AutoGate is a Docker-based rotating proxy gateway that aggregates multiple outbound paths—VPN (OpenVPN via VPNGate), Cloudflare WARP, and public HTTP/HTTPS proxies—and exposes them through a single HAProxy entry point with automatic rotation.
It is intended for authorized security research, penetration testing, security product evaluation, SEO tooling validation, deployment testing, and controlled system access in environments where you have explicit permission to test.
Important: Use AutoGate only on systems and networks you own or are explicitly authorized to test. Unauthorized access is illegal.
- Rotating proxy pool — HAProxy round-robin across 20+ OpenVPN-backed tinyproxy instances, WARP, and ProxyBroker2
- Automatic VPN config refresh — Downloads OpenVPN profiles from VPNGate on a schedule
- Connection rotation — Watchdog reconnects VPN and proxy per container on a configurable interval (
ROTATING_DELAY) - Multiple egress paths — Combine VPN, WARP, and scraped public proxies for diverse IP/geo testing
- Stats dashboard — HAProxy stats UI for backend health monitoring
- Containerized — Single
docker-composestack, reproducible deployments
| Area | How AutoGate helps |
|---|---|
| Penetration testing | Route traffic through varied egress IPs to test geo/IP-based controls, rate limits, and WAF rules |
| Security solution testing | Validate SIEM, firewall, proxy, and DLP behavior against rotating outbound sources |
| SEO & web tooling | Test crawlers, rank checkers, and geo-targeted content from different network perspectives (with permission) |
| Deployments & access | Smoke-test applications behind proxies, verify remote access paths, and validate multi-region behavior |
┌─────────────────────────────────────┐
│ HAProxy (haproxy) │
│ :9999 rotating HTTP proxy (frontend)│
│ :10000 stats UI │
└──────────────┬──────────────────────┘
│ round-robin
┌─────────────────────────┼─────────────────────────┐
▼ ▼ ▼
┌───────────┐ ┌────────────┐ ┌──────────────┐
│ WARP │ │ ProxyBroker│ │ ovpn_proxy │
│ :1080 │ │ proxy001 │ │ 00 … 19 │
└───────────┘ │ :8888 │ │ OpenVPN + │
└────────────┘ │ tinyproxy │
│ :8080 each │
└──────┬───────┘
│
vpngate.py (master) ──► /ovpn/*.ovpn ◄─┘
(refreshes configs every 30 min)
| Service | Role |
|---|---|
haproxy |
Front door; balances traffic across all backends |
warp |
Cloudflare WARP SOCKS proxy |
proxy001 |
ProxyBroker2 — discovers and serves high-anonymity HTTP/HTTPS proxies |
ovpn_proxy_00 … ovpn_proxy_19 |
OpenVPN client + tinyproxy; rotates VPN endpoint on watchdog schedule |
restarter |
Periodically restarts proxy001 to refresh the proxy pool |
- Docker and Docker Compose
- Linux host with
/dev/net/tunavailable (required for OpenVPN) - Sufficient RAM/CPU for ~25 containers (adjust replica count in
docker-compose.ymlif needed) - Legal authorization for all testing activities
-
Clone the repository:
git clone https://github.com/TinyActive/AutoGate cd AutoGate -
Create the shared OpenVPN config directory:
mkdir -p ovpn data
-
Build and start the stack:
docker-compose up --build --force-recreate -d
-
Wait for VPN configs to download (first run may take ~30 seconds before
ovpn/is populated). -
Use the rotating proxy:
curl -x http://127.0.0.1:56789 http://ifconfig.me
| Host port | Container | Description |
|---|---|---|
56789 |
haproxy:9999 |
Rotating HTTP proxy (use with -x http://host:56789) |
2086 |
haproxy:10000 |
HAProxy stats UI (http://host:2086/) |
Internal services use the 172.21.0.0/24 custom network defined in docker-compose.yml.
Set ROTATING_DELAY (seconds) on ovpn slave containers via Dockerfile / compose environment:
ENV ROTATING_DELAY=60The watchdog kills and reconnects OpenVPN + tinyproxy on this interval.
proxy/vpngate.py fetches VPNGate CSV data and writes .ovpn files to ./ovpn. It runs every 30 minutes from proxy/run.sh.
Duplicate or remove ovpn_proxy_XX service blocks in docker-compose.yml and add matching server vpnXX entries in proxy/haproxy.cfg.
Optional WARP_LICENSE_KEY can be set on the warp service. See caomingjun/warp for details.
AutoGate/
├── docker-compose.yml # Full stack definition
├── Dockerfile # OpenVPN + tinyproxy slave image
├── HaproxyDockerfile # HAProxy + vpngate fetcher
├── proxy/
│ ├── haproxy.cfg # Load balancer config
│ ├── vpngate.py # VPNGate OpenVPN config downloader
│ └── run.sh # HAProxy + periodic vpngate refresh
├── slave/
│ ├── run.sh # Slave entrypoint
│ ├── ovpn.sh # Random OpenVPN connect
│ ├── tinyproxy.sh # HTTP proxy bound to tun0
│ ├── watchdog.sh # Periodic VPN/proxy rotation
│ └── tinyproxy.conf # Tinyproxy settings
├── ovpn/ # Shared OpenVPN configs (created at runtime)
└── data/ # WARP persistent data
- Empty
ovpn/folder — Ensure thehaproxycontainer can reachwww.vpngate.net. Check logs:docker logs haproxy. - Proxy returns errors — Inspect HAProxy stats at
http://localhost:2086/for backendDOWNstates. - OpenVPN fails — VPNGate endpoints are public and ephemeral; rotation will try another config on the next watchdog cycle.
- High resource usage — Reduce the number of
ovpn_proxy_*services in compose.
AutoGate integrates with external and third-party components, including:
- VPNGate — public VPN relay list (subject to their terms)
- Cloudflare WARP — optional egress path
- ProxyBroker2 — public proxy discovery
- OpenVPN, HAProxy, tinyproxy — open-source software
You are responsible for complying with the terms of all upstream services and applicable laws.
AutoGate is provided as-is for legitimate, authorized testing and education. The authors and contributors do not endorse or accept responsibility for misuse, including but not limited to unauthorized access, fraud, spam, evasion of lawful controls, or any activity that violates Vietnamese law or applicable international law.
Always obtain written permission before testing systems you do not own.
This project is released under a Non-Commercial Educational License. See LICENSE for full terms.
Commercial use, monetization, or integration into paid products/services requires prior written authorization from the copyright holder.