compose.yml This is the port that your destination container is listening on.
External-Facing Proxy Network compose.yml This is the network that you are expecting to potentially be reachable from the outside. Add it to the networks and set it as external.
Port Goxii Listens On compose.yml Goxii listens on port 8081 by default, change this in the ports section of the compose.yml file.
Allowed IPs /resources/.ips Goxii reads the ips in this file on start-up to get a list of allowed IPs. This is a temporary bug in v1.0. Future versions will use a token based authentication scheme.

You can change some other things too. For example, you can run the goxii binary with the following parameters:

goxii <port to listen to> <Destination IP> <Destination Port>
Containerizing Goxii

We now start the container with goxii! You most likely have to run this as root or with sudo for socket priviledges.

These commands are run from the Goxii folder, if you're running with root omit the sudo commands.

sudo docker compose up -d
  • This should run without any issues. Ensure you are connected to the internet and have storage, etc.

From here you are ready to start curl-ing, rest-ing, or whatever-ing your private container. The logs are pretty descriptive.

About

Goxii, wierd name, I know. It's Go + Proxy, which tells you just about all you need to know. This proxy works on the TCP layer and provides IP based filtering to protect assets behind a VLAN from unwanted access. This was primarily designed to work with Docker networks as a way of not exposing some development ports to my internal network.

Topics

Resources

Stars

Watchers

Forks