Repository files navigation

SweetSSL is a lightweight easy to usereverse proxy written inGo that provides FREELet's Encrypt SSL certificates. It can run onLinux or as aWindows service.

It uses a mapping file to direct host names (mysite.com), a prefix (/my-site) or all traffic (any) to a backend server. The backend server can be a IP address,HTTP/HTTPS web server or can be a directory on disk (for static content).

The mapping file is watched on the file system and any changes are automatically added to the proxy without a restart.

You can download builds from the release page:Releases

1. Create a DNS entry for each host name pointing to your public IP address (A record) or create CNAME records pointing to an existing A record.
2. Update firewall settings so that both port 443 (SSL) and port 80 are accessible to the internet. Port 80 is required for Let's Encrypt to validate ownership of yoir domain.
3. Create an entry (one per line) for the host name entries created in Step 1 in the mapping.yml file (see examples below).
4. Start SweetSSL using the arguments below or install as a Windows service using the same command-line arguments.
5. Let SweetSSL do it's magic!

Your email address is required when using theLet's Encrypt certificates. This is forLet's Encrypt to contact your about any issues.

RunHTTPS with defaultmapping.yml file:

sweetssl -email youremail@yourdomain.com

RunHTTPS with custom mapping path:

sweetssl -email youremail@yourdomain.com -mapping "otherfile.yml"

RunHTTPS and allow self signed certificates on backend servers:

sweetssl -email youremail@yourdomain.com -tls-skip-verify

RunHTTP with default mapping:

sweetssl -http-only

Install as a Windows service:

sweetssl -install -email youremail@yourdomain.com

Get GoLang Source:

go get github.com/cubewise-code/sweetssl

Build Go source:

go build -o sweetssl.exe

mapping.yml contains host-to-backend mapping:

Example:

# Examplessubdomain1.example.com:127.0.0.1:8080uploads.example.com:https://uploads-bucket.s3.amazonaws.comstatic.linux.com:/var/www/static.windows.com:C:\Temp\/prod:http://prodserver/api/v1/dev:http://devserver/api/v1any:C:\Temp\any:https://localhost:8883/api/v1

Usage of sweetssl:  -addr string        Address to listen at (default":https")  -cache-dir string        Path to directory to cache key and certificates (default Windows"C:\\ProgramData\sweetssl\cache", Linux"/var/cache/sweetssl")  -email string        Contact email address presented to letsencrypt CA  -hostname string        The default host name to be used with any and / prefix options  -hsts        Add Strict-Transport-Security header  -http string        Optional address to serve http-to-https redirects and ACME http-01 challenge responses (default":http")  -http-only        Only use http  -install        Installs as a windows service  -mapping string        File with host/backend mapping (default"mapping.yml")  -remove        Removes the windows service  -tls-skip-verify        Skip verification of SSL certsfor proxy targets

SweetSSL is a fork of the greatleproxy and uses thecertmagic library forLet's Encrypt support.