Looking for ideas on a TCP+TLS reverse proxy.
925 views
Skip to first unread message
Eliezer Croitoru
Feb 20, 2016, 5:53:02 PM2/20/16
to golang-nuts
I have been able to write a simple HTTP reverse proxy which can do all
sort of things.
But I had two more special scenarios to the picture which I am looking
for existing examples in Golang or ideas on how to implement.
What I want to write is a Reverse Proxy that can work with HTTP, TCP and
TLS(SNI).
For every incoming request it would be able to identify if the request
is non HTTP and non TLS and in this case splice the connection into a
specific server or always return a specific string.
For the case it's a plain HTTP it would then act as a simple reverse
proxy and will pass the connection to a http.handler which knows how to
handle multiple hostnames.
For the case it's a TLS connection with SNI then I want to decided base
on the SNI hostname what would be the next step, either splice to a
specific host as a TCP stream or pass it to some HTTP handler.
From my eyes I might be able to pass the incoming request a series of
filters that will decide what to do next.
The benefit for me is that I can use 1 IP+port address to serve multiple
TLS based services which the SNI can help me to identify the requested
resource.
But I want to also be able to understand if the encrypted or non
encrypted connection is indeed HTTP or another one.
I have seen until now couple ideas such as:
https://groups.google.com/forum/#!topic/golang-nuts/rUm2iYTdrU4
http://www.gilesthomas.com/2013/07/sni-based-reverse-proxying-with-golang/
, https://github.com/gpjt/stupid-proxy/blob/master/proxy.go
https://blog.gopheracademy.com/caddy-a-look-inside/
Any Recommendations?
Thanks,
Eliezer
sort of things.
But I had two more special scenarios to the picture which I am looking
for existing examples in Golang or ideas on how to implement.
What I want to write is a Reverse Proxy that can work with HTTP, TCP and
TLS(SNI).
For every incoming request it would be able to identify if the request
is non HTTP and non TLS and in this case splice the connection into a
specific server or always return a specific string.
For the case it's a plain HTTP it would then act as a simple reverse
proxy and will pass the connection to a http.handler which knows how to
handle multiple hostnames.
For the case it's a TLS connection with SNI then I want to decided base
on the SNI hostname what would be the next step, either splice to a
specific host as a TCP stream or pass it to some HTTP handler.
From my eyes I might be able to pass the incoming request a series of
filters that will decide what to do next.
The benefit for me is that I can use 1 IP+port address to serve multiple
TLS based services which the SNI can help me to identify the requested
resource.
But I want to also be able to understand if the encrypted or non
encrypted connection is indeed HTTP or another one.
I have seen until now couple ideas such as:
https://groups.google.com/forum/#!topic/golang-nuts/rUm2iYTdrU4
http://www.gilesthomas.com/2013/07/sni-based-reverse-proxying-with-golang/
, https://github.com/gpjt/stupid-proxy/blob/master/proxy.go
https://blog.gopheracademy.com/caddy-a-look-inside/
Any Recommendations?
Thanks,
Eliezer
Anmol Sethi
Feb 20, 2016, 6:03:31 PM2/20/16
to Eliezer Croitoru, golang-nuts
https://github.com/joushou/serve2d and its corresponding library https://github.com/joushou/serve2
Forgot to reply all.
> --
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Forgot to reply all.
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Eliezer Croitoru
Feb 20, 2016, 6:17:21 PM2/20/16
to Anmol Sethi, golang-nuts
On 21/02/2016 01:03, Anmol Sethi wrote:
> https://github.com/joushou/serve2d and its corresponding libraryhttps://github.com/joushou/serve2
Thanks!
> https://github.com/joushou/serve2d and its corresponding libraryhttps://github.com/joushou/serve2
I will walk into it this week with hope to understand it better.
Eliezer
Caleb Doxsey
Feb 29, 2016, 9:14:47 PM2/29/16
to golang-nuts, eli...@ngtech.co.il
What you want exists: https://github.com/inconshreveable/slt
Reply all
Reply to author
Forward
0 new messages