├── Dockerfile └── README.md /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.6 2 | 3 | RUN set -x \ 4 | && apk add --update sniproxy \ 5 | && rm -rf /var/cache/apk/* 6 | 7 | WORKDIR /etc/sniproxy 8 | 9 | EXPOSE 443 10 | 11 | CMD ["/usr/sbin/sniproxy","-c","/etc/sniproxy/sniproxy.conf","-f"] 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-sniproxy 2 | 3 | docker-sniproxy is a SNI Proxy boxed in a Docker image built by [Tommy Lau](http://tommy.net.cn/). 4 | 5 | ## What is SNI Proxy 6 | 7 | [SNI Proxy](https://github.com/dlundquist/sniproxy) proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This enables HTTPS name-based virtual hosting to separate backend servers without installing the private key on the proxy machine. 8 | 9 | ## What's included? 10 | 11 | The latest SNI Proxy from official release and nothing more. 12 | 13 | ## How to use this image 14 | 15 | Get the docker image by running the following commands: 16 | 17 | ``` bash 18 | $ docker pull tommylau/sniproxy 19 | $ docker run --name sniproxy --net=host -v /path/to/sniproxy:/etc/sniproxy -d tommylau/sniproxy 20 | ``` 21 | 22 | Example config file 23 | 24 | ``` 25 | # sniproxy example configuration file 26 | # lines that start with # are comments 27 | # lines with only white space are ignored 28 | 29 | user daemon 30 | 31 | # PID file 32 | pidfile /var/run/sniproxy.pid 33 | 34 | error_log { 35 | # Log to the daemon syslog facility 36 | syslog deamon 37 | 38 | # Alternatively we could log to file 39 | #filename /var/log/sniproxy/sniproxy.log 40 | 41 | # Control the verbosity of the log 42 | priority notice 43 | } 44 | 45 | # blocks are delimited with {...} 46 | listen 80 { 47 | proto http 48 | table http_hosts 49 | # Fallback backend server to use if we can not parse the client request 50 | fallback localhost:8080 51 | 52 | access_log { 53 | filename /var/log/sniproxy/http_access.log 54 | priority notice 55 | } 56 | } 57 | 58 | listen 443 { 59 | proto tls 60 | table https_hosts 61 | 62 | access_log { 63 | filename /var/log/sniproxy/https_access.log 64 | priority notice 65 | } 66 | } 67 | 68 | # named tables are defined with the table directive 69 | table http_hosts { 70 | example.com 192.0.2.10:8001 71 | example.net 192.0.2.10:8002 72 | example.org 192.0.2.10:8003 73 | 74 | # pattern: 75 | # valid Perl-compatible Regular Expression that matches the 76 | # hostname 77 | # 78 | # target: 79 | # - a DNS name 80 | # - an IP address (with optional port) 81 | # - '*' to use the hostname that the client requested 82 | # 83 | # pattern target 84 | #.*\.itunes\.apple\.com$ *:443 85 | #.* 127.0.0.1:4443 86 | } 87 | 88 | # named tables are defined with the table directive 89 | table https_hosts { 90 | # When proxying to local sockets you should use different tables since the 91 | # local socket server most likely will not autodetect which protocol is 92 | # being used 93 | example.org unix:/var/run/server.sock 94 | } 95 | 96 | # if no table specified the default 'default' table is defined 97 | table { 98 | # if no port is specified default HTTP (80) and HTTPS (443) ports are 99 | # assumed based on the protocol of the listen block using this table 100 | example.com 192.0.2.10 101 | example.net 192.0.2.20 102 | } 103 | ``` 104 | 105 | --------------------------------------------------------------------------------