Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
Hey guys, anyone who can tell me whether it's possible to do a) TLS termination b) based on the SNI header route one part of the traffic (TCP) to a given backend c) when the SNI doesn't match anything, treat it as HTTP traffic and do "regular" path based routing?
I'm currently investigating several solutions for doing this - Traefik only does L7, HaProxy can do it, but there is no dynamic backend configuration - docker flow proxy seems a viable candidate, except it can't create the tcp/http mix out of the box which I described.. so I just ran into your tool this afternoon, which seems promising, but before I start fiddling again - I was hoping someone might just be able to tell me whether it's possible or not.
OK - never mind either way, just discovered that Docker Swarm doesn't work either :) I'll check back on this in a few months .. back to Docker Flow Proxy I guess.
Nick Doikov

you can add something like :

hostname_matching_strategy = "regexp"
unexpected_hostname_strategy = "default"

in . sni server section

Andrew Stanton

I'd like to run gobetween in AWS ECS. But having hard time figuring how to pass it a default configuration. CloudWatch logs show:

gobetween v0.5.0
open /etc/gobetween/conf/gobetween.toml: no such file or directory

I see some volume options in ECS container definition, but not seeing how I would get a config file there to map to the /etc/gobetween/conf

I saw we can tell gobetween to use URL for config file, but the Dockerfile in GitHub specifically calls command options for hardcoded path.

CMD ["/usr/bin/gobetween", "-c", "/etc/gobetween/conf/gobetween.toml"]

So when attempting to pass env variables via ECS, we get a different error

gobetween v0.5.0
Passed GOBETWEEN env var and command-line arguments: only one allowed

Would it be possible to publish a different Dockerfile tag on yyyar's account for a more ECS friendly version, like with no static file configuration passed, so we can use the environment variable approach? Or any other ideas?

Andrew Stanton

Okay, I figured out the way to do this in ECS Fargate.... I'm sure there are multiple paths to doing it without requiring any work from Gobetween team. But, the way I was able to do it was to override Dockerfile CMD by defining entryPoint in the container definition which I am sure would be easy for anyone with Docker experience to think of (this is my day 2 of exploring Docker and mostly through the lens of ECS):

"containerDefinitions": [
"entryPoint": [
"environment": [
"name": "GOBETWEEN",
"value": "[\"from-url\", \"http://some.url/gobetween.toml", \"-f\", \"toml\"]"

Illarion Kovalchuk
thank you, we will update the doc
Yaroslav Pogrebnyak
gobetween now on Telegram! Announcing our official Telegram group here: https://t.me/joinchat/GdlUlg_gRfchk1BORU82PA Join now! :-)
Yaroslav Pogrebnyak
Also, to support gobetween please submit your use case here yyyar/gobetween#161 :-) Thank you so much!
hello, I try gobetween v0.6.0. tcp loadbalance roundrobin mode not work.

protocol = "tcp"
bind = ""
balance = "roundrobin"

max_connections = 10000
client_idle_timeout = "10m"
backend_idle_timeout = "10m"
backend_connection_timeout = "2s"

kind = "static"
static_list = [
" weight=1",
" weight=1"

fails = 1
passes = 1
interval = "1s"
kind = "ping"
ping_timeout_duration = "500ms"

I expect 4000,2000 next round 4000,2000 again and again. but not working as expected.
Can I use gobetween instead of haproxy?
My test like this.
simple http backend.
Illarion Kovalchuk
@krast yes. I confirm the bug. Will be fixed soon in 0.6.1
Dave Cottlehuber
I see you have FreeBSD binary available, but I'd like to build from sources and include in FreeBSD ports tree. I tried some minor modifications but failed to get it working.
if you're able to help further I will open an issue on github to discuss
Dave Cottlehuber
dch@wintermute /r/gobetween> git commit -am 'hack FreeBSD support'
[master 40b5817] hack FreeBSD support
 1 file changed, 1 insertion(+)
dch@wintermute /r/gobetween> gsh
commit 40b5817fbe7825f815569e0e837291cc58ab7e25 (HEAD -> master)
Author: Dave Cottlehuber <dch@skunkwerks.at>
Date:   Fri Sep 7 10:56:05 2018 +0000

