An encrypted SOCKS5/HTTP proxy tunnel over HTTP/SSE — built for environments where only plain HTTP works.
What it does
tunnix turns any HTTPS endpoint into a SOCKS5/HTTP proxy. Traffic is end-to-end encrypted with ChaCha20-Poly1305 and tunneled via HTTP POST (upload) + SSE (download) — no WebSocket, no root access, no VPN client required.
Now open-sourced and works anywhere that serves HTTP.
Works with
- Google Cloud Shell — use the Web Preview URL directly
- GitHub Codespaces — forward a port, get a public URL
- Gitpod — same pattern
- nginx reverse proxy — use
path_prefixto share a host with other apps - Railway / Render / Fly.io — deploy a container, get HTTPS for free
Vercel and other serverless platforms are not supported — SSE streams exceed their function timeout limits.
Highlights
- Single binary:
tunnix server/tunnix client - SOCKS5 and HTTP proxy on the same port, auto-detected
- Configurable path prefix — run alongside other services on the same host
- Custom headers — for cookie-authenticated reverse proxies
- Configurable root endpoint — redirect or serve an HTML page at
GET / - Written in Rust
Getting started
cargo install --git https://github.com/aeroxy/tunnix
# Server (e.g. inside Cloud Shell)
tunnix server --listen 0.0.0.0:8080 --password "your-secret"
# Client (local machine)
tunnix client --server https://your-host --password "your-secret" --local-addr 127.0.0.1:7890
# Test
curl --socks5 127.0.0.1:7890 https://ifconfig.meSee the README for full deployment guides.