This article is outdated and may not work correctly for current operating systems or software.
SNI Proxy can proxy both incoming HTTP and TLS connections based on the hostname that is contained within the initial request of that TCP session. This feature allows HTTPS name-based virtual hosting to be used on separate back-end servers without installing a private key on the proxy machine. It also lifts the TLS restriction of one IP per certificate.
This article will explain how to set up a SNI Proxy server. It was written for Debian 7 x64. SNI Proxy is open source software written by Dustin Lundquist.
Update your Debian system.
apt-get update && apt-get dist-upgrade
Install the required dependencies.
apt-get install autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev pkg-config git -y
Install udns.
mkdir udns
cd udns
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.dsc
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.debian.tar.gz
tar xfz udns_0.4.orig.tar.gz
cd udns-0.4/
tar xfz ../udns_0.4-1.debian.tar.gz
dpkg-buildpackage
cd ..
dpkg -i *.deb
Install SNI proxy.
git clone https://github.com/dlundquist/sniproxy
cd sniproxy
./autogen.sh && ./configure
make && make install
Edit the /etc/sniproxy.conf
file. You can add sites that you want to proxy by using wildcards. See the example below.
user nobody
pidfile /var/run/sniproxy.pid
error_log {
syslog deamon
priority notice
}
listen 80 {
proto http
table hosts
}
listen 443 {
proto tls
table hosts
}
table hosts{
.*\.google\.com$ *
.*\.google\.com\.hk$ *
google.com google.com
google.com.hk google.com.hk
}
Once you have finished configuring your server, start SNI Proxy with the following command.
sniproxy
Enjoy!