On this pageGo HTTP client proxy with http.Transport
Setting up a Golang proxy uses the standard library: Go has built-in HTTP/HTTPS proxy support through http.Transport and http.ProxyURL, including HTTP Basic credentials embedded in the proxy URL. SOCKS5 lives one package away in golang.org/x/net/proxy. This page shows the standard idioms for routing net/http through your ColdProxy gateway with username/password auth (rotating and sticky), the SOCKS5 dialer path wired in via DialContext, and the IP-whitelist alternative. New to proxy auth models? See username/password vs IP whitelisting.
Your gateway host is gw-{service-id}.coldproxy.com; every example uses gw-2312.coldproxy.com (replace 2312 with your service/package ID) and a port in the 30000-34999 range (we use 30000). Your full proxy string is:
gw-2312.coldproxy.com:30000:USERNAME:PASSWORDAfter a new order is delivered, allow about 10-20 minutes for the proxies to authenticate and activate. Verify reachability, exit IP, and location with the proxy checker first.
Go HTTP client proxy with http.Transport
ColdProxy auto-detects HTTP, HTTPS, and SOCKS5 on the same gateway port. For HTTP/HTTPS, parse a proxy URL that carries the credentials in its userinfo, then hand it to the transport with http.ProxyURL. The transport sends a Proxy-Authorization: Basic header automatically and uses CONNECT tunneling for HTTPS targets, so your traffic stays end-to-end encrypted.
package main
import (
"fmt"
"io"
"log"
"net/http"
"net/url"
)
func main() {
proxyURL, err := url.Parse("http://USERNAME:[email protected]:30000")
if err != nil {
log.Fatal(err)
}
client := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyURL(proxyURL),
},
}
resp, err := client.Get("https://api.vipv6proxy.com/api/checker/my-ip")
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body)) // JSON: {"ip": "...", "version": ..., "country": "...", ...}
}If your username or password contains characters like @, :, or /, build the userinfo with url.UserPassword and set it on a *url.URL rather than concatenating a string, so each value is escaped correctly:
proxyURL := &url.URL{
Scheme: "http",
User: url.UserPassword("USERNAME", "PASSWORD"),
Host: "gw-2312.coldproxy.com:30000",
}Rotating vs sticky username tags
ColdProxy encodes geo-targeting and session behavior in the username using a tag grammar: user-key-value-key-value.... With no session tag, each request can exit from a fresh IP (rotating). To hold one IP, include both a session tag and a time/duration tag together. In Go, that just changes the User you put in the proxy URL.
package main
import (
"net/http"
"net/url"
)
const (
host = "gw-2312.coldproxy.com:30000"
pass = "PASSWORD"
)
func proxyClient(username string) *http.Client {
u := &url.URL{
Scheme: "http",
User: url.UserPassword(username, pass),
Host: host,
}
return &http.Client{
Transport: &http.Transport{Proxy: http.ProxyURL(u)},
}
}
func main() {
// Rotating: US exit, new IP per request
rotating := proxyClient("user-country-us")
// Sticky: US exit, same IP held for 10 minutes (session + time together)
sticky := proxyClient("user-country-us-session-481516-time-10m")
_ = rotating
_ = sticky
}The exact username segment prefixes (for example country/session/time) are configured per product by ColdProxy. Confirm the precise prefixes for your plan in your client area before hard-coding them. A sticky session needs both the session and time tags; a session tag alone still rotates. Sticky duration ranges from 5s to 24h on Residential IPv4, and 5s to FOREVER on Residential IPv6 and Datacenter IPv6.
SOCKS5 with golang.org/x/net/proxy
The same gateway port serves SOCKS5 (over TCP and UDP). The standard library does not dial SOCKS5 itself, so add the supplementary package:
go get golang.org/x/net/proxyBuild a SOCKS5 dialer with proxy.SOCKS5, passing credentials via *proxy.Auth. The returned Dialer also implements proxy.ContextDialer, so assert to that interface and wire its DialContext into the transport; this is the current idiom and avoids the deprecated Dial-only path that can leak a goroutine on slow connects.
package main
import (
"context"
"fmt"
"io"
"log"
"net"
"net/http"
"golang.org/x/net/proxy"
)
func main() {
auth := &proxy.Auth{User: "USERNAME", Password: "PASSWORD"}
dialer, err := proxy.SOCKS5("tcp", "gw-2312.coldproxy.com:30000", auth, proxy.Direct)
if err != nil {
log.Fatal(err)
}
ctxDialer, ok := dialer.(proxy.ContextDialer)
if !ok {
log.Fatal("SOCKS5 dialer does not support DialContext")
}
client := &http.Client{
Transport: &http.Transport{
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
return ctxDialer.DialContext(ctx, network, addr)
},
},
}
resp, err := client.Get("https://api.vipv6proxy.com/api/checker/my-ip")
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}proxy.SOCKS5 resolves the destination hostname at the proxy exit by default (remote DNS), which is the SOCKS5 equivalent of socks5h; your local resolver never sees the target host. Sticky and geo tags work the same over SOCKS5: put them in the Auth.User value, e.g. user-country-us-session-481516-time-10m. See SOCKS5 vs HTTPS proxies and TCP vs UDP transport support.
Reuse one client, set timeouts
Create the http.Client once and reuse it so connections are pooled. Always set a timeout for proxied traffic, and prefer context deadlines per request when scraping at scale.
import "time"
client := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyURL(proxyURL),
MaxIdleConns: 100,
MaxIdleConnsPerHost: 10,
},
Timeout: 30 * time.Second,
}Map proxy and target status codes deliberately: a 407 means proxy auth failed (check the username/password and tag format), while 403/429 usually come from the target site. See proxy error codes 407, 403, 429, 502, and 504 explained.
IP whitelist (no credentials in code)
Instead of embedding USERNAME:PASSWORD, you can authorize the server's public IP. Add up to 50 IPs to your authorized list in the client area (or through the plan API), and ColdProxy accepts unauthenticated requests from those IPs. Drop the userinfo from the proxy URL:
proxyURL, _ := url.Parse("http://gw-2312.coldproxy.com:30000")
client := &http.Client{
Transport: &http.Transport{Proxy: http.ProxyURL(proxyURL)},
}With IP authentication the proxies are issued in IP:PORT form and geo defaults to Worldwide, because username geo tags are not sent. To geo-target IP-auth traffic, bind country/state/city and session settings to specific port ranges using SuperPorts at the plan level, then dial through those ports. Username-tag and IP-auth can both be active at once. See IP whitelisting in the glossary.
Next steps
- Confirm a working proxy and its exit location with the proxy checker and my IP.
- Using IPv6? Many sites are IPv4-only; check a target with the IPv6 checker before relying on an IPv6 plan.
- Learn the tag grammar in depth: geo-targeting by country, city, ZIP, and ASN and rotating vs sticky sessions.
- Choose or upgrade a plan on the pricing and proxy product pages.
