README.md 1.05 KB
Newer Older
Dustin Lundquist's avatar
Dustin Lundquist committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44


HTTPS SNI Proxy
===============

Proxies TLS and HTTP requests to backend servers based on SNI
(server name indication) TLS extension.

Features
--------
+ Namebased proxying of HTTPS without decrypting traffic. No keys or certificates required.
+ Also supports HTTP
+ Support IPv4, IPv6 and Unix domain sockets for both backend servers and listeners
+ Multiple listeners per daemon


Usage
-----

    Usage: sni_proxy [-c <config>] [-f]
        -c  configruation file, defaults to /etc/sni_proxy.conf
        -f  run in foreground, do not drop privileges

Configuration Syntax
--------------------
    
    user daemon

    listener 127.0.0.1 443 {
        protocol tls
        table "TableName"
    }
    
    table "TableName" {
        # Match exact request hostnames
        example.com 192.0.2.10      4343
        example.net 2001:DB8::1:10  443
        # Or use PCRE to match
        .*\\.com    2001:DB8::1:11  443
        # Combining PCRE and wildchard will resolve the hostname client requested and proxy to it
        .*\\.edu    *               443
    }