Job tlstunnel-monitoring


Skip to build


This is a MirageOS unikernel accepting TLS connections via the public (service) network interface on frontend-port, and proxying them using TCP via the private network interface to backend-ip and backend-port. A client connecting to TLStunnel has to establish a TLS connection, which payload is forwarded to the backend service via TCP.

TLStunnel can be used for load-balancing - using multiple TLStunnel on the frontend doing expensive crypto operations (asymmetrics TLS handshakes and symmetric cryptography) with a single (or multiple) backend-services which communicate via plain TCP.

Security-wise only the TLStunnel needs access to the private key of the X.509 certificate(s). When TLStunnel is configured to do client authentication, only valid clients can access the backend service, limiting the attack surface drastically.

Installation from source

To install this unikernel from source, you need to have opam (>= 2.0.0) and ocaml (>= 4.07.0) installed. Also, mirage is required (>= 3.10.0). Please follow the installation instructions.

The following steps will clone this git repository and compile the unikernel:

$ git clone
$ mirage configure -t <your-favourite-target>
$ make depend
$ make

Installing as binary

There are not yet any binaries available, but work is underway to provide reproducible binaries.


Please open an issue if you have questions, feature requests, or comments.

Build 2021-10-13 13:49:12 -00:00

Back to readme

Build took 9min.

Execution result: exited 0.

Reproduced by builds

2021-10-15 13:49:58 -00:00, 2021-10-14 13:49:36 -00:00,

Build info

Comparisons with other builds

With latest build
With build 2021-10-12 13:48:49 -00:00 (output is identical binary)
With build 2021-10-08 13:47:19 -00:00 (output is identical binary)
With build 2021-10-07 13:46:56 -00:00 (output is identical binary)

Build artifacts

SHA256:7f139847be2bc41e2a3674fcb6a786abca4d444db3f34d3957534122d066d207 (6.31MB)
SHA256:b5308f42f591fe2336165d5566f8f6b69eb539e694e0623403f990fc18d3ea3d (268B)
SHA256:f49b7862e04aa5e3dbc70b671604d3d7bf10de6c689deca9ae2721a48347d279 (191kB)
SHA256:988bcce87c0157b9e31c7dac750f7814f8427a487268ce92dafc549c0b979b28 (184B)
SHA256:9798bf9c61c1e85465ec6e125da0c37cedefa220e77650ab7bb7eec78de29957 (9.37MB)