A privacy-focused front-end to Reddit, with its origins in Libreddit.
This repository is open-proofline/redlib, a Proofline-operated fork of
upstream Redlib for a best-effort public
community service. Upstream Redlib remains the source of truth for core Redlib
behavior. Proofline-specific changes in this fork should stay small,
transparent, and separate from changes that could be contributed upstream.
This fork is separate from Proofline safety, evidence, account, mobile, and protocol systems. It does not provide emergency reliability, account-portal features, recording or capture workflows, trusted-contact decryption, key escrow, notifications, billing, or Proofline protocol behavior. Privacy language in this README describes proxying and application behavior; it is not an anonymity claim.
10-second pitch: Redlib is a privacy-focused front-end like Invidious but for Reddit. Browse the coldest takes of r/unpopularopinion with less direct browser exposure to Reddit.
- 🚀 Fast: written in Rust for blazing-fast speeds and memory safety
- ☁️ Light: no ads, no behavioral tracking, and no third-party or tracking JavaScript
- 🕵 Proxying: Reddit API and media requests are handled through the Redlib server where supported
- 🔒 Browser controls: a Content Security Policy restricts browser-initiated network access
This fork follows upstream Redlib for browsing behavior, templates, route
semantics, and Reddit-facing behavior unless a local fork delta is called out
explicitly. The fork-specific surface is limited to repository governance,
Proofline community-service wording, CI and image publishing policy, and
packaging examples for ghcr.io/open-proofline/redlib.
Use upstream Redlib resources for generic Redlib issues, feature behavior, and source history. Use this fork's repository and GHCR package when you specifically need the Proofline-operated fork source or container image.
Fork image tags use upstream-<version> to identify the Redlib package version
from Cargo.toml. That tag is not a separate Proofline product release.
Tip
🔗 Want to automatically redirect Reddit links to Redlib? Use LibRedirect or Privacy Redirect!
An up-to-date table of instances is available in Markdown and machine-readable JSON.
Both files are part of the redlib-instances repository. To contribute your self-hosted instance to the list, see the redlib-instances README.
For information on instance uptime, see the Uptime Robot status page.
Note
Upstream Redlib resources: 💬 Matrix, 
GitHub, and 🦊 GitLab. Proofline fork resources: GitHub and 🐋 GHCR.
Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat. Redlib was inspired by other alternative front-ends to popular services such as Invidious for YouTube, Nitter for Twitter, and Bibliogram for Instagram.
Redlib currently implements most of Reddit's (signed-out) functionalities but still lacks a few features.
- Rust - Programming language
- Hyper - HTTP server and client
- Askama - Templating engine
- wreq - HTTP client with BoringSSL support
Teddit is another awesome open source project designed to provide an alternative frontend to Reddit. There is no connection between the two, and you're welcome to use whichever one you favor. Competition fosters innovation and Teddit's release has motivated me to build Redlib into an even more polished product.
If you are looking to compare, the biggest differences I have noticed are:
- Redlib is themed around Reddit's redesign whereas Teddit appears to stick much closer to Reddit's old design. This may suit some users better as design is always subjective.
- Redlib is written in Rust for speed and memory safety. It uses Hyper, a speedy and lightweight HTTP server/client implementation.
While originating as a fork of Libreddit, the name "Redlib" was adopted to avoid legal issues, as Reddit only allows the use of their name if structured as "XYZ For Reddit".
Several technical improvements have also been made, including:
- OAuth token spoofing: To circumvent rate limits imposed by Reddit, OAuth token spoofing is used to mimic the most common iOS and Android clients. While spoofing both iOS and Android clients was explored, only the Android client was chosen due to content restrictions when using an unauthenticated iOS client.
- Token refreshing: The authentication token is refreshed every 24 hours, emulating the behavior of the official Android app.
- HTTP header mimicking: Efforts are made to send along as many of the official app's headers as possible to reduce the likelihood of Reddit's crackdown on Redlib's requests.
This section outlines how Redlib compares to Reddit in terms of speed and privacy.
Last tested on January 12, 2024.
Results from Google PageSpeed Insights (Redlib Report, Reddit Report).
| Performance metric | Redlib | |
|---|---|---|
| Speed Index | 0.6s | 1.9s |
| Performance Score | 100% | 64% |
| Time to Interactive | 2.8s | 12.4s |
Logging: According to Reddit's privacy policy, they "may [automatically] log information" including:
- IP address
- User-agent string
- Browser type
- Operating system
- Referral URLs
- Device information (e.g., device IDs)
- Device settings
- Pages visited
- Links clicked
- The requested URL
- Search terms
Location: The same privacy policy goes on to describe that location data may be collected through the use of:
- GPS (consensual)
- Bluetooth (consensual)
- Content associated with a location (consensual)
- Your IP Address
Cookies: Reddit's cookie notice documents the array of cookies used by Reddit including/regarding:
- Authentication
- Functionality
- Analytics and Performance
- Advertising
- Third-Party Cookies
- Third-Party Site
For transparency, this section describes how Redlib handles browser requests, upstream requests, caching, logging, and cookies. It does not mean Redlib makes users anonymous.
