TCP services
TCP service are special kind of otoroshi services meant to proxy pure TCP connections (ssh, database, http, etc)
Global information
Id
: generated unique identifierTCP service name
: the name of your TCP serviceEnabled
: enable and disable the serviceTCP service port
: the listening portTCP service interface
: network interface listen by the serviceTags
: list of tags associated to the serviceMetadata
: list of metadata associated to the service
TLS
this section controls the TLS exposition of the service
TLS mode
Disabled
: no TLSPassThrough
: as the target exposes TLS, the call will pass through otoroshi and use target TLSEnabled
: the service will be exposed using TLS and will chose certificate based on SNI
Client Auth.
None
no mTLS needed to passWant
pass with or without mTLSNeed
need mTLS to pass
Server Name Indication (SNI)
this section control how SNI should be treated
SNI routing enabled
: if enabled, the server will use the SNI hostname to determine which certificate to present to the clientForward to target if no SNI match
: if enabled, a call without any SNI match will be forward to the targetTarget host
: host of the target called if no SNITarget ip address
: ip of the target called if no SNITarget port
: port of the target called if no SNITLS call
: encrypt the communication with TLS
Rules
for any listening TCP proxy, it is possible to route to multiple targets based on SNI or extracted http host (if proxying http)
Matching domain name
: regex used to filter the list of domains where the rule will be appliedTarget host
: host of the targetTarget ip address
: ip of the targetTarget port
: port of the targetTLS call
: enable this flag if the target is exposed using TLS