UPDATE: Add '-no-sys' flag to skip certificate installation and system proxy setup; update README with usage examples; increment release version to 1.2-02

README.md

@@ -41,6 +41,7 @@ go build
 - `-b`: Comma-separated list of blocked ports
 - `-p`: Proxy listen port (default: auto)
 - `-e`: Path to an executable to run with admin privileges
+- `-no-sys`: Run only the proxy server; skip certificate installation, system proxy setup, and macOS/Linux admin relaunch
 
 ### Examples
 
@@ -76,6 +77,12 @@ go build
 
    On macOS/Linux, if the proxy is not already running as root, it relaunches with an administrator prompt. On Linux, logs from the elevated process are written to `/tmp/firefly-go-proxy.log`; on macOS, elevated process output is discarded.
 
+6. Start only the proxy server without changing system settings:
+   ```bash
+   ./firefly-proxy -no-sys -p 8888 //linux|macos
+   ./firefly-proxy.exe -no-sys -p 8888 //windows
+   ```
+
 ## How it works
 
 The proxy intercepts HTTP/HTTPS traffic and can:

cert.go

@@ -10,7 +10,11 @@ import (
 
 const caCertName = "firefly-go-proxy-ca.crt"
 
-func setupCertificate() (*tls.Certificate, error) {
+func setupCertificate(installSystemCA bool) (*tls.Certificate, error) {
+	if !installSystemCA {
+		return &goproxy.GoproxyCa, nil
+	}
+
 	if _, err := os.Stat(caCertName); os.IsNotExist(err) {
 		if err := os.WriteFile(caCertName, goproxy.GoproxyCa.Certificate[0], 0644); err != nil {
 			return nil, err

main.go

@@ -38,8 +38,10 @@ func main() {
 	proxyPort := flag.Int("p", 0, "proxy listen port (default: auto)")
 	exePath := flag.String("e", "", "path to the executable")
 	parentPID := flag.Int("parent-pid", 0, "parent process id to watch")
+	noSys := flag.Bool("no-sys", false, "skip certificate installation and system proxy setup")
 	flag.Parse()
 
+	if !*noSys {
 		relaunched, err := relaunchWithAdminIfNeeded()
 		if err != nil {
 			zlog.Error().Err(err).Msg("Failed to relaunch with admin privileges")
@@ -49,6 +51,7 @@ func main() {
 			zlog.Info().Msg("Relaunched with admin privileges")
 			return
 		}
+	}
 
 	blockedPorts := parseBlockedPorts(*blockedStr)
 	port := ""
@@ -66,7 +69,7 @@ func main() {
 		return
 	}
 
-	cert, err := setupCertificate()
+	cert, err := setupCertificate(!*noSys)
 	if err != nil {
 		zlog.Error().Err(err).Msg("Failed setup certificate")
 		return
@@ -74,29 +77,30 @@ func main() {
 	addr := ":" + port
 	proxyAddr := "127.0.0.1"
 	proxyEndpoint := proxyAddr + ":" + port
-	proxyEnabled := false
-	stopProxyRefresh := func() {}
 
 	defer func() {
-		stopProxyRefresh()
 		if r := recover(); r != nil {
 			zlog.Error().
 				Interface("panic", r).
 				Msg("Unexpected panic")
 		}
-		if proxyEnabled {
-			if err := setProxy(false, "", ""); err != nil {
-				zlog.Error().Err(err).Msg("Failed to reset system proxy")
-			}
-		}
 	}()
 
+	if !*noSys {
 		if err := setProxy(true, proxyAddr, port); err != nil {
 			zlog.Error().Err(err).Msg("Failed to set system proxy")
 			return
 		}
-	proxyEnabled = true
+		stopProxyRefresh := startProxyRefreshLoop(proxyAddr, port)
-	stopProxyRefresh = startProxyRefreshLoop(proxyAddr, port)
+		defer func() {
+			stopProxyRefresh()
+			if err := setProxy(false, "", ""); err != nil {
+				zlog.Error().Err(err).Msg("Failed to reset system proxy")
+			}
+		}()
+	} else {
+		zlog.Info().Msg("System certificate and proxy setup skipped")
+	}
 
 	customCaMitm := &goproxy.ConnectAction{Action: goproxy.ConnectMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}
 	var customAlwaysMitm goproxy.FuncHttpsHandler = func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {

script/release.json

@@ -1,5 +1,5 @@
 {
-    "tag": "1.2-01",
+    "tag": "1.2-02",
-    "title": "PreBuild Version 1.2 - 01"
+    "title": "PreBuild Version 1.2 - 02"
 }