Pingora Proxy Manager is a next-generation reverse proxy solution designed for speed and reliability. It combines the raw performance of Rust and Cloudflare's Pingora framework with a beautiful, modern React dashboard.
Unlike traditional proxies, PPM supports zero-downtime configuration reloading, meaning your active connections are never dropped when you add hosts or change SSL settings.
| Feature | Description |
|---|---|
| ⚡️ High Performance | Powered by Rust & Pingora for ultra-low latency and high throughput. |
| 🔄 Zero-Downtime | Dynamic architecture allows configuration changes without restarting the process. |
| 🔒 SSL Automation | HTTP-01 and DNS-01 (Wildcard) support via Let's Encrypt. |
| 🌐 Proxy Hosts | Easy management of virtual hosts, path routing, and advanced rewriting. |
| 📡 L4 Streams | TCP/UDP forwarding for databases, game servers, and other non-HTTP services. |
| 🛡️ Access Control | Secure your services with IP Whitelists/Blacklists and Basic Authentication. |
| 📊 Real-time Stats | Live traffic monitoring, status codes, and historical data visualization. |
| 🐳 Docker Ready | Single-container deployment with a lightweight footprint. |
The fastest way to get started is using Docker Compose.
services: pingora-proxy: image: dduldduck/pingora-proxy-manager:latest container_name: pingora-proxy restart: always network_mode: host # Recommended for performance & L4 streams volumes: - ./data:/app/data # Database & Certs - ./letsencrypt:/etc/letsencrypt # Certbot account, renewal, and live cert state - ./logs:/app/logs # Access Logs environment: - JWT_SECRET=changeme_in_production_please - RUST_LOG=infoNote: We recommend
network_mode: hostfor best performance and simplified port management. If you prefer bridge mode, ensure you map ports80:8080,443:443, and81:81.For Let's Encrypt, keep both
./data:/app/dataand./letsencrypt:/etc/letsencryptmounted. HTTP-01 validation reaches PPM over host port 80, which the container forwards to the app's internal port 8080.
If your traffic path is Client -> Cloudflare/Nginx/ALB -> PPM, set PPM_TRUSTED_PROXY_IPS (or TRUSTED_PROXY_IPS) to the IP(s) of the immediate proxy hop. Otherwise, PPM only trusts loopback for forwarded headers and may not use X-Forwarded-For / X-Forwarded-Proto.
Example:
PPM_TRUSTED_PROXY_IPS=127.0.0.1,10.0.0.10docker compose up -dVisit http://localhost:81 (or your server IP) and log in:
- Username:
admin - Password:
changeme
⚠️ Important: Please change your password immediately after logging in.
We have comprehensive documentation available in our GitHub Wiki:
- Getting Started - Installation and first steps.
- Configuration Guide - Deep dive into Proxy Hosts, SSL, and ACLs.
- Architecture - Understand the Control Plane and Data Plane.
- API Reference - Integrate with our REST API.
- FAQ & Troubleshooting - Common solutions.
Want to contribute or build from source?
You can run the backend (Rust) and frontend (React/Vite) independently for faster iteration.
- Backend:
cd backend && cargo run(Listens on 81 & 8080) - Frontend:
cd frontend && npm run dev(Proxies API to 81)
See the Development Setup guide for details.
Is Pingora Proxy Manager saving you time?
This project is built with love, caffeine, and many sleepless nights. If you'd like to support the development, server costs, and new features, consider buying me a coffee! ☕️
Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
Please check our Contributing Guide for guidelines.
Distributed under the MIT License. See LICENSE for more information.
