slt is a dead-simple TLS reverse-proxy with SNI multiplexing (TLS virtual hosts).
That means you can send TLS/SSL connections for multiple different applications to the same port and forward them all to the appropriate backend hosts depending on the intended destination.
slt multiplexes connections to a single TLS port by inspecting the name in the SNI extension field of each connection.
You configure slt with a simple YAML configuration file:
bind_addr: ":443"
user: pi
frontends:
v1.example.com:
backends:
-
addr: ":4443"
v2.example.com:
backends:
-
addr: "192.168.0.2:443"
-
addr: "192.168.0.1:443"
Sometimes, you don't actually want to terminate the TLS traffic, you just want to forward it elsewhere. slt only terminates the TLS traffic if you specify a private key and certificate file like so:
frontends:
v1.example.com:
tls_key: /path/to/v1.example.com.key
tls_crt: /path/to/v1.example.com.crt
slt performs simple round-robin load balancing when more than one backend is available (other strategies will be available in the future):
frontends:
v1.example.com:
backends:
-
addr: ":8080"
-
addr: ":8081"
Running slt is also simple. It takes a single argument, the path to the configuration file:
./slt /path/to/config.yml
Just cd into the directory and "go build". It requires Go 1.1+.
Just cd into the directory and "go test".
I run slt in production handling hundreds of thousands of connections daily.
Apache