SNI Relay

Simple SNI relay server written in Go.

What it does:

1. Listens for incoming HTTP or HTTPS connections.
2. Parses the hostname from the HTTP request or TLS ClientHello.
3. Proxies the traffic further to that hostname.

Why would you need it? For instance, if you operate a DNS server, and you want to relay some domains to an intermediate server (effectively, change your IP address).

How to build

make

How to run it locally

./snirelay -l 127.0.0.1 -p 80:443

Alternatively, you can supply a list of custom domain<->IP mappings:

./snirelay -l 127.0.0.1 -p 80:443 --sni-mappings-path=sni_mapping.csv

How to test

# Simple connect via relay:
gocurl --connect-to="example.org:443:127.0.0.1:80" -I https://example.org/

Docker

The docker image is available. snirelay listens to the ports 8080 and 8443 inside the container, so you don't have to specify the listen address and ports, other arguments are available.

Run snirelay as a background service in server mode and expose on the host's ports 80 and 443 (tcp):

docker run -d --name snirelay \
  -p 80:8443/tcp -p 443:8443/tcp \
  ghcr.io/ameshkov/snirelay

Usage

Usage:
  snirelay [OPTIONS]

Application Options:
  -l, --listen=<IP>                                         Address the tool will be listening to (required).
  -p, --ports=<PLAIN_PORT:TLS_PORT>                         Port for accepting plain HTTP (required).
      --proxy=[protocol://username:password@]host[:port]    Proxy URL (optional).
      --sni-mappings-path=                                  Path to the file with SNI mappings (optional).
  -v, --verbose                                             Verbose output (optional).

Help Options:
  -h, --help                                                Show this help message