slt.8.html 5.99 KB
Newer Older
1 2 3 4 5
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv='content-type' value='text/html;charset=utf8'>
  <meta name='generator' value='Ronn/v0.7.3 (http://github.com/rtomayko/ronn/tree/0.7.3)'>
6
  <title>slt(8) - multiplex a port for multiple TLS applications with SNI</title>
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
  <style type='text/css' media='all'>
  /* style: man */
  body#manpage {margin:0}
  .mp {max-width:100ex;padding:0 9ex 1ex 4ex}
  .mp p,.mp pre,.mp ul,.mp ol,.mp dl {margin:0 0 20px 0}
  .mp h2 {margin:10px 0 0 0}
  .mp > p,.mp > pre,.mp > ul,.mp > ol,.mp > dl {margin-left:8ex}
  .mp h3 {margin:0 0 0 4ex}
  .mp dt {margin:0;clear:left}
  .mp dt.flush {float:left;width:8ex}
  .mp dd {margin:0 0 0 9ex}
  .mp h1,.mp h2,.mp h3,.mp h4 {clear:left}
  .mp pre {margin-bottom:20px}
  .mp pre+h2,.mp pre+h3 {margin-top:22px}
  .mp h2+pre,.mp h3+pre {margin-top:5px}
  .mp img {display:block;margin:auto}
  .mp h1.man-title {display:none}
  .mp,.mp code,.mp pre,.mp tt,.mp kbd,.mp samp,.mp h3,.mp h4 {font-family:monospace;font-size:14px;line-height:1.42857142857143}
  .mp h2 {font-size:16px;line-height:1.25}
  .mp h1 {font-size:20px;line-height:2}
  .mp {text-align:justify;background:#fff}
  .mp,.mp code,.mp pre,.mp pre code,.mp tt,.mp kbd,.mp samp {color:#131211}
  .mp h1,.mp h2,.mp h3,.mp h4 {color:#030201}
  .mp u {text-decoration:underline}
  .mp code,.mp strong,.mp b {font-weight:bold;color:#131211}
  .mp em,.mp var {font-style:italic;color:#232221;text-decoration:none}
  .mp a,.mp a:link,.mp a:hover,.mp a code,.mp a pre,.mp a tt,.mp a kbd,.mp a samp {color:#0000ff}
  .mp b.man-ref {font-weight:normal;color:#434241}
  .mp pre {padding:0 4ex}
  .mp pre code {font-weight:normal;color:#434241}
  .mp h2+pre,h3+pre {padding-left:0}
  ol.man-decor,ol.man-decor li {margin:3px 0 10px 0;padding:0;float:left;width:33%;list-style-type:none;text-transform:uppercase;color:#999;letter-spacing:1px}
  ol.man-decor {width:100%}
  ol.man-decor li.tl {text-align:left}
  ol.man-decor li.tc {text-align:center;letter-spacing:4px}
  ol.man-decor li.tr {text-align:right;float:right}
  </style>
</head>
<!--
  The following styles are deprecated and will be removed at some point:
  div#man, div#man ol.man, div#man ol.head, div#man ol.man.

  The .man-page, .man-decor, .man-head, .man-foot, .man-title, and
  .man-navigation should be used instead.
-->
<body id='manpage'>
  <div class='mp' id='man'>

  <div class='man-navigation' style='display:none'>
    <a href="#NAME">NAME</a>
    <a href="#SYNOPOSIS">SYNOPOSIS</a>
    <a href="#DESCRIPTION">DESCRIPTION</a>
    <a href="#CONFIGURATION-FILE">CONFIGURATION FILE</a>
    <a href="#EXIT-STATUS">EXIT STATUS</a>
    <a href="#LINKS">LINKS</a>
    <a href="#AUTHOR">AUTHOR</a>
    <a href="#SEE-ALSO">SEE ALSO</a>
  </div>

  <ol class='man-decor man-head man head'>
67
    <li class='tl'>slt(8)</li>
68
    <li class='tc'></li>
69
    <li class='tr'>slt(8)</li>
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
  </ol>

  <h2 id="NAME">NAME</h2>
<p class="man-name">
  <code>slt</code> - <span class="man-whatis">multiplex a port for multiple TLS applications with SNI</span>
</p>

<h2 id="SYNOPOSIS">SYNOPOSIS</h2>

<p><code>slt</code> <var>config-file</var></p>

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><code>slt</code> is a TLS reverse-proxy which allows an administrator to run
multiple TLS applications on a single port. <code>slt</code> multiplexes incoming
connections by inspecting the Server Name Indication (<code>SNI</code>) extension
data and appropriately forwarding the connection to the appropriate
upstream server.</p>

<h2 id="CONFIGURATION-FILE">CONFIGURATION FILE</h2>

<p>Configure <code>slt</code> with a simple YAML file. Specify a <code>bind_addr</code> to instuct <code>slt</code>
where it should listen for incoming connections. <code>slt</code> may listen for any number
of <code>frontends</code>. Each frontend is identified by the name to match in the SNI
data. Each frontend forwards to any number of <code>backends</code>. You may specify each
backend with a hash of values. The only required attribute is <code>addr</code>. When
more than one backend is enumerated, <code>slt</code> performs simple round-robin load
balancing among them.</p>

<p>An example configuration follows for listening on port 443 of all local
interfaces multiplexing traffic for two applications, <em>v1.example.com</em>
and <em>v2.example.com</em>. <em>v1.example.com</em> forwards to a single upstream
server on port 1234. <em>v2.example.com</em> forwards to two upstream hosts
on different addresses:</p>

<pre><code>bind_addr: ":443"

frontends:
  v1.example.com:
    backends:
      - addr: ":1234"

  v2.example.com:
    backends:
      - addr: "192.168.0.2:443"
      - addr: "192.168.0.1:443"
</code></pre>

<p>By default, <code>slt</code> does not terminate any TLS traffic. <code>slt</code> only inspects
connections for their SNI data before being forwarded upstream. <code>slt</code> may
terminate TLS traffic for any <code>frontend</code> by providing paths to the TLS
public certificate and private key files, like so:</p>

<pre><code>frontends:
  v1.example.com:
    tls_key: /path/to/v1.example.com.key
    tls_crt: /path/to/v1.example.com.crt
</code></pre>

<p>Designate one <code>frontend</code> to be the <code>default</code> in the case that no
SNI data is present in the connection like so:</p>

<pre><code>frontends:
  v1.example.com:
    default: true
</code></pre>

<h2 id="EXIT-STATUS">EXIT STATUS</h2>

<p>Exit status is 0 on success, non-zero on failure.</p>

<h2 id="LINKS">LINKS</h2>

<dl>
<dt><code>Source code and documentation</code></dt><dd><p><a href="">https://github.com/inconshreveable/slt</a></p></dd>
<dt><code>Server Name Indication</code></dt><dd><p><a href="">http://www.ietf.org/rfc/rfc3546.txt</a></p></dd>
</dl>


<h2 id="AUTHOR">AUTHOR</h2>

<p>Alan Shreve (@inconshreveable)</p>

<h2 id="SEE-ALSO">SEE ALSO</h2>

<p><span class="man-ref">ssl<span class="s">(3)</span></span> <span class="man-ref">stunnel<span class="s">(8)</span></span></p>


  <ol class='man-decor man-foot man foot'>
    <li class='tl'></li>
    <li class='tc'>March 2014</li>
161
    <li class='tr'>slt(8)</li>
162 163 164 165 166
  </ol>

  </div>
</body>
</html>