A simple HTTP proxy with web GUI for blocking domains via regex patterns.
- ✅ Web GUI for easy management of blocked domains
- ✅ Regex pattern support for flexible domain filtering
- ✅ Upstream Proxy Support - Chain multiple proxies (Proxy Chaining)
- ✅ NoProxy (Direct Connections) - Bypass the upstream proxy for specific domains/IPs
- ✅ Traffic kill-switch for immediately stopping all requests
- ✅ Live traffic monitor with auto-refresh
- ✅ Tinyproxy as lightweight HTTP proxy
- ✅ Fully containerized with Docker Compose
- ✅ Ready for Dockge stack deployment
- 8888: Tinyproxy HTTP Proxy
- 8080: Web GUI
-
Extract the archive to your Dockge stacks folder:
cd /opt/dockge/stacks tar -xzf tinyproxy-manager.tar.gz cd tinyproxy-manager
-
Start the stack via Dockge Web UI or CLI:
docker-compose up -d
-
Open the Web GUI:
http://localhost:8080
- Open
http://localhost:8080 - Add domains to block (regex patterns supported)
- After changes, restart Tinyproxy:
docker-compose restart tinyproxy
Browser (Firefox):
- Settings → Network → Connection Settings
- Manual proxy configuration:
localhost:8888
Terminal:
curl -x http://localhost:8888 http://example.comEnvironment Variables:
export http_proxy=http://localhost:8888
export https_proxy=http://localhost:8888You can configure Tinyproxy to forward all requests to another proxy:
- Open
http://localhost:8080 - Scroll to "Upstream Proxy (Proxy Forwarding)"
- Enable the upstream proxy
- Enter host and port of the second proxy
- Click "Save" and restart Tinyproxy
With NoProxy you can exclude specific domains/IPs from the upstream proxy. These requests will go directly to the internet without passing through the second proxy.
Examples for NoProxy entries:
localhost- Local requests direct192.168.0.0/16- Private network direct10.0.0.0/8- Internal network direct.local- All .local domains directinternal.company.com- Specific internal domain
Use Case:
- Upstream Proxy:
corporate-proxy.example.com:3128 - NoProxy:
192.168.0.0/16,10.0.0.0/8 - Result: External requests go through the corporate proxy, internal requests (LAN) go direct
# Forward all requests through second proxy
Upstream http proxy.example.com:3128 "."
# Exceptions for direct connections
No localhost
No 192.168.0.0/16
No 10.0.0.0/8
No .local
# Block all subdomains of facebook.com
^.*facebook\.com$
# Exact match only facebook.com (no subdomains)
^facebook\.com$
# All domains with "ads" in the name
^.*\.ads\..*$
# Multiple specific domains
^.*(facebook|twitter|instagram)\.com$
Edit tinyproxy.conf for advanced settings:
- Change port
- Access restrictions (Allow/Deny)
- Logging level
- Timeout values
Change the line in tinyproxy.conf:
# Instead of:
Allow 0.0.0.0/0
# Better (local network only):
Allow 192.168.0.0/16
Allow 10.0.0.0/8
Proxy not working:
# Check logs
docker-compose logs tinyproxy
# Restart container
docker-compose restart tinyproxyGUI doesn't show domains:
# Check permissions
ls -la blocked-domains.txt
# Should be readable
chmod 644 blocked-domains.txtDomain not being blocked:
- Check regex pattern
- ALWAYS restart Tinyproxy after changes
- Test pattern in
blocked-domains.txtdirectly
tinyproxy-manager/
├── docker-compose.yml # Stack definition
├── tinyproxy.conf # Proxy configuration
├── blocked-domains.txt # Blocklist (regex)
├── gui/
│ ├── Dockerfile # GUI container build
│ ├── index.php # Web interface
│ ├── api.php # Backend API
│ └── style.css # Styling
└── README.md # This file
- Proxy runs completely on-premises
- No external cloud dependencies
- All data stays in your own network
- Filter logs in
/var/log/tinyproxy/(in container)
MIT License - Free to use for private and commercial purposes.