Download the keyless proxy
Statically-linked binary. No runtime, no container needed. It terminates TLS locally and holds no private keys: Every handshake signature comes from goTLS's signer.
Version 1.0.0. Pick your platform, then jump to Get started for the two-step run.
Checksums: SHA256SUMS — verify with sha256sum -c SHA256SUMS (or shasum -a 256 on macOS).
Run it
# Linux/macOS: make it executable, then front your local service on :8443 chmod +x keyless-proxy-linux-amd64 ROUTE_0_SNI='*.gotls.de' \ ROUTE_0_UPSTREAM=127.0.0.1:8080 \ ROUTE_0_SIGNER=gotls.de:9000 \ ./keyless-proxy-linux-amd64 # then open the magic URL it prints, e.g. curl https://127-0-0-1.gotls.de:8443/
- macOS: the binary is unsigned, so clear the quarantine flag first: xattr -d com.apple.quarantine keyless-proxy-macos-arm64.
- Windows: SmartScreen may warn on an unsigned binary: Choose More info → Run anyway, and set the variables with $env:ROUTE_0_SNI="*.gotls.de" in PowerShell.
- Run keyless-proxy --help for the full route syntax (terminate, passthrough, default upstream).
Prefer a container?
# The same edge as a published image
docker run --rm --network host \
-e ROUTE_0_SNI='*.gotls.de' \
-e ROUTE_0_UPSTREAM=127.0.0.1:8080 \
-e ROUTE_0_SIGNER=gotls.de:9000 \
ghcr.io/trion-development/gotls-proxy:1.0.0