Simplify your traffic layer. One gateway for every protocol and provider.
Install · Docs · Examples · Community · Cloud
- One config file replaces your reverse proxy, AI gateway, and a dozen middleware scripts.
- Add AI capabilities to any existing API without changing your backend.
- Ship secure by default with authentication, rate limiting, and caching already built in.
- Reload configuration without dropping a single connection.
# Homebrew
brew tap soapbucket/sbproxy && brew install sbproxy
# Docker
docker pull ghcr.io/soapbucket/sbproxy:latest
# Script
curl -fsSL https://download.sbproxy.dev | shCreate sb.yml and run:
proxy:
http_bind_port: 8080
origins:
"api.example.com":
action:
type: proxy
url: https://httpbin.orgsbproxy serve -f sb.yml
curl -H "Host: api.example.com" http://localhost:8080/getThat's a reverse proxy. Now add AI routing, auth, and rate limiting in the same file:
proxy:
http_bind_port: 8080
origins:
"ai.example.com":
action:
type: ai_proxy
providers:
- name: openai
api_key: ${OPENAI_API_KEY}
- name: anthropic
api_key: ${ANTHROPIC_API_KEY}
routing:
strategy: fallback_chain
authentication:
type: api_key
api_keys: [my-key]
policies:
- type: rate_limiting
requests_per_minute: 60One config file. Every protocol. Every provider.
See examples/ for 17 production-ready configurations.
Reverse proxy - Route HTTP, WebSocket, gRPC, and GraphQL traffic with path-based forwarding, load balancing, and automatic failover.
AI gateway - Route requests across 200+ LLM providers with a single OpenAI-compatible API. Fallback chains, guardrails, spend tracking, and semantic caching.
API security layer - Protect any backend with authentication, WAF, rate limiting, DDoS protection, and bot detection. No code changes required.
Protocol bridge - Connect HTTP/1.1, HTTP/2, HTTP/3, WebSocket, gRPC, SSE, MCP, and A2A through one unified gateway.
| Area | Capabilities |
|---|---|
| Traffic | Reverse proxy, load balancing (10 algorithms), path routing, forwarding rules, WebSocket, gRPC, GraphQL, MCP, A2A |
| AI | 200+ providers, OpenAI-compatible API, model fallback chains, guardrails, spend tracking, semantic caching, streaming |
| Security | API key, JWT, basic auth, bearer, forward auth, digest auth, WAF, DDoS, IP filtering, CORS, CSRF, bot detection |
| Performance | Response caching, compression (gzip, brotli, zstd), hot reload, zero-downtime config updates |
| Observability | Structured logging, Prometheus metrics, OpenTelemetry tracing, event bus |
| Scripting | CEL expressions, Lua scripting, request/response transforms, template engine |
| Protocols | HTTP/1.1, HTTP/2, HTTP/3 (QUIC), WebSocket, gRPC, SSE |
- GitHub Discussions - questions and ideas
- Issue Tracker - bug reports and feature requests
- Contributing Guide - how to contribute
Need managed hosting and advanced analytics? See SBproxy Cloud.
Apache 2.0. See LICENSE. A Soap Bucket LLC project.