Skip to content
ProxerProxerv0.13.0

proxer server

Command reference for the public server.

proxer server starts one HTTP/WebSocket listener for public traffic, health probes, and tunnel control.

proxer server --listen 0.0.0.0:8080 --domain your-server.example.com --token dev-token
  • --listen <host:port>: listen address. Defaults to 127.0.0.1:8080.
  • --domain <domain>: public root domain used to resolve root and subdomain routes.
  • --token <token>: shared token required by tunnel clients.
  • --trusted-proxy <proxy>: trusted reverse proxy preset, IP, or CIDR. Repeat the flag for multiple values.

If --token and PROXER_TOKEN are omitted, the server generates a strong token and prints it as token: .... Copy that value to clients. For long-running deployments, prefer a secret store over relying on a token printed in terminal output.

Trusted proxy presets:

  • loopback: loopback addresses.
  • private: private IPv4 ranges and unique-local IPv6 ranges.

When --trusted-proxy or PROXER_TRUSTED_PROXIES is configured, the reverse proxy must overwrite or strip inbound X-Forwarded-* and X-Real-IP headers from external clients before forwarding to Proxer.

  • PROXER_LISTEN: default value for --listen.
  • PROXER_DOMAIN: default value for --domain.
  • PROXER_TOKEN: default value for --token.
  • PROXER_TRUSTED_PROXIES: comma-separated trusted proxy values.

CLI flags take precedence over environment variables.

The server reserves these fixed paths:

/__proxer__/control
/__proxer__/health/live
/__proxer__/health/ready

The control path is not configurable.

Run the server on a public machine or behind a reverse proxy that preserves the original Host header. Unknown hosts return 404.