TON Proxy
TON Proxy is an HTTP-to-ADNL bridge that allows ordinary web browsers to access TON Sites. It is implemented by the rldp-http-proxy binary, which operates as a forward proxy for clients and as a reverse proxy for servers hosting TON Sites.
How TON Proxy works
Section titled “How TON Proxy works”rldp-http-proxy runs locally and listens for HTTP requests from a web browser. When a request arrives for a .ton domain, the proxy resolves it via TON DNS to an ADNL address, then forwards the HTTP request over RLDP to the target TON Site.
By default, the forward proxy only intercepts requests for .ton, .adnl, and .bag hostnames; all other requests pass through unchanged. Setting -P YES makes the proxy intercept all HTTP requests regardless of suffix. In this mode the proxy acts as a general HTTP proxy for all destinations; route only trusted traffic through it, as every unencrypted HTTP request becomes visible to the proxy process.
RLDP is a datagram protocol layered over UDP; round-trip latency is higher than TCP for small requests but throughput scales well for large transfers such as static assets.
The proxy supports two modes of operation. In forward proxy mode, it sits between a local browser and the TON network, translating outbound HTTP requests into ADNL connections. In reverse proxy mode, it accepts inbound ADNL connections and forwards HTTP requests to a local web server, enabling TON Site hosting. Setup instructions for each mode are linked in Related components.
Security and privacy
Section titled “Security and privacy”All traffic between the proxy and the TON Site is encrypted at the ADNL layer. The server is authenticated by its ADNL address, derived from its public key.
The server IP is published to the TON DHT for ADNL routing but is not exposed at the HTTP layer. The proxy does not forward client network information to the upstream web server.
For stronger sender privacy, route proxy traffic through ADNL tunnels. Tunnels add layered encryption so that no single relay learns both the client address and the destination.
Related components
Section titled “Related components”- How to set up a forward proxy: browse TON Sites from a conventional browser.
- How to set up a reverse proxy: host a TON Site behind an ADNL reverse proxy.
- TON Proxy reference: CLI flags, response headers, and tunnel client fields.
- TON Sites: web services accessible through TON Proxy.
- TON DNS: resolves
.tondomain names to ADNL addresses for request routing. - Tunnel node: garlic-routed ADNL tunnels for private relay operation.