Skip to content
/ goproxy Public
forked from inconshreveable/slt

A reverse proxy with SNI multiplexing in Go

License

View license
1 star 56 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

acls/goproxy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
conf
conf
 
 
config
config
 
 
proxy
proxy
 
 
.gitignore
.gitignore
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
goproxy.sample.service
goproxy.sample.service
 
 
main.go
main.go
 
 

Repository files navigation

goproxy is a simple reverse-proxy with SNI multiplexing (TLS virtual hosts).

That means you can send TLS/SSL connections for multiple different applications to the same port and forward them all to the appropriate backend hosts depending on the intended destination.

Features

SNI Multiplexing

goproxy multiplexes connections to a single TLS port by inspecting the name in the SNI extension field of each connection.

Simple YAML Configuration

You configure goproxy with a simple YAML configuration file:

":443":
  secure: true
  frontends:
    v1.example.com:
      backends:
      - addr: :4443

    v2.example.com:
      backends:
      - addr: 192.168.0.2:443
      - addr: 192.168.0.1:443

":80":
  secure: false
  watch: true

":1234":
  secure: false
  frontends:
    test.example.com:1234:
      backends:
      - addr: 192.168.1.1:443

If watch is true a folder with the name is watched for frontend configs:

# ./:80/test1.example.com.yml
backends:
- addr: 192.168.1.1:80
# ./:80/test2.example.com.yml
backends:
- addr: 192.168.1.2:80

NOTE: When using non-standard ports the frontend domain needs to include the port. eg: test.example.com:1234

Optional TLS Termination

Sometimes, you don't actually want to terminate the TLS traffic, you just want to forward it elsewhere. goproxy only terminates the TLS traffic if you specify a private key and certificate file like so:

":443":
  frontends:
    v1.example.com:
      tls_key: /path/to/v1.example.com.key
      tls_crt: /path/to/v1.example.com.crt

Round robin load balancing among arbitrary backends

goproxy performs simple round-robin load balancing when more than one backend is available (other strategies will be available in the future):

":443":
  frontends:
    v1.example.com:
      backends:
      - addr: :8080
      - addr: :8081

Running it

Running goproxy is also simple. It takes a single argument, the path to the configuration file:

./goproxy /path/to/config.yml

Building it

Just cd into the directory and "go build". It requires Go 1.1+.

Testing it

Just cd into the directory and "go test".

As a Systemd Service

Copy service file

NOTE: change ExecStart paths to match your paths, since the paths must be absolute. My $GOPATH is my home directory.

cp $GOPATH/src/github.com/acls/goproxy/goproxy.sample.service /etc/systemd/system/goproxy.service
vim /etc/systemd/system/goproxy.service

Start service

systemctl start goproxy.service

View logs

journalctl -u goproxy.service     # all logs
journalctl -u goproxy.service -f  # follow logs

Set to automatically run on boot

systemctl enable goproxy.service

Reload service without restarting after making changes to config

systemctl reload goproxy.service

License

Apache

About

A reverse proxy with SNI multiplexing in Go

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%