jjkiers/layer4-proxy

Fork 0

Go to file

Jacob Kiers 80575a4247

ci/woodpecker/push/build/1 Pipeline was successful

Details

ci/woodpecker/push/build/2 Pipeline was successful

Details

ci/woodpecker/push/build/3 Pipeline was successful

Details

Fix Woodpecker CI pipeline: explicitly set GITEA_SERVER_URL and remove 'set' command

- Added GITEA_SERVER_URL to the Release step to fix login failures.
- Removed 'set' command from the Prepare step to protect sensitive environment variables.

Co-authored-by: openhands <openhands@all-hands.dev>

2026-04-10 16:00:45 +00:00

.cargo

Add build instructions

2023-08-23 19:29:29 +02:00

.woodpecker

Fix Woodpecker CI pipeline: explicitly set GITEA_SERVER_URL and remove 'set' command

2026-04-10 16:00:45 +00:00

scripts

Make the build work

2026-04-09 22:05:08 +02:00

src

Add wildcard SNI matching

2026-04-09 22:12:55 +02:00

tests

Remove kcp support

2024-02-23 22:49:43 +01:00

.drone.jsonnet

Upgrade toolchain to rust 1.79.0

2024-06-22 15:44:13 +02:00

.gitignore

Update .gitignore

2024-06-22 11:49:12 +02:00

Cargo.lock

Release v0.1.12

2026-04-09 22:37:28 +02:00

Cargo.toml

Release v0.1.12

2026-04-09 22:37:28 +02:00

CHANGELOG.md

Release version 0.1.10

2025-01-09 21:13:07 +01:00

config.yaml.example

Add wildcard SNI matching

2026-04-09 22:12:55 +02:00

example-config.yaml

Remove kcp support

2024-02-23 22:49:43 +01:00

l4p.service

Rename to l4p, update references and README.md

2024-02-23 22:03:25 +01:00

LICENSE

First commit

2021-10-21 16:43:59 +08:00

README.md

Add wildcard SNI matching

2026-04-09 22:12:55 +02:00

README.md

l4p

Hey, now we are on level 4!

l4p is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP data to remote addresses (only TCP) according to the configuration.

Features

Listen on specific port and proxy to local or remote port
SNI-based rule without terminating TLS connection
DNS-based backend with periodic resolution

Installation

To gain best performance on your computer's architecture, please consider build the source code. First, you may need Rust tool chain.

$ cd l4p
$ cargo build --release

Binary file will be generated at target/release/l4p, or you can use cargo install --path . to install.

Or you can use Cargo to install l4p:

$ cargo install l4p

Or you can download binary file form the Release page.

Features

Listen on specific port and proxy to local or remote port
SNI-based rule without terminating TLS connection
Wildcard SNI matching with DNS-style longest-suffix-match
DNS-based backend with periodic resolution

Configuration

l4p will read yaml format configuration file from /etc/l4p/l4p.yaml, and you can set custom path to environment variable L4P_CONFIG, here is an minimal viable example:

version: 1
log: info

servers:
  proxy_server:
    listen:
      - "127.0.0.1:8081"
    default: remote

upstream:
  remote: "tcp://www.remote.example.com:8082" # proxy to remote address

There are two upstreams built in:

Ban, which terminates the connection immediately
Echo, which reflects back with the input

For detailed configuration, check this example.

SNI Matching

The proxy supports both exact and wildcard SNI patterns in the sni config. Wildcards use DNS-style longest-suffix-match: more specific patterns take precedence. For example, with *.example.com and *.api.example.com, request api.example.com matches the first, while v2.api.example.com matches the second.

Wildcards are validated against the Public Suffix List (PSL). Known suffixes (.com, .org) require at least one label below the suffix (*.example.com OK, *.com rejected). Unknown suffixes (.local, .lan) are allowed without restriction.

Invalid wildcard patterns are rejected at config load time with clear error messages.

Thanks

fourth, of which this is a heavily modified fork.

License

l4p is available under terms of Apache-2.0.

Releases 5

v0.1.11 Latest

2025-05-01 20:04:59 +00:00

Languages

Rust 97.6%

Shell 2.4%