# ht-docker-smartproxy Multi-architecture Docker image for running `@push.rocks/smartproxy` as a daemon. The image wraps SmartProxy with a small Node.js admin API so orchestrators such as Onebox can update routes without embedding the Node/Rust SmartProxy runtime into their own process. ## Build ```bash pnpm install pnpm build ``` `tsdocker` builds `linux/amd64` and `linux/arm64` according to `.smartconfig.json`. ## Release ```bash pnpm release:docker ``` The image is pushed as `code.foss.global/host.today/ht-docker-smartproxy`. ## Runtime ```bash docker run --rm \ -p 80:80 \ -p 443:443 \ -p 3000:3000 \ -v ./config.json:/etc/smartproxy/config.json:ro \ code.foss.global/host.today/ht-docker-smartproxy:latest ``` Environment variables: - `SMARTPROXY_CONFIG`: config path, default `/etc/smartproxy/config.json`. - `SMARTPROXY_ADMIN_HOST`: admin bind host, default `0.0.0.0`. - `SMARTPROXY_ADMIN_PORT`: admin bind port, default `3000`. - `SMARTPROXY_ADMIN_TOKEN`: optional bearer token for admin endpoints. ## Admin API - `GET /health`: health status. - `GET /routes`: current raw routes. - `PUT /routes`: replace routes with either an array or `{ "routes": [...] }`. - `POST /reload`: reload config from `SMARTPROXY_CONFIG` and restart SmartProxy. - `POST /security-policy`: update global security policy. - `GET /statistics`: SmartProxy runtime statistics. - `GET /listening-ports`: currently listening proxy ports. ## Config The config is regular `ISmartProxyOptions` JSON with one daemon extension: `httpToHttpsRedirect`. ```json { "httpToHttpsRedirect": { "enabled": true, "httpPort": 80, "httpsPort": 443, "statusCode": 301 }, "routes": [ { "name": "app-example-com", "match": { "ports": 443, "domains": "app.example.com", "protocol": "http" }, "action": { "type": "forward", "targets": [{ "host": "app", "port": 3000 }], "tls": { "mode": "terminate", "certificate": { "key": "-----BEGIN PRIVATE KEY-----\\n...", "cert": "-----BEGIN CERTIFICATE-----\\n..." } } } } ] } ```