Reverse Proxy

Reverse Proxy is a reverse proxy which can be used for SSL termination and/or subdomain multiplexing. Reverse Proxy is similar to Traefik or Nginx, but aims to be simpler and easier to use.

Click here to download the zip file containing binaries for the following platforms:

Example

In this example, we would like to set up two subdomains, myapp.example.com and echo.example.com.

I recommend acme.sh for getting LetsEncrypt SSL cerficates. This demonstrates how to install and run acme.sh. This requests a certificate in standalone mode, which requires socat and sudo (in order to listen on port 80).

$ curl https://get.acme.sh | sh
(exit then log back in to enable acme.sh)
$ sudo apt install socat
$ sudo setcap 'cap_net_bind_service=+ep' /usr/bin/socat
$ acme.sh --issue --standalone --server letsencrypt \
	-d example.com -d myapp.example.com -d echo.example.com

After running, acme.sh will set up a cron job to automatically renew the cert. Because the cron job also listens on port 80, we will need to keep that port free. In addition, we would like to redirect myapp.example.com to port 8000 and just echo any request to echo.example.com. We need sudo again to listen on port 443. So the full command is:

$ sudo rp 0 \
	-ssl 443 \
		/home/aaron/.acme.sh/example.com/example.app.key \
		/home/aaron/.acme.sh/example.com/example.app.crt \
	-map myapp.example.com 8000 \
	-map echo.example.com -1

Usage

USAGE:
	rp [port] -ssl [ssl_port] [key] [crt] -map [host_header] [local_port]
WHERE:
	-[port] is the http port
	-if -ssl is specified, [ssl_port] is the https port and [key] and [crt]
	 are the key and certificate file paths
	 -if [port] is positive, it will redirect to [ssl_port]
	 -if [port] is negative, it will mirror [ssl_port]
	 -if [port] is zero, it will be ignored
	-if -map is specified, incoming requests with [host_header] are forwarded
	 to [local_port] (multiple mappings can be specified)
	-if [local_port] is -1, the [host_header] is mapped to an echo handler, which
	 is useful for debugging

How is this better than Traefik/Nginx?

It's smaller, simpler, and easier to use.