A TCP proxy for TLS termination and load-balancing
Most internet-facing applications use a reverse proxy (ingress) to separate the internal resources from the external world. The reverse proxy is usually connected by the external clients using encrypted connections (TLS), and forwards the requests to backend services via unencrypted channels (Figure 11.1) or by re-encrypting the connection using the internal CA. The reverse proxy usually also performs some sort of load-balancing to distribute the work evenly.
Figure 13.1 – TLS proxy with round-robin load balancing and TLS termination
In this section, we will look at such a reverse proxy that accepts TLS traffic from external hosts, and forwards that traffic to backend servers using unencrypted TCP while distributing the requests to those servers in a round-robin fashion.
As a Go developer, you are unlikely to write your own reverse proxy or load balancer, as there are multiple options available...
