A minimalistic SNI pass-through proxy implemented in golang. It doesn't do TLS termination or any load-balancing. It just routes connections by domain.
Routes HTTP and TLS connections:
- HTTP connections routed by hostname. The hostname is extracted from the HTTP "Host" header.
- TLS connections routed by SNI(Server Name Indication). The server name is extracted from the TLS ClientHello handshake.
go get github.com/acls/sniproxy
cp $GOPATH/src/github.com/acls/sniproxy/config.sample.yaml config.yaml
vim config.yaml
$GOPATH/bin/sniproxy -d -c config.yaml
# default destination
default: 127.0.0.1:8443
# listen on multiple ports
listen:
- 80
- 443
# forward rules - exact or wildcard matches
forward_rules:
# forward by domain and port to 127.0.0.1:8080
www.example.com:80: 127.0.0.1:8080
# forward by domain to 127.0.0.1:8443
www.example.com: 127.0.0.1:8443
# wildcard match
"*:80": "127.0.0.0:8080"
# wildcard match and wildcard forward
"*:9999": "*:443"
NOTE: change ExecStart paths to match your paths, since the paths must be absolute. My $GOPATH is my home directory.
cp $GOPATH/src/github.com/acls/sniproxy/sniproxy.sample.service /etc/systemd/system/sniproxy.service
vim /etc/systemd/system/sniproxy.service
systemctl start sniproxy.service
journalctl -u sniproxy.service # all logs
journalctl -u sniproxy.service -f # follow logs
systemctl enable sniproxy.service
systemctl reload sniproxy.service