Setup SNI Proxy on Debian 7 x64

SNI Proxy can proxy both incoming HTTP and TLS connections based on the hostname that is contained within the initial request of that TCP session. This feature allows HTTPS name-based virtual hosting to be used on separate back-end servers without installing a private key on the proxy machine. It also lifts the TLS restriction of one IP per certificate.

This article will explain how to set up a SNI Proxy server. It was written for Debian 7 x64. SNI Proxy is open source software written by Dustin Lundquist.

Install SNI Proxy

Update your Debian system.

apt-get update && apt-get dist-upgrade

Install the required dependencies.

apt-get install autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev pkg-config git -y

Install udns.

mkdir udns
cd udns
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.dsc 
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.debian.tar.gz
tar xfz udns_0.4.orig.tar.gz
cd udns-0.4/
tar xfz ../udns_0.4-1.debian.tar.gz
dpkg-buildpackage
cd ..
dpkg -i *.deb 

Install SNI proxy.

git clone https://github.com/dlundquist/sniproxy
cd sniproxy
./autogen.sh && ./configure
make && make install

Configure SNI proxy

Edit the /etc/sniproxy.conf file. You can add sites that you want to proxy by using wildcards. See the example below.

user nobody
pidfile /var/run/sniproxy.pid
error_log {
    syslog deamon
    priority notice
}
listen 80  {
    proto http
    table hosts
}
listen 443 {
    proto tls
    table hosts
}
table hosts{
    .*/.google/.com$ *
    .*/.google/.com/.hk$ *
    google.com google.com
    google.com.hk google.com.hk
}

Once you have finished configuring your server, start SNI Proxy with the following command.

sniproxy

Enjoy!