    hack FreeBSD support

diff --git a/Makefile b/Makefile
index 6976501..c729bc5 100644
--- a/Makefile
+++ b/Makefile
@@ -88,6 +88,7 @@ dist:
        @#             os    arch  cgo ext
        @for arch in "linux   386  1      "  "linux   amd64 1      "  \
                                 "windows 386  0 .exe "  "windows amd64 0 .exe "  \
+                                "freebsd 386  1      "  "freebsd amd64 1      "  \
                                 "darwin  386  0      "  "darwin  amd64 0      "; \
        do \
          set -- $$arch ; \
dch@wintermute /r/gobetween> gmake deps build
rm -rf ./vendor/src
rm -rf ./vendor/pkg
rm -rf ./vendor/bin
go get -v github.com/burntsushi/toml
github.com/burntsushi/toml (download)
go get -v github.com/miekg/dns
github.com/miekg/dns (download)
go get -v github.com/fsouza/go-dockerclient
github.com/fsouza/go-dockerclient (download)
github.com/docker/docker (download)
github.com/docker/go-units (download)
github.com/sirupsen/logrus (download)
Fetching https://golang.org/x/crypto/ssh/terminal?go-get=1
Parsing meta tags from https://golang.org/x/crypto/ssh/terminal?go-get=1 (status code 200)
get "golang.org/x/crypto/ssh/terminal": found meta tag get.metaImport{Prefix:"golang.org/x/crypto", VCS:"git", RepoRoot:"https://go.googlesource.com/crypto"} at https://golang.org/x/crypto/ssh/terminal?go-get=1
get "golang.org/x/crypto/ssh/terminal": verifying non-authoritative meta tag
Fetching https://golang.org/x/crypto?go-get=1
Parsing meta tags from https://golang.org/x/crypto?go-get=1 (status code 200)
golang.org/x/crypto (download)
Fetching https://golang.org/x/sys/unix?go-get=1
Parsing meta tags from https://golang.org/x/sys/unix?go-get=1 (status code 200)
get "golang.org/x/sys/unix": found meta tag get.metaImport{Prefix:"golang.org/x/sys", VCS:"git", RepoRoot:"https://go.googlesource.com/sys"} at https://golang.org/x/sys/unix?go-get=1
get "golang.org/x/sys/unix": verifying non-authoritative meta tag
Fetching https://golang.org/x/sys?go-get=1
Parsing meta tags from https://golang.org/x/sys?go-get=1 (status code 200)
golang.org/x/sys (download)
github.com/Nvveen/Gotty (download)
# github.com/docker/docker/pkg/mount
vendor/src/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go:40:24: undefined: p
gmake: *** [Makefile:62: deps] Error 2
Dave Cottlehuber
updating the docker/docker dependency in vendors just caused an explosion of go errors
Illarion Kovalchuk
I managed to build it for freebsd
just set cgo_enabled to 0, like this:
"freebsd 386 0 " "freebsd amd64 0 "
Dave Cottlehuber
illarion: I still get this (on master branch BTW)
../go/src/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go:40:24: undefined: p
is it possible you've different stuff in vendor ?
Illarion Kovalchuk
I cleaned vendor
make clean
make deps
make dist
and I get freebsd build
Illarion Kovalchuk
But you're right, the freebds dependency has an error - it uses undefined variable 'p'
The question is why crosscompilation doesn't use it
bintut @bintut waves
Marvin Pascual
I wonder how to support multiple groups of backends in gobetween-0.6.0
Is it possible? Say, the first backend group is WordPress, the second backend group is nginx w/ static contents, and so on and so forth...
Illarion Kovalchuk
@bintut so what is your question?
Marvin Pascual
How to configure gobetween to be the reverse proxy for multiple groups of backend services?
Does gobetween support SNI for multiple backend services?
Illarion Kovalchuk
yes sni is supported
it should be described in documentation on gobetween.io and in wiki of github project
Marvin Pascual
I'm sorry but I can't find in the documentation how to configure multiple backends on a single gobetween
Illarion Kovalchuk
see discovery section
Marvin Pascual
gobetween will be listening on a single HTTPS port. How can I differentiate between different backend services? How gobetween decides that the incoming traffic is for backendA and not for backendB, and so on and so forth?
Illarion Kovalchuk
using sni

kind = "static"

static_list = [ # (required) [

"localhost:8000 weight=5", # "<host>:<port> weight=<int>" weight=1 by default

"localhost:8001 sni=www.foo.com" # ]


sorry for formatting, it is hard to copy paste examples using phone
take a look at config.toml