SNI Proxy can proxy both incoming HTTP and TLS connections based on the hostname that is contained within the initial request of that TCP session. This feature allows HTTPS name-based virtual hosting to be used on separate back-end servers without installing a private key on the proxy machine. It also lifts the TLS restriction of one IP per certificate.
This article will explain how to set up a SNI Proxy server. It was written for Debian 7 x64. SNI Proxy is open source software written by Dustin Lundquist.
Update your Debian system.
apt-get update && apt-get dist-upgrade
Install the required dependencies.
apt-get install autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev pkg-config git -y
Install udns.
mkdir udns
cd udns
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.dsc
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.debian.tar.gz
tar xfz udns_0.4.orig.tar.gz
cd udns-0.4/
tar xfz ../udns_0.4-1.debian.tar.gz
dpkg-buildpackage
cd ..
dpkg -i *.deb
Install SNI proxy.
git clone https://github.com/dlundquist/sniproxy
cd sniproxy
./autogen.sh && ./configure
make && make install
Edit the /etc/sniproxy.conf file. You can add sites that you want to proxy by using wildcards. See the example below.
user nobody
pidfile /var/run/sniproxy.pid
error_log {
syslog deamon
priority notice
}
listen 80 {
proto http
table hosts
}
listen 443 {
proto tls
table hosts
}
table hosts{
.*\.google\.com$ *
.*\.google\.com\.hk$ *
google.com google.com
google.com.hk google.com.hk
}
Once you have finished configuring your server, start SNI Proxy with the following command.
sniproxy
Enjoy!