proxer server
Command reference for the public server.
proxer server starts one HTTP/WebSocket listener for public traffic, health probes, and tunnel control.
proxer server --listen 0.0.0.0:8080 --domain your-server.example.com --token dev-tokenOptions
Section titled “Options”--listen <host:port>: listen address. Defaults to127.0.0.1:8080.--domain <domain>: public root domain used to resolve root and subdomain routes.--token <token>: shared token required by tunnel clients.--trusted-proxy <proxy>: trusted reverse proxy preset, IP, or CIDR. Repeat the flag for multiple values.
If --token and PROXER_TOKEN are omitted, the server generates a strong token and prints it as token: .... Copy that value to clients. For long-running deployments, prefer a secret store over relying on a token printed in terminal output.
Trusted proxy presets:
loopback: loopback addresses.private: private IPv4 ranges and unique-local IPv6 ranges.
When --trusted-proxy or PROXER_TRUSTED_PROXIES is configured, the reverse proxy must overwrite or strip inbound X-Forwarded-* and X-Real-IP headers from external clients before forwarding to Proxer.
Environment variables
Section titled “Environment variables”PROXER_LISTEN: default value for--listen.PROXER_DOMAIN: default value for--domain.PROXER_TOKEN: default value for--token.PROXER_TRUSTED_PROXIES: comma-separated trusted proxy values.
CLI flags take precedence over environment variables.
Internal endpoints
Section titled “Internal endpoints”The server reserves these fixed paths:
/__proxer__/control/__proxer__/health/live/__proxer__/health/readyThe control path is not configurable.
Run the server on a public machine or behind a reverse proxy that preserves the original Host header. Unknown hosts return 404.