From owner-svn-ports-head@freebsd.org Sun Apr 22 15:25:50 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2124FA82B1; Sun, 22 Apr 2018 15:25:49 +0000 (UTC) (envelope-from krion@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9D47C6C67C; Sun, 22 Apr 2018 15:25:49 +0000 (UTC) (envelope-from krion@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 95609178FA; Sun, 22 Apr 2018 15:25:49 +0000 (UTC) (envelope-from krion@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3MFPnKf031863; Sun, 22 Apr 2018 15:25:49 GMT (envelope-from krion@FreeBSD.org) Received: (from krion@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3MFPmEB031857; Sun, 22 Apr 2018 15:25:48 GMT (envelope-from krion@FreeBSD.org) Message-Id: <201804221525.w3MFPmEB031857@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: krion set sender to krion@FreeBSD.org using -f From: Kirill Ponomarev Date: Sun, 22 Apr 2018 15:25:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r468034 - in head/net: . sniproxy sniproxy/files X-SVN-Group: ports-head X-SVN-Commit-Author: krion X-SVN-Commit-Paths: in head/net: . sniproxy sniproxy/files X-SVN-Commit-Revision: 468034 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2018 15:25:50 -0000 Author: krion Date: Sun Apr 22 15:25:48 2018 New Revision: 468034 URL: https://svnweb.freebsd.org/changeset/ports/468034 Log: SNIproxy - Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This enables HTTPS name-based virtual hosting to separate backend servers without installing the private key on the proxy machine. Features: Name-based proxying of HTTPS without decrypting traffic. No keys or certificates required. Supports both TLS and HTTP protocols. Supports IPv4, IPv6 and Unix domain sockets for both back end servers and listeners. Supports multiple listening sockets per instance. Supports HAProxy proxy protocol to propagate original source address to backend servers. WWW: https://github.com/dlundquist/sniproxy Added: head/net/sniproxy/ head/net/sniproxy/Makefile (contents, props changed) head/net/sniproxy/distinfo (contents, props changed) head/net/sniproxy/files/ head/net/sniproxy/files/pkg-message.in (contents, props changed) head/net/sniproxy/files/sniproxy.in (contents, props changed) head/net/sniproxy/pkg-descr (contents, props changed) Modified: head/net/Makefile Modified: head/net/Makefile ============================================================================== --- head/net/Makefile Sun Apr 22 15:10:28 2018 (r468033) +++ head/net/Makefile Sun Apr 22 15:25:48 2018 (r468034) @@ -1373,6 +1373,7 @@ SUBDIR += smm++ SUBDIR += sngrep SUBDIR += sniffit + SUBDIR += sniproxy SUBDIR += sntop SUBDIR += sobby SUBDIR += socat Added: head/net/sniproxy/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/sniproxy/Makefile Sun Apr 22 15:25:48 2018 (r468034) @@ -0,0 +1,42 @@ +# $FreeBSD$ + +PORTNAME= sniproxy +DISTVERSION= 0.5.0 +CATEGORIES= net + +MAINTAINER= krion@FreeBSD.org +COMMENT= Proxy that routes based on TLS server name extension + +LICENSE= BSD2CLAUSE +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libev.so:devel/libev \ + libpcre.so:devel/pcre \ + libudns.so:dns/udns + +USES= autoreconf:build gettext pkgconfig + +SUB_FILES= pkg-message +USE_RC_SUBR= sniproxy + +USE_GITHUB= yes +GH_ACCOUNT= dlundquist + +GNU_CONFIGURE= yes +USE_LDCONFIG= yes + +PLIST_FILES= man/man5/sniproxy.conf.5.gz \ + man/man8/sniproxy.8.gz \ + sbin/sniproxy \ + "@sample etc/sniproxy.conf.sample" + +pre-configure: + cd ${WRKSRC} && ${SH} autogen.sh + +post-patch: + @${REINPLACE_CMD} -e 's|/var/tmp/|/var/run/|' ${WRKSRC}/${PORTNAME}.conf + +post-install:: + ${INSTALL_DATA} ${WRKSRC}/sniproxy.conf ${STAGEDIR}${PREFIX}/etc/sniproxy.conf.sample + +.include Added: head/net/sniproxy/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/sniproxy/distinfo Sun Apr 22 15:25:48 2018 (r468034) @@ -0,0 +1,3 @@ +TIMESTAMP = 1524378674 +SHA256 (dlundquist-sniproxy-0.5.0_GH0.tar.gz) = 0b8dd06f9aa9e1c4151b572caf645ffceacdd35a139ded16a7fb0035452c17e5 +SIZE (dlundquist-sniproxy-0.5.0_GH0.tar.gz) = 72654 Added: head/net/sniproxy/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/sniproxy/files/pkg-message.in Sun Apr 22 15:25:48 2018 (r468034) @@ -0,0 +1,9 @@ +******************************************************************* + Enable sniproxy in /etc/rc.conf with the following line: + + sniproxy_enable="YES" + + A configuration template is available in + %%PREFIX%%/etc/sniproxy.conf + +******************************************************************* Added: head/net/sniproxy/files/sniproxy.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/sniproxy/files/sniproxy.in Sun Apr 22 15:25:48 2018 (r468034) @@ -0,0 +1,39 @@ +#!/bin/sh +# +#$FreeBSD$ +# + +# PROVIDE: sniproxy +# REQUIRE: SERVERS cleanvar +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable sniproxy: +# +# sniproxy_enable="YES" +# +# + +. /etc/rc.subr + +name=sniproxy +rcvar=sniproxy_enable + +command=%%PREFIX%%/sbin/sniproxy + +pidfile=${sniproxy_pidfile:-"/var/run/sniproxy.pid + +sniproxy_enable=${sniproxy_enable:-"NO"} +sniproxy_conf=${sniproxy_conf:-"%%PREFIX%%/etc/sniproxy.conf"} + +stop_postcmd="rm -f $pidfile" +sig_reload="HUP" + +load_rc_config ${name} + +required_files=${sniproxy_conf} + +command_args="-c ${sniproxy_conf}" +run_rc_command "$1" + Added: head/net/sniproxy/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/sniproxy/pkg-descr Sun Apr 22 15:25:48 2018 (r468034) @@ -0,0 +1,21 @@ +SNIproxy - Proxies incoming HTTP and TLS connections based on the +hostname contained in the initial request of the TCP session. This +enables HTTPS name-based virtual hosting to separate backend servers +without installing the private key on the proxy machine. + +Features: + +Name-based proxying of HTTPS without decrypting traffic. No keys or +certificates required. + +Supports both TLS and HTTP protocols. + +Supports IPv4, IPv6 and Unix domain sockets for both back end +servers and listeners. + +Supports multiple listening sockets per instance. + +Supports HAProxy proxy protocol to propagate original source address +to backend servers. + +WWW: https://github.com/dlundquist/sniproxy