Docker Container

This installation guide provides step-by-step instructions for deploying Qpoint Proxy using Docker, enabling you to quickly set up a powerful and customizable egress proxy for controlling outbound traffic.


  • Docker: Ensure Docker is installed on your host machine. For installation instructions, refer to the Docker official documentation.

  • Configuration Files: Prepare your proxy-config.yaml and any optional WebAssembly (WASM) middelware modules.

Docker Installation

Prepare Configuration Files

Place your proxy-config.yaml and any desired WASM files in a known directory. This directory will be mounted into the Docker container below.

Download the Docker Image:

docker pull

Run the Docker Container

Running Without Local WASM Middleware

If you don't require custom middleware, or the WASM middleware is hosted somewhere that's reachable by the docker container, you can omit the volume mount for the WASM file:

docker run \
    -p 10080:10080 \
    -p 10443:10443 \
    -p 18080:18080 \
    -p 18443:18443 \
    -v ./proxy-config.yaml:/app/proxy-config.yaml \ \
    proxy \
    --qpoint-config ./proxy-config.yaml

In this configuration, the proxy will run with the settings defined in proxy-config.yaml.

Running With Local WASM Middleware

For scenarios where middleware is needed, include the WASM file mount and ensure your configuration file references the correct WASM module path:

docker run \
    -p 10080:10080 \
    -p 10443:10443 \
    -p 18080:18080 \
    -p 18443:18443 \
    -v ./proxy-config.yaml:/app/proxy-config.yaml \
    -v ./wasm/http_duration.wasm:/app/wasm/http_duration.wasm \ \
    proxy \
    --log-level=info \
    --qpoint-config ./proxy-config.yaml


To see the available options and flags, run:

docker run proxy --help

Below is a comprehensive list of flags and options available for the Qpoint Proxy:

  • --[no-]access-log: Enable access logs ($ACCESS_LOG)

  • --[no-]help: Show context-sensitive help (also try --help-long and --help-man).

  • --data-dir="/tmp/qpoint": Directory to store state. (Environment Variable: $DATA_DIR)

  • --tags=TAGS: Tags to auto-attach to metrics. (Environment Variable: $TAGS)

  • --middleware-egress-listen=":11001": IPfor middleware egress traffic. (Environment Variable: $MIDDLEWARE_EGRESS_LISTEN)

  • --qpoint-config=QPOINT-CONFIG: Configuration file path. (Environment Variable: $QPOINT_CONFIG)

  • --envoy-config-root=".": Root directory to generate dynamic envoy configurations. (Environment Variable: $ENVOY_CONFIG_ROOT)

  • --dns-lookup-family=V4_ONLY: DNS lookup family. (Environment Variable: $DNS_LOOKUP_FAMILY)

  • --transparent-tcp-forward-ports="18080:80,18443:443": <IP:>LISTEN_PORT:DESTINATION_PORT,<IP:>LISTEN_PORT:DESTINATION_PORT (comma separated) for transparent TCP listening and destination forwarding. (Environment Variable: $TRANSPARENT_TCP_FORWARD_PORTS)

  • --middleware-tcp-forward-ports="10080:80,10443:443": <IP:>LISTEN_PORT:DESTINATION_PORT,<IP:>LISTEN_PORT:DESTINATION_PORT (comma separated) for middleware TCP listening and destination forwarding. (Environment Variable: $MIDDLEWARE_TCP_FORWARD_PORTS)

  • --unknown-endpoint-cache-size=1000: Cache size for unknown endpoints. (Environment Variable: $UNKNOWN_ENDPOINT_CACHE_SIZE)

  • --registration-endpoint="": Registration endpoint. (Environment Variable: $REGISTRATION_ENDPOINT)

  • --registration-token=REGISTRATION-TOKEN: Registration token. (Environment Variable: $REGISTRATION_TOKEN)

  • --log-level=error: Log level. (Environment Variable: $LOG_LEVEL)

  • --log-encoding=json: Log encoding. (Environment Variable: $LOG_ENCODING)

  • --[no-]log-caller: Log caller. (Environment Variable: $LOG_CALLER)

  • --envoy-log-level=error: Envoy log level. (Environment Variable: $ENVOY_LOG_LEVEL)

  • --status-listen="": IPof status server to listen on. (Environment Variable: $STATUS_LISTEN)

  • --default-tcp-listen-address="": Default TCP IP address to listen on. (Environment Variable: $DEFAULT_TCP_LISTEN_ADDRESS)

Last updated