tlspr - SNI proxy gateway service
tlspr [-d][-a] [-l[[@]logfile]] [-plistening_port] [-Pdestination_port] [-ctls_check_level] [-iinternal_ip] [-eexternal_ip]
tlspr is an SNI gateway service (destination host is taken from TLS handshake). The destination port must be specified via the -P option (or it may be detected with the Transparent plugin).
|
-I |
Inetd mode. Standalone service only. | ||
|
-d |
Daemonize. Detach service from console and run in the background. | ||
|
-t |
Be silenT. Do not log start/stop/accept error records. | ||
|
-u |
Never ask for username authentication | ||
|
-e |
External address. IP address of the interface the proxy should initiate connections from. By default, the system will decide which address to use in accordance with the routing table. |
-niPATH
(Linux only) Switch to the network namespace identified by PATH before opening the listening socket. The current namespace is saved and restored immediately after binding, so outgoing connections run in the original namespace unless -ne is also given.
-nePATH
(Linux only) Switch to the network namespace identified by PATH after the listening socket has been bound (and after restoring from -ni if applicable). Both options accept any namespace file path (e.g. /var/run/netns/myns or /proc/PID/ns/net) and require CAP_SYS_ADMIN.
|
-i |
Internal address. IP address the proxy accepts connections to. By default, connections to any interface are accepted. It´s usually unsafe. Unix domain sockets can be specified with -iunix:/path/to/socket syntax (e.g., -iunix:/var/run/tlspr.sock). On Linux, abstract sockets use -iunix:@socketname syntax. | ||
|
-a |
Anonymous. Hide information about client. | ||
|
-a1 |
Anonymous. Show fake information about client. | ||
|
-p |
listening_port. Port proxy listens for incoming connections. Default is 1443. | ||
|
-P |
destination_port. Port to establish outgoing connections. Required unless the Transparent plugin is used, because the TLS handshake does not contain port information. Default is 443. | ||
|
-c |
TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check that the server sends a certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check that the server sends a certificate request and the client sends a certificate (not compatible with TLS 1.3) | ||
|
-l |
Log. By default logging is to stdout. If logfile is specified logging is to file. Under Unix, if ´@´ precedes logfile, syslog is used for logging. | ||
|
-S |
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy crashes. |
You should use a client with TLS support or configure a router to redirect TLS traffic to the proxy (transparent proxy). Configure the client to connect to internal_ip and port. If you need to limit clients, use 3proxy(8) instead.
Report all bugs to 3proxy@3proxy.org
3proxy(8),
ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8),
udppm(8), syslogd(8),
https://3proxy.org/
3proxy is designed by Vladimir 3APA3A Dubrovin (3proxy@3proxy.org)