Simplify your traffic layer. One gateway for every protocol and provider.
Important
This repository is the archived Go implementation of sbproxy. It is kept for reference, reproducibility, and anyone who needs to read the Go history. No new features will land here.
The active project lives at
soapbucket/sbproxy, built on
Cloudflare's Pingora and shipping as v2.0.0. Existing sb.yml config
files run on the new engine unmodified. Background and benchmark numbers
are at sbproxy.dev/benchmark.
The last Go release is tagged
v1.0.0-go-final.
If you are pinning a Go binary, that is the version to pin. Open issues
and pull requests on the active project,
not here.
Install · Docs · Examples · Community · Cloud
- One config file replaces your reverse proxy, AI gateway, and a dozen middleware scripts.
- Add AI capabilities to any existing API without changing your backend.
- Ship secure by default with authentication, rate limiting, and caching already built in.
- Reload configuration without dropping a single connection.
# Homebrew
brew tap soapbucket/sbproxy && brew install sbproxy
# Docker
docker pull ghcr.io/soapbucket/sbproxy:latest
# Script
curl -fsSL https://download.sbproxy.dev | shCreate sb.yml and run:
proxy:
http_bind_port: 8080
origins:
"api.example.com":
action:
type: proxy
url: https://httpbin.orgsbproxy serve -f sb.yml
curl -H "Host: api.example.com" http://localhost:8080/getThat's a reverse proxy. Now add AI routing, auth, and rate limiting in the same file:
proxy:
http_bind_port: 8080
origins:
"ai.example.com":
action:
type: ai_proxy
providers:
- name: openai
api_key: ${OPENAI_API_KEY}
- name: anthropic
api_key: ${ANTHROPIC_API_KEY}
routing:
strategy: fallback_chain
authentication:
type: api_key
api_keys: [my-key]
policies:
- type: rate_limiting
requests_per_minute: 60One config file. Every protocol. Every provider.
See examples/ for 17 production-ready configurations.
Reverse proxy - Route HTTP, WebSocket, gRPC, and GraphQL traffic with path-based forwarding, load balancing, and automatic failover.
AI gateway - Route requests across 200+ LLM providers with a single OpenAI-compatible API. Fallback chains, guardrails, spend tracking, and semantic caching.
API security layer - Protect any backend with authentication, WAF, rate limiting, DDoS protection, and bot detection. No code changes required.
Protocol bridge - Connect HTTP/1.1, HTTP/2, HTTP/3, WebSocket, gRPC, SSE, MCP, and A2A through one unified gateway.
| Area | Capabilities |
|---|---|
| Traffic | Reverse proxy, load balancing (10 algorithms), path routing, forwarding rules, WebSocket, gRPC, GraphQL, MCP, A2A |
| AI | 200+ providers, OpenAI-compatible API, model fallback chains, guardrails, spend tracking, semantic caching, streaming |
| Security | API key, JWT, basic auth, bearer, forward auth, digest auth, WAF, DDoS, IP filtering, CORS, CSRF, bot detection |
| Performance | Response caching, compression (gzip, brotli, zstd), hot reload, zero-downtime config updates |
| Observability | Structured logging, Prometheus metrics, OpenTelemetry tracing, event bus |
| Scripting | CEL expressions, Lua scripting, request/response transforms, template engine |
| Protocols | HTTP/1.1, HTTP/2, HTTP/3 (QUIC), WebSocket, gRPC, SSE |
- Issue Tracker - bug reports and feature requests
- Contributing Guide - how to contribute
Need managed hosting and advanced analytics? See SBproxy Cloud.
Apache 2.0. See LICENSE. A Soap Bucket LLC project.