HTTP and SSH, from any device, with tamper-proof egress.
Every container is reachable from a browser, from the terminal, from a file manager on a locked-down laptop. Outbound traffic routes through a host-level policy the container cannot bypass.
SSH · SFTP · sshfs · WebDAV · HTTPS · host-level egress policy
The IP your app sees is the IP that connected.
Hoody Proxy preserves the original client IP at the socket level via custom netfilter hooks in the host kernel. Any language, any framework, any legacy script — they all see the actual remote address with zero modification.
req.socket.remoteAddressrequest.remote_addr$_SERVER['REMOTE_ADDR']r.RemoteAddr-s 203.0.113.0/24No X-Forwarded-For parsing. No trust-proxy middleware. The kernel delivers the real IP to every application socket before your code runs.
Four ways to see a container's filesystem.
Every developer's preferred file-access paradigm just works. Same auth, same routing — different protocols for different contexts.
SFTP
SSH-based file transfer. FileZilla, Cyberduck, WinSCP, CLI sftp. The enterprise-approved protocol every IT team already allows.
sshfs
Local mount on macOS / Linux. The container filesystem shows up in /mnt/container/* — your IDE, your grep, your build tools just open files.
WebDAV
Pure HTTP. Traverses corporate firewalls. macOS Finder, Windows Explorer, and every major Linux file manager mount it as a network drive with no plugin.
HTTPS (Hoody Files)
REST API for scripted file ops. GET / PUT / list / search / encrypt on top of 60+ cloud backends — see /kit/files for the runtime.
Routing is declarative and host-enforced.
Set the egress mode with one API call. Every process in the container — Node, Python, Go, curl, npm install, git push — routes through it automatically. No HTTP_PROXY env vars, no application config. A container cannot see or bypass its own egress policy.
Direct
No egress override — container goes out through host network.
SOCKS5
All TCP routes through the SOCKS5 proxy. Auth supported. Host-level — every process routes the same way.
HTTP proxy
Traditional HTTP proxy, same enforcement layer. Useful for corporate compliance.
HTTPS proxy
TLS-wrapped HTTP proxy for sensitive corporate networks.
Block
No outbound TCP. Container still reachable via Hoody Proxy URLs. The strongest AI-sandbox mode.
— The enforcement layer is the host kernel, not a library inside the container. A compromised dependency cannot unset the policy.
Packet-level rules, managed via API.
Ingress and egress rules run at the host, applied before a packet enters the container or leaves it. First-match evaluation, action allow / reject / drop, protocol filter for TCP / UDP / ICMPv4. CIDR ranges, port lists, port ranges.
{
"action": "allow",
"protocol": "tcp",
"destination_port": "22",
"source": "203.0.113.0/24"
}— Rules are managed via the Control Plane — see /platform/control-plane for POST /firewall/ingress and related endpoints.
Pick an exit country. Or a VPN provider. Or both.
The network config accepts country / city / region parameters for geo-routed SOCKS5 exits, and integrates with Mullvad, iVPN, AirVPN, and arbitrary WireGuard profiles. Build geo-aware test rigs or privacy-hardened workloads without touching the application code.
Geographic exit selection
country, city, region fields on the network config. Spin up three containers in three regions simultaneously — each presents a different egress IP to external APIs.
Commercial VPN integrations
Mullvad, iVPN, AirVPN supported as first-class providers. Provide credentials once; the host routes the container through the VPN.
WireGuard / custom profiles
Bring your own VPN config. The host handles the interface; your container sees a normal network.
Custom DNS (up to 4 servers)
Override DNS per container. Defaults to 1.1.1.1 + 8.8.8.8. Useful for split-horizon DNS or private zones.
Turn a container into an HTTP-native VPN.
Traditional VPN setups need client software on every device. A gateway container lets you reach internal services from any browser — no VPN client, no enrollment, no MDM policies. The gateway runs as a normal container with MITM scripts that inspect, modify, and forward requests.
Zero client installation
Every device with a browser can reach a URL — that's the whole install story.
Access via URLs, not tunnels
Works from corporate laptops, phones, tablets, locked-down kiosks — anywhere a browser can make an HTTPS request.
MITM-capable by default
Inspect traffic, add auth layers, rewrite requests. The gateway is a container; you control everything it does.
Replace without client-side change
Destroy the gateway container and spawn a new one. Clients just keep opening the URL — no software updates, no pushed configs.
Dedicated IPv4 — on the roadmap.
Current containers share egress IPs through the host. Dedicated IPv4 address assignment is documented as coming soon. For use cases that require a stable outbound IP today, configure a SOCKS5 proxy pointing at your own dedicated-IP infrastructure.
Today: SOCKS5 proxy via network config pointing at a dedicated-IP VPS or commercial exit. Tomorrow: native dedicated-IP assignment.
Reach anything. Let nothing unexpected out.
Spin up a container, drop an SSH key, set an egress mode. You now have the strongest default on any platform — open where you choose, closed where you don't.
See also — /platform/proxy for the URL grammar, /platform/control-plane for firewall + network APIs, /methods/data-state for storage mounts.