slt - multiplex a port for multiple TLS applications with SNI
slt is a TLS reverse-proxy which allows an administrator to run
multiple TLS applications on a single port.
slt multiplexes incoming
connections by inspecting the Server Name Indication (
data and appropriately forwarding the connection to the appropriate
slt with a simple YAML file. Specify a
bind_addr to instuct
where it should listen for incoming connections.
slt may listen for any number
frontends. Each frontend is identified by the name to match in the SNI
data. Each frontend forwards to any number of
backends. You may specify each
backend with a hash of values. The only required attribute is
more than one backend is enumerated,
slt performs simple round-robin load
balancing among them.
An example configuration follows for listening on port 443 of all local interfaces multiplexing traffic for two applications, v1.example.com and v2.example.com. v1.example.com forwards to a single upstream server on port 1234. v2.example.com forwards to two upstream hosts on different addresses:
bind_addr: ":443" frontends: v1.example.com: backends: - addr: ":1234" v2.example.com: backends: - addr: "192.168.0.2:443" - addr: "192.168.0.1:443"
slt does not terminate any TLS traffic.
slt only inspects
connections for their SNI data before being forwarded upstream.
terminate TLS traffic for any
frontend by providing paths to the TLS
public certificate and private key files, like so:
frontends: v1.example.com: tls_key: /path/to/v1.example.com.key tls_crt: /path/to/v1.example.com.crt
frontend to be the
default in the case that no
SNI data is present in the connection like so:
frontends: v1.example.com: default: true
Exit status is 0 on success, non-zero on failure.
Source code and documentation
Server Name Indication
Alan Shreve (@inconshreveable)