The image wraps SmartProxy with a small Node.js admin API so orchestrators such as Onebox can update routes without embedding the Node/Rust SmartProxy runtime into their own process.

Build

pnpm install
pnpm build

tsdocker builds linux/amd64 and linux/arm64 according to .smartconfig.json.

Release

pnpm release:docker

The image is pushed as code.foss.global/host.today/ht-docker-smartproxy.

Runtime

docker run --rm \
  -p 80:80 \
  -p 443:443 \
  -p 3000:3000 \
  -v ./config.json:/etc/smartproxy/config.json:ro \
  code.foss.global/host.today/ht-docker-smartproxy:latest

Environment variables:

SMARTPROXY_CONFIG: config path, default /etc/smartproxy/config.json.
SMARTPROXY_ADMIN_HOST: admin bind host, default 0.0.0.0.
SMARTPROXY_ADMIN_PORT: admin bind port, default 3000.
SMARTPROXY_ADMIN_TOKEN: optional bearer token for admin endpoints.

Admin API

GET /health: health status.
GET /routes: current raw routes.
PUT /routes: replace routes with either an array or { "routes": [...] }.
POST /reload: reload config from SMARTPROXY_CONFIG and restart SmartProxy.
POST /security-policy: update global security policy.
GET /statistics: SmartProxy runtime statistics.
GET /listening-ports: currently listening proxy ports.

Config

The config is regular ISmartProxyOptions JSON with one daemon extension: httpToHttpsRedirect.

{
  "httpToHttpsRedirect": {
    "enabled": true,
    "httpPort": 80,
    "httpsPort": 443,
    "statusCode": 301
  },
  "routes": [
    {
      "name": "app-example-com",
      "match": {
        "ports": 443,
        "domains": "app.example.com",
        "protocol": "http"
      },
      "action": {
        "type": "forward",
        "targets": [{ "host": "app", "port": 3000 }],
        "tls": {
          "mode": "terminate",
          "certificate": {
            "key": "-----BEGIN PRIVATE KEY-----\\n...",
            "cert": "-----BEGIN CERTIFICATE-----\\n..."
          }
        }
      }
    }
  ]
}