Crate https_proxy 

Stealth HTTPS forward proxy.

A forward proxy that auto-obtains TLS certificates via ACME/Let’s Encrypt and disguises itself as a normal nginx web server. Unauthorized or non-proxy requests receive a fake nginx 404 page.

Request flow

1. TLS termination with automatic ACME cert provisioning (tls)
2. Stealth gate — non-proxy traffic gets a fake 404 (stealth)
3. Auth gate — invalid credentials get the same fake 404 (auth)
4. CONNECT tunneling or HTTP forwarding to the target ([proxy])

Modules

auth

Proxy authentication via Proxy-Authorization: Basic header.

config

YAML configuration loading and validation.

net

Network utilities with optional TCP Fast Open (TFO) support.

service

Systemd service installation and removal (Linux only).

setup

Interactive TUI setup wizard for generating config.yaml.

stealth

Stealth layer that hides the proxy from scanners and browsers.

tls

TLS termination with automatic ACME certificate provisioning.

Functions

handle_request

Route an incoming request through stealth detection, auth, and proxy handling.

serve_with_tls_acceptor

Run the proxy server using a pre-built TlsAcceptor (bypasses ACME).