-
Request forwarding: Redlib fetches Reddit API responses and proxied media server-side. For proxied content, Reddit and related media hosts receive requests from the Redlib instance rather than a direct browser request. The instance operator, network provider, reverse proxy, DNS provider, and upstream services may still see traffic metadata or request details depending on the deployment.
-
Caching: Redlib uses in-memory caches for some upstream responses and sends cache headers for static assets. Caching improves performance, but it is not a privacy boundary.
-
Logging: Redlib does not add HTTP access logging by default. It does initialize runtime logging and may emit startup, rate-limit, upstream request, upstream error, and server error messages depending on build and runtime logging configuration. Reverse proxies, container runtimes, hosting platforms, or network providers may keep their own logs. Operators should treat raw logs as sensitive and avoid publishing them.
-
Cookies: Redlib uses optional first-party cookies to store settings, subscriptions, filters, and related preferences configured through the settings UI. These are not cross-site cookies.
This section covers common ways to run Redlib. The maintained container image
for this fork is ghcr.io/open-proofline/redlib, built from the root
Dockerfile. Other runtime examples are convenience notes and should be reviewed
against upstream Redlib and your own deployment requirements before use.
For configuration options, see the Configuration section.
Docker lets you run containerized applications. Containers are loosely isolated environments that are lightweight and contain everything needed to run the application, so there's no need to rely on what's installed on the host.
Container images for this Proofline-operated fork are published at ghcr.io/open-proofline/redlib from main and maintainer-triggered manual publishes. This is a best-effort public community-service fork and is separate from Proofline safety, evidence, account, and protocol infrastructure.
Available fork image tags include:
latestandmainfrom the currentmainbranch image.sha-<commit>for a specific fork commit.upstream-<version>, where<version>is the Redlib package version fromCargo.toml.
The upstream-<version> tag identifies the upstream Redlib base version and is updated as this fork imports newer upstream Redlib releases. It is not a Proofline Redlib release tag.
Deploy Redlib:
docker pull ghcr.io/open-proofline/redlib:latest
docker run -d --name redlib -p 8080:8080 ghcr.io/open-proofline/redlib:latestDeploy using a different port on the host (in this case, port 80):
docker pull ghcr.io/open-proofline/redlib:main
docker run -d --name redlib -p 80:8080 ghcr.io/open-proofline/redlib:mainIf you're using a reverse proxy in front of Redlib, prefix the port numbers with 127.0.0.1 so that Redlib only listens on the host port locally. For example, if the host port for Redlib is 8080, specify 127.0.0.1:8080:8080.
Stream logs from the Redlib container:
docker logs -f redlibPodman lets you run containerized applications in a rootless fashion. Containers are loosely isolated environments that are lightweight and contain everything needed to run the application, so there's no need to rely on what's installed on the host.
Container images for this Proofline-operated fork are published at ghcr.io/open-proofline/redlib from main and maintainer-triggered manual publishes.
Important
These instructions assume that you are on a systemd based distro with podman. If not, follow these instructions on podman's website for how to do so.
It also assumes you have used loginctl enable-linger <username> to enable the service to start for your user without logging in.
Copy the redlib.container and .env.example files to .config/containers/systemd/ and modify any relevant values (for example, the ports Redlib should listen on, renaming the .env file and editing its values, etc.).
To start Redlib either reboot or follow the instructions below:
Notify systemd of the new files
systemctl --user daemon-reloadStart the newly generated service file
systemctl --user start redlib.serviceYou can check the status of your container by using the following command:
systemctl --user status redlib.serviceThis fork does not publish separate binary releases. If you want an upstream Redlib binary, use upstream Redlib releases and verify the current version, asset name, and checksum there.
After downloading an upstream binary, make it executable and change its ownership
to root if you plan to install it system-wide:
sudo chmod +x redlib && sudo chown root:root redlibCopy the binary to /usr/bin:
sudo cp ./redlib /usr/bin/redlibStart Redlib on the default listener ([::]:8080 unless configured):
redlibImportant
If you're proxying Redlib through NGINX (see issue #122), add
proxy_http_version 1.1;to your NGINX configuration file above your proxy_pass line.
You can use the systemd service available in contrib/redlib.service
(install it on /etc/systemd/system/redlib.service).
That service can be optionally configured in terms of environment variables by
creating a file in /etc/redlib.conf. Use the contrib/redlib.conf as a
template. You can also add the REDLIB_DEFAULT__{X} settings explained
above.
When "Proxying using NGINX" where the proxy is on the same machine, you should
guarantee nginx waits for this service to start. Edit
/etc/systemd/system/redlib.service.d/reverse-proxy.conf:
[Unit]
Before=nginx.serviceTo run this fork from source:
git clone https://github.com/open-proofline/redlib && cd redlib
cargo runIf you are on macOS, you can use the launchd service available in contrib/redlib.plist.
Install it with cp contrib/redlib.plist ~/Library/LaunchAgents/.
Load and start it with launchctl load ~/Library/LaunchAgents/redlib.plist.
