Build a Go HTTP Proxy from Scratch: Step-by-Step Guide

This article introduces the concept of network proxies, distinguishes forward and reverse proxies, outlines common proxy protocols for each, and then focuses on HTTP and HTTPS proxy mechanisms.

HTTP Proxy Overview

An HTTP proxy is a simple forward proxy that uses the HTTP protocol between the client and the proxy server. It can handle HTTP, HTTPS, FTP, etc., with slight differences in data format.

HTTP Request Headers

When a client connects directly, the request looks like:

// Direct connection
GET / HTTP/1.1
Host: staight.github.io
Connection: keep-alive

// Through HTTP proxy
GET http://staight.github.io/ HTTP/1.1
Host: staight.github.io
Proxy-Connection: keep-alive

Key differences: the URL becomes a full absolute URL, the Connection header is renamed to Proxy-Connection, other fields stay the same.

Why use the full URL? The proxy needs the target host to forward the request.

Why replace Connection with Proxy-Connection? To maintain compatibility with older HTTP/1.0 proxy servers that do not understand keep‑alive.

HTTPS Proxy Overview

For HTTPS the client sends a CONNECT request:

CONNECT staight.github.io:443 HTTP/1.1
Host: staight.github.io:443
Proxy-Connection: keep-alive

Compared with HTTP, the method changes to CONNECT and the URL no longer includes the protocol scheme. After the tunnel is established, the proxy simply forwards encrypted TCP traffic without modifying the HTTP payload.

Go Implementation

The program creates a TCP listener on port 8080, accepts connections, parses the request line to obtain the method and target address, establishes a connection to the target server, and then relays data between client and server.

package main

import (
    "bytes"
    "fmt"
    "io"
    "log"
    "net"
    "net/url"
    "strings"
)

func main() {
    // Listen on 8080
    l, err := net.Listen("tcp", ":8080")
    if err != nil {
        log.Panic(err)
    }
    for {
        client, err := l.Accept()
        if err != nil {
            log.Panic(err)
        }
        go handle(client)
    }
}

func handle(client net.Conn) {
    if client == nil {
        return
    }
    defer client.Close()
    log.Printf("remote addr: %v
", client.RemoteAddr())

    var b [1024]byte
    n, err := client.Read(b[:])
    if err != nil {
        log.Println(err)
        return
    }

    var method, URL, address string
    fmt.Sscanf(string(b[:bytes.IndexByte(b[:], '
')]), "%s%s", &method, &URL)
    hostPortURL, err := url.Parse(URL)
    if err != nil {
        log.Println(err)
        return
    }

    if method == "CONNECT" {
        // HTTPS
        address = hostPortURL.Scheme + ":" + hostPortURL.Opaque
    } else {
        // HTTP
        address = hostPortURL.Host
        if strings.Index(hostPortURL.Host, ":") == -1 {
            address = hostPortURL.Host + ":80"
        }
    }

    server, err := net.Dial("tcp", address)
    if err != nil {
        log.Println(err)
        return
    }

    if method == "CONNECT" {
        fmt.Fprint(client, "HTTP/1.1 200 Connection established

")
    } else {
        server.Write(b[:n])
    }

    go io.Copy(server, client)
    io.Copy(client, server)
}

Running the program and configuring a browser to use localhost:8080 as the proxy demonstrates successful forwarding of both HTTP and HTTPS traffic.