Dynamic Proxy
  • Hosts
  • DNS
  • Users
  • Permissions
  • Groups
  • Profile
  • API Tokens
Login
Proxy List

SSL Expire Host Name target Updated Actions
{{{ wildcard_text }}} {{#wildcard_expires}} {{wildcard_expires_text}} {{/wildcard_expires}} {{{ forcessl_text }}}{{ host }} {{#domain.provider}}
{{displayName}} - {{name}} {{/domain.provider}} {{#wildcard_parent}} {{wildcard_parent}} {{/wildcard_parent}}
{{{ targetssl_text }}}{{ ip }}:{{ targetPort }} {{ updated_on_text }}
Add host
The public hostname clients request. Use *.example.com for one subdomain level, **.example.com for any depth, or ** as a catch-all.
Redirect plain HTTP requests to HTTPS.

Where matching requests are proxied. Hostname or IP only — no protocol, port, or path.
Options light up based on the host name: wildcard certs need a DNS provider for the domain; child hosts reuse a parent wildcard.
Token bucket per client IP; bursts above the rate are queued, then rejected with 429.
Cache upstream responses that declare themselves cacheable.
Tells browsers to only use HTTPS for this host. Enable once HTTPS is confirmed working.
Added to each request sent to the target. One Name: value per line.
Added to each response returned to the client.
IP access
If non-empty, only these sources may connect (default-deny).
These sources are always blocked (deny wins over allow).

Basic auth and SSO are OR'd — if either is enabled, a request is allowed when it passes either one. Leave both off for a public host.

Basic authentication
Current: none. Passwords are stored hashed and never shown here. Leave blank to keep the current users; entering any lines replaces the whole list.

Single sign-on (SSO)
Gates the site behind the same identity provider the admin app uses. Empty allow-lists below mean any authenticated user is allowed.
© 2026 theta42 · MIT License GitHub v1.0.0 (c68fcc9)