apxy proxy
Start, stop, and monitor the APXY proxy server.
apxy start
Start the local APXY proxy
Synopsis
Start the APXY proxy server.
On macOS this command automatically:
- Generates the CA certificate (if first run)
- Trusts the CA in your system keychain (prompts for password)
- Enables system-wide HTTP/HTTPS proxy
- Intercepts HTTPS traffic and persists captured requests to traffic logs
Three-tier HTTPS handling: TUNNEL: Cert-pinned domains (—bypass-domains) are tunneled as-is. SKIP: Non-enabled domains are forwarded without MITM body capture. DEEP: Domains with SSL proxying enabled (—ssl-domains or ‘ssl enable’) are saved with full request/response bodies.
Use —ssl-domains to enable body capture for specific domains at startup. Use —mitm-all to capture bodies for ALL domains (full deep inspection). Use —bypass-domains to exclude cert-pinned apps (tunneled, no MITM). Use —no-system-proxy to skip steps 2-3 and use the proxy manually with: curl -x http://localhost:<port > …
apxy start [flags]Options
--auto-validate automatically validate traffic against imported schemas
--bypass-domains string comma-separated domains to force tunnel even with --mitm-all (e.g. '*.openai.com,*.local')
--cert-dir string certificate directory (default "/Users/tuanquanghpvn/.apxy/certs")
--control-port int control API port (default: proxy port + 1)
-h, --help help for start
--listen-addr string bind address for web UI and control API (use 0.0.0.0 for LAN access) (default "127.0.0.1")
--max-body int max body capture size in bytes (default 1048576)
--mitm-all MITM all HTTPS traffic (captures all bodies, old behavior)
--network-service string network service to configure (auto-detected if empty)
--no-mdns don't advertise proxy via mDNS/Bonjour
--no-system-proxy don't configure system proxy (use -x manually)
--port int proxy port (default 8080)
--project-dir string project directory for scoped isolation (uses .apxy/ subdir)
--ssl-domains string comma-separated domains to enable SSL proxying for (e.g. 'api.example.com,*.stripe.com')
--upstream-proxy string upstream proxy URL for chaining (e.g. http://proxy:3128)
--web-port int web UI port (default: proxy port + 2, 0 to disable) (default -1)Options inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
apxy stop
Stop the local APXY proxy and disable system proxy settings
Synopsis
Stop the running APXY proxy process by sending SIGTERM and disable any system proxy settings it configured.
apxy stop [flags]Examples
apxy stopOptions
-h, --help help for stopOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
apxy status
Show whether the local APXY proxy is running
Synopsis
Check whether the local APXY proxy is running and display its current state, including active rules and traffic stats.
Flags: —format output format: json or toon (default: json)
apxy status [flags]Examples
apxy status
apxy status --format toonOptions
--control-url string control API URL (default "http://127.0.0.1:8081")
--format string output format: json|toon (default "json")
-h, --help help for statusOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic
apxy env
Print proxy environment variables for shell sessions
Synopsis
Generate environment variables that configure terminal processes (Go, Node.js, Python, Ruby, cURL) to route traffic through the APXY proxy.
This solves the problem that many tools executed from the terminal don’t respect macOS system proxy settings. By setting HTTP_PROXY, HTTPS_PROXY, and language-specific CA trust env vars, all HTTP clients in the current session will automatically route through APXY.
Usage patterns:
Inject into current shell
eval ”$(apxy env)“
Open a new terminal with env pre-configured
apxy env —open
Save as a reusable script
apxy env —script /tmp/apxy_env.sh source /tmp/apxy_env.sh
Target a specific language
eval ”$(apxy env —lang node)“
Skip CA cert trust (proxy routing only)
eval ”$(apxy env —no-cert)”
All changes are session-scoped and do not modify system configuration.
apxy env [flags]Options
--bypass-domains string additional domains to bypass proxy (comma-separated)
--cert-dir string CA certificate directory (default "/Users/tuanquanghpvn/.apxy/certs")
-h, --help help for env
--lang string target language: all, go, node, python, ruby, curl (default "all")
--no-cert skip CA cert trust env vars (proxy routing only)
--open open a new terminal with env vars pre-configured
--port int proxy port (default 8080)
--script string write env setup script to file instead of stdoutOptions inherited from parent commands
--config string config file (default is ./configs/default.yaml)
--error-format string error output format: text|json (default "text")
--help-format string help output format: default|agent (default "default")
--output string output format: agent|human (default: auto-detect via TTY)
--verbose enable verbose outputSEE ALSO
- apxy - HTTPS proxy for capturing, inspecting, and modifying API traffic