A huge thank you to Cozy Critters Society and Snow for being our first donors! Their support means the world to us. Check out their nonprofit here: Cozy Critters Society.
“The team at Cozy Critters Society is happy to support the development of NetGoat in hopes that we can help them succeed in making their self-hostable Cloudflare alternative.”
NetGoat is a blazing-fast, self-hostable reverse proxy and traffic manager designed for developers, homelabbers, and teams who want Cloudflare-like features without the cost.
Key Features:
- Zero Trust Networking – secure your services without hassle.
- DDoS Protection – keep your traffic safe from attacks.
- SSL Termination – handle certificates automatically.
- Rate Limiting – control traffic and prevent abuse.
- WebSocket Support – real-time apps? No problem.
Built with modern tools for maximum performance and developer experience:
- Bun for super-fast runtime.
- Next.js for robust front-end.
- Fastify for high-performance backend.
- TailwindCSS for sleek, responsive UI.
NetGoat gives you full control over your traffic, security, and performance—all self-hosted.
Built for HackClub Summer of Making
Join our discord for support, annoucements, updates & bugs!! Click Me To Join!
NetGoat is an advanced reverse proxy engine designed to act as an additional layer on top of Cloudflare — enabling premium-grade features, zero-cost scaling, and maximum control for power users and homelabbers.
Say cheese!
- Anti-DDoS & WAF — Filters like a hawk. Blocks malicious requests, bots, and common exploits.
- Rate Limiting & Request Queuing — Your API won’t get nuked.
- Auto SSL & TLS Termination — Free SSL with auto-renew.
- Load Balancing & Failover — Multinode routing with zero-downtime.
- Real-Time Metrics Dashboard — Monitor traffic, bandwidth, errors, and hits.
- Dynamic Rules Engine — Write custom rules in JS/TS to handle routing, caching, filtering, etc.
- WebSocket & HTTP/2 Ready — Handles modern protocols like a beast.
- Per-Domain Configs — Define behavior per site with regex/wildcard support.
- Plugin System — Extend NetGoat with custom plugins or middlewares.
- Cloudflare Zero Trust Support — Acts as a trusted upstream in Zero Trust setups.
- Smart Caching Layer — Custom cache policies per route, endpoint, or asset.
- DNS Searching — Automatically scans your domains to automatically create a suitable Proxy record
- Cloudflare — Manage cloudflare tunnels and more with our UI
- Bandwidth Limits — Limit or throttle specific domains or proxy's
We recommend datalix for cheap and highly avaliable vps'ses
https://docs.netgoat.xyz (not published yet)
Prefer systemd over PM2? You can automate unit creation with the included script.
Automated one-liner (installs units for core, LogDB, CTM and Frontend):
Note: requires Bun installed and root privileges.
curl -fsSL https://raw.githubusercontent.com/cloudable-dev/NetGoat/main/scripts/install-systemd.sh | sudo bash -s -- --root-dir /opt/netgoat
Or run locally from the repo:
sudo bash scripts/install-systemd.sh --root-dir "$(pwd)" --build-frontend
Useful flags:
- --user / --group : system user/group to run services (default: netgoat)
- --no-netgoat, --no-logdb, --no-ctm, --no-frontend: skip specific services
- --include-docs: also install the docs site service from ./docs
- --dev-frontend / --dev-docs: run Next.js in dev mode instead of prod
- --build-frontend / --build-docs: run bun run build before creating units
- --no-start: write units but do not enable/start them
Services created:
- netgoat.service (root)
- netgoat-logdb.service (./LogDB)
- netgoat-ctm.service (./CentralMonServer)
- netgoat-frontend.service (./reactbased)
- netgoat-docs.service (./docs, optional)
Ports to allow (typical): 80, 443, 1933, 3000, 3010, 2222.
-
TailwindCSS - Github - MIT License
