Skip to content
A TLS reverse proxy with SNI multiplexing in Go
Branch: master
Clone or download
inconshreveable Merge pull request #8 from scele/master
go-yaml package has moved from launchpad to github
Latest commit 1ff6593 Oct 2, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
man
LICENSE add apache license Feb 26, 2014
README.md add apache license Feb 26, 2014
TODO add tests Dec 20, 2013
example.yml
server.go go-yaml package has moved from launchpad to github Oct 2, 2017
server_test.go add custom error handler for muxing errors so that we can log the fai… Dec 28, 2013

README.md

slt is a dead-simple TLS reverse-proxy with SNI multiplexing (TLS virtual hosts).

That means you can send TLS/SSL connections for multiple different applications to the same port and forward them all to the appropriate backend hosts depending on the intended destination.

Features

SNI Multiplexing

slt multiplexes connections to a single TLS port by inspecting the name in the SNI extension field of each connection.

Simple YAML Configuration

You configure slt with a simple YAML configuration file:

bind_addr: ":443"

frontends:
  v1.example.com:
    backends:
      -
        addr: ":4443"

  v2.example.com:
    backends:
      -
        addr: "192.168.0.2:443"
      -
        addr: "192.168.0.1:443"

Optional TLS Termination

Sometimes, you don't actually want to terminate the TLS traffic, you just want to forward it elsewhere. slt only terminates the TLS traffic if you specify a private key and certificate file like so:

frontends:
  v1.example.com:
    tls_key: /path/to/v1.example.com.key
    tls_crt: /path/to/v1.example.com.crt

Round robin load balancing among arbitrary backends

slt performs simple round-robin load balancing when more than one backend is available (other strategies will be available in the future):

frontends:
  v1.example.com:
    backends:
      -
        addr: ":8080"
      -
        addr: ":8081"

Running it

Running slt is also simple. It takes a single argument, the path to the configuration file:

./slt /path/to/config.yml

Building it

Just cd into the directory and "go build". It requires Go 1.1+.

Testing it

Just cd into the directory and "go test".

Stability

I run slt in production handling hundreds of thousands of connections daily.

License

Apache

You can’t perform that action at this time.