Provided by: hitch_1.1.1-1_i386 bug

NAME

       Hitch - high performance TLS proxy

SYNOPSIS

       hitch [OPTIONS] [PEM]

DESCRIPTION

       Hitch  is  a  network  proxy  that  terminates  TLS/SSL connections and
       forwards the unencrypted traffic to  some  backend.  It's  designed  to
       handle  10s  of  thousands  of  connections  efficiently  on  multicore
       machines.

       Hitch has very few features -- it's  designed  to  be  paired  with  an
       intelligent  backend  like  Varnish  Cache.  It  maintains a strict 1:1
       connection pattern with this backend handler so that  the  backend  can
       dictate  throttling behavior, maximum connection behavior, availability
       of service, etc.

       The only required argument is a path to a PEM file  that  contains  the
       certificate  (or  a  chain  of certificates) and private key. It should
       also contain DH parameter if you  wish  to  use  Diffie-Hellman  cipher
       suites.

COMMAND LINE ARGUMENTS

          --config=FILE
                 Load configuration from specified file.

          --tls  TLSv1 (default. No SSLv3)

          --ssl  SSLv3 (enables SSLv3)

          -c

                 --ciphers=SUITE
                        Sets allowed ciphers (Default: "")

          -e

                 --ssl-engine=NAME
                        Sets OpenSSL engine (Default: "")

          -O

                 --prefer-server-ciphers
                        Prefer server list order

          --client
                 Enable client proxy mode

          -b     --backend=[HOST]:PORT       Backend   [connect]  (default  is
                 "[127.0.0.1]:8000")

          -f     --frontend=[HOST]:PORT[+CERT]     Frontend [bind] (default is
                 "[*]:8443")   (Note:   brackets  are  mandatory  in  endpoint
                 specifiers.)

          -n

                 --workers=NUM
                        Number of worker processes (Default: 1)

          -B

                 --backlog=NUM
                        Set listen backlog size (Default: 100)

          -k

                 --keepalive=SECS
                        TCP keepalive on client socket (Default: 3600)

          -r

                 --chroot=DIR
                        Sets chroot directory (Default: "")

          -u

                 --user=USER
                        Set uid/gid after binding the socket (Default: "")

          -g

                 --group=GROUP
                        Set gid after binding the socket (Default: "")

          -q

                 --quiet
                        Be quiet; emit only error messages

          -s

                 --syslog
                        Send  log   message   to   syslog   in   addition   to
                        stderr/stdout

          --syslog-facility=FACILITY
                 Syslog facility to use (Default: "daemon")

          --daemon
                 Fork  into background and become a daemon; this also sets the
                 --quiet option (Default: off)

          --write-ip
                 Write 1 octet with the IP family followed by the  IP  address
                 in  4  (IPv4)  or  16  (IPv6) octets little-endian to backend
                 before the actual data (Default: off)

          --write-proxy-v1
                 Write HaProxy's PROXY v1 (IPv4 or IPv6) protocol line  before
                 actual data (Default: off)

          --write-proxy-v2
                 Write HaProxy's PROXY v2 binary (IPv4 or IPv6)  protocol line
                 before actual data (Default: off)

          --write-proxy
                 Equivalent to  --write-proxy-v2.  For  PROXY  version  1  use
                 --write-proxy-v1 explicitly

          --proxy-proxy
                 Proxy  HaProxy's  PROXY  (IPv4  or IPv6) protocol line before
                 actual data (PROXY v1 only) (Default: off)

          --sni-nomatch-abort
                 Abort handshake  when  client  submits  an  unrecognized  SNI
                 server name (Default: off)

          -t

                 --test Test configuration and exit

          -p

                 --pidfile=FILE
                        PID file

          -V

                 --version
                        Print program version and exit

          -h

                 --help This help message

HISTORY

       Hitch  was  originally  called  stud and was written by Jamie Turner at
       Bump.com.

                                                                      HITCH(8)