SNI Proxy can proxy both incoming HTTP and TLS connections based on the hostname that is contained within the initial request of that TCP session. This feature allows HTTPS name-based virtual hosting to be used on separate back-end servers without installing a private key on the proxy machine. It also lifts the TLS restriction of one IP per certificate.

This article will explain how to set up a SNI Proxy server. It was written for Debian 7 x64. SNI Proxy is open source software written by Dustin Lundquist.

Install SNI Proxy

Update your Debian system.

apt-get update && apt-get dist-upgrade

Install the required dependencies.

apt-get install autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev pkg-config git -y

Install udns.

mkdir udns
cd udns
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.dsc 
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/u/udns/udns_0.4-1.debian.tar.gz
tar xfz udns_0.4.orig.tar.gz
cd udns-0.4/
tar xfz ../udns_0.4-1.debian.tar.gz
dpkg-buildpackage
cd ..
dpkg -i *.deb 

Install SNI proxy.

git clone https://github.com/dlundquist/sniproxy
cd sniproxy
./autogen.sh && ./configure
make && make install

Configure SNI proxy

Edit the /etc/sniproxy.conf file. You can add sites that you want to proxy by using wildcards. See the example below.

user nobody
pidfile /var/run/sniproxy.pid
error_log {
    syslog deamon
    priority notice
}
listen 80  {
    proto http
    table hosts
}
listen 443 {
    proto tls
    table hosts
}
table hosts{
    .*/.google/.com$ *
    .*/.google/.com/.hk$ *
    google.com google.com
    google.com.hk google.com.hk
}

Once you have finished configuring your server, start SNI Proxy with the following command.

sniproxy

Enjoy!