apxy proxy
Start, stop, and monitor the APXY proxy server.
apxy start
Start the local APXY proxy.
On macOS this command automatically:
- Generates the CA certificate (if first run)
- Trusts the CA in your system keychain (prompts for password)
- Enables system-wide HTTP/HTTPS proxy
- Intercepts HTTPS traffic and persists captured requests to traffic logs
HTTPS handling tiers
| Tier | Behavior |
|---|---|
| TUNNEL | Cert-pinned domains (--bypass-domains) are tunneled as-is |
| SKIP | Non-enabled domains are forwarded without MITM body capture |
| DEEP | Domains with SSL proxying enabled (--ssl-domains or ssl enable) are saved with full request/response bodies |
Synopsis
apxy start [flags]Examples
# Standard startup
apxy start
# Start on alternate ports
apxy start --port 9090 --control-port 9091 --web-port 9092
# Start without modifying the system proxy
apxy start --no-system-proxy
# Deep inspect specific domains from startup
apxy start --ssl-domains "api.example.com,*.stripe.com"
# Bypass cert-pinned apps
apxy start --bypass-domains "*.openai.com,*.local"
# Intercept all HTTPS traffic
apxy start --mitm-all
# Chain through a corporate proxy
apxy start --upstream-proxy "http://proxy.corp.com:3128"
# Project-scoped isolation
apxy start --project-dir ./my-projectOptions
| Flag | Type | Default | Description |
|---|---|---|---|
--auto-validate | - | false | Automatically validate traffic against imported schemas |
--bypass-domains | string | - | Comma-separated domains to force tunnel even with --mitm-all |
--cert-dir | string | ~/.apxy/certs | Certificate directory |
--control-port | int | proxy port + 1 | Control API port |
--max-body | int | 1048576 | Max body capture size in bytes |
--mitm-all | - | false | MITM all HTTPS traffic (captures all bodies) |
--network-service | string | auto-detected | Network service to configure |
--no-mdns | - | false | Don’t advertise proxy via mDNS/Bonjour |
--no-system-proxy | - | false | Don’t configure system proxy (use -x manually) |
--port | int | 8080 | Proxy port |
--project-dir | string | - | Project directory for scoped isolation (uses .apxy/ subdir) |
--ssl-domains | string | - | Comma-separated domains to enable SSL proxying for |
--upstream-proxy | string | - | Upstream proxy URL for chaining |
--web-port | int | proxy port + 2 | Web UI port (0 to disable) |
apxy stop
Stop the running APXY proxy process and disable any system proxy settings it configured.
Synopsis
apxy stop [flags]Examples
apxy stopapxy status
Check whether the local APXY proxy is running and display its current state, including active rules and traffic stats.
Synopsis
apxy status [flags]Examples
apxy status
apxy status --format toonOptions
| Flag | Type | Default | Description |
|---|---|---|---|
--format | string | json | Output format: json or toon |
--port | int | 8080 | Proxy port (for status reporting) |
apxy proxy browser
Launch a browser with proxy settings and CA certificate pre-installed. The browser uses an isolated temp profile so it won’t affect your normal browsing.
Synopsis
apxy proxy browser [url] [flags]Examples
apxy proxy browser
apxy proxy browser https://api.example.com
apxy proxy browser --browser firefox https://example.comOptions
| Flag | Type | Default | Description |
|---|---|---|---|
--browser | string | chrome | Browser to launch: chrome or firefox |
--cert-dir | string | ~/.apxy/certs | Certificate directory |
--port | int | 8080 | Proxy port |
apxy env
Generate environment variables that configure terminal processes (Go, Node.js, Python, Ruby, cURL) to route traffic through the APXY proxy.
This solves the problem that many tools executed from the terminal don’t respect macOS system proxy settings. By setting HTTP_PROXY, HTTPS_PROXY, and language-specific CA trust env vars, all HTTP clients in the current session will automatically route through APXY.
Synopsis
apxy env [flags]Examples
# Inject into current shell
eval $(apxy env)
# Open a new terminal with env pre-configured
apxy env --open
# Save as a reusable script
apxy env --script /tmp/apxy_env.sh
source /tmp/apxy_env.sh
# Target a specific language
eval $(apxy env --lang node)
# Skip CA cert trust (proxy routing only)
eval $(apxy env --no-cert)Options
| Flag | Type | Default | Description |
|---|---|---|---|
--bypass-domains | string | - | Additional domains to bypass proxy (comma-separated) |
--cert-dir | string | ~/.apxy/certs | CA certificate directory |
--lang | string | all | Target language: all, go, node, python, ruby, curl |
--no-cert | - | false | Skip CA cert trust env vars (proxy routing only) |
--open | - | false | Open a new terminal with env vars pre-configured |
--port | int | 8080 | Proxy port |
--script | string | - | Write env setup script to file instead of stdout |
Inherited Options
| Flag | Type | Default | Description |
|---|---|---|---|
--config | string | ./configs/default.yaml | Config file path |
--error-format | string | text | Error output format: text or json |
--help-format | string | default | Help output format: default or agent |
--verbose | - | false | Enable verbose output |
Last updated on