You can configure Redlib further using environment variables. For example:
REDLIB_DEFAULT_SHOW_NSFW=on redlibREDLIB_DEFAULT_WIDE=on REDLIB_DEFAULT_THEME=dark redlib -rYou can also configure Redlib with a configuration file named redlib.toml. For example:
REDLIB_DEFAULT_WIDE = "on"
REDLIB_DEFAULT_USE_HLS = "on"Note
If you're deploying Redlib using the Docker CLI, environment variables can be defined in a .env file, allowing you to centralize and manage configuration in one place.
To configure Redlib using a .env file, copy the .env.example file to .env and edit it accordingly.
If using the Docker CLI, add --env-file .env to the command that runs Redlib. For example:
docker run -d --name redlib -p 8080:8080 --env-file .env ghcr.io/open-proofline/redlib:mainRedlib supports the following command line flags:
-4,--ipv4-only: Listen on IPv4 only.-6,--ipv6-only: Listen on IPv6 only.-r,--redirect-https: Redirect all HTTP requests to HTTPS (no longer functional).-a,--address <ADDRESS>: Sets address to listen on. Default is[::].-p,--port <PORT>: Port to listen on. Default is8080.-H,--hsts <EXPIRE_TIME>: HSTS header to tell browsers that this site should only be accessed over HTTPS. Default is604800.
Assign a default value for each instance-specific setting by passing environment variables to Redlib in the format REDLIB_{X}. Replace {X} with the setting name (see list below) in capital letters.
| Name | Possible values | Default value | Description |
|---|---|---|---|
SFW_ONLY |
["on", "off"] |
off |
Enables SFW-only mode for the instance, i.e. all NSFW content is filtered. |
BANNER |
String | (empty) | Allows the server to set a banner to be displayed. Currently this is displayed on the instance info page. |
ROBOTS_DISABLE_INDEXING |
["on", "off"] |
off |
Disables indexing of the instance by search engines. |
PUSHSHIFT_FRONTEND |
String | undelete.pullpush.io |
Allows the server to set the Pushshift frontend to be used with "removed" links. |
PORT |
Integer 0-65535 | 8080 |
The internal port Redlib listens on. |
ENABLE_RSS |
["on", "off"] |
off |
Enables RSS feed generation. |
FULL_URL |
String | (empty) | Allows for proper URLs (for now, only needed by RSS) |
Assign a default value for each user-modifiable setting by passing environment variables to Redlib in the format REDLIB_DEFAULT_{Y}. Replace {Y} with the setting name (see list below) in capital letters.
| Name | Possible values | Default value |
|---|---|---|
THEME |
["system", "light", "dark", "black", "dracula", "nord", "laserwave", "violet", "gold", "rosebox", "gruvboxdark", "gruvboxlight", "tokyoNight", "icebergDark", "doomone", "libredditBlack", "libredditDark", "libredditLight"] |
system |
FRONT_PAGE |
["default", "popular", "all"] |
default |
LAYOUT |
["card", "clean", "compact"] |
card |
WIDE |
["on", "off"] |
off |
POST_SORT |
["hot", "new", "top", "rising", "controversial"] |
hot |
COMMENT_SORT |
["confidence", "top", "new", "controversial", "old"] |
confidence |
BLUR_SPOILER |
["on", "off"] |
off |
SHOW_NSFW |
["on", "off"] |
off |
BLUR_NSFW |
["on", "off"] |
off |
USE_HLS |
["on", "off"] |
off |
HIDE_HLS_NOTIFICATION |
["on", "off"] |
off |
AUTOPLAY_VIDEOS |
["on", "off"] |
off |
SUBSCRIPTIONS |
+-delimited list of subreddits (sub1+sub2+sub3+...) |
(none) |
HIDE_AWARDS |
["on", "off"] |
off |
DISABLE_VISIT_REDDIT_CONFIRMATION |
["on", "off"] |
off |
HIDE_SCORE |
["on", "off"] |
off |
HIDE_SIDEBAR_AND_SUMMARY |
["on", "off"] |
off |
FIXED_NAVBAR |
["on", "off"] |
on |
REMOVE_DEFAULT_FEEDS |
["on", "off"] |
off |
Redlib supports proxy usage using the standard HTTP_PROXY and
HTTPS_PROXY environment variables. Use ALL_PROXY to set both at the same time (which you want to do).
http://is the scheme for http proxyhttps://is the scheme for https proxysocks4://is the scheme for socks4 proxysocks4a://is the scheme for socks4a proxysocks5://is the scheme for socks5 proxysocks5h://is the scheme for socks5h proxy
This project uses BoringSSL, built from source with patches from the wreq project. Certificates are validated against the embedded trust store from Mozilla.
Since Redlib uses boring-sys2, to build Redlib you will need to build
BoringSSL from source.
Refer to the boringssl documentation for dependencies.
Install MSVC, which you likely already have for Rust.
# Make sure to update your PATH, some of the installers don't do that by default (hense -i, interactive mode).
winget install -i Kitware.CMake
winget install -i NASM.NASM
winget install -i LLVM.LLVM
# For tests.
winget install GoLang.Go