Provided by: hitch_1.1.1-1_amd64 bug


       Hitch - high performance TLS proxy


       hitch [OPTIONS] [PEM]


       Hitch  is a network proxy that terminates TLS/SSL connections and forwards the unencrypted
       traffic to some  backend.  It's  designed  to  handle  10s  of  thousands  of  connections
       efficiently on multicore machines.

       Hitch has very few features -- it's designed to be paired with an intelligent backend like
       Varnish Cache. It maintains a strict 1:1 connection pattern with this backend  handler  so
       that   the   backend   can  dictate  throttling  behavior,  maximum  connection  behavior,
       availability of service, etc.

       The only required argument is a path to a PEM file that contains  the  certificate  (or  a
       chain of certificates) and private key. It should also contain DH parameter if you wish to
       use Diffie-Hellman cipher suites.


                 Load configuration from specified file.

          --tls  TLSv1 (default. No SSLv3)

          --ssl  SSLv3 (enables SSLv3)


                        Sets allowed ciphers (Default: "")


                        Sets OpenSSL engine (Default: "")


                        Prefer server list order

                 Enable client proxy mode

          -b     --backend=[HOST]:PORT     Backend [connect] (default is "[]:8000")

          -f     --frontend=[HOST]:PORT[+CERT]     Frontend [bind] (default is "[*]:8443") (Note:
                 brackets are mandatory in endpoint specifiers.)


                        Number of worker processes (Default: 1)


                        Set listen backlog size (Default: 100)


                        TCP keepalive on client socket (Default: 3600)


                        Sets chroot directory (Default: "")


                        Set uid/gid after binding the socket (Default: "")


                        Set gid after binding the socket (Default: "")


                        Be quiet; emit only error messages


                        Send log message to syslog in addition to stderr/stdout

                 Syslog facility to use (Default: "daemon")

                 Fork  into  background  and  become  a daemon; this also sets the --quiet option
                 (Default: off)

                 Write 1 octet with the IP family followed by the IP address in 4  (IPv4)  or  16
                 (IPv6) octets little-endian to backend before the actual data (Default: off)

                 Write  HaProxy's  PROXY  v1  (IPv4  or  IPv6)  protocol  line before actual data
                 (Default: off)

                 Write HaProxy's PROXY v2 binary (IPv4 or IPv6)  protocol line before actual data
                 (Default: off)

                 Equivalent  to  --write-proxy-v2.  For  PROXY  version  1  use  --write-proxy-v1

                 Proxy HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data (PROXY  v1
                 only) (Default: off)

                 Abort  handshake  when  client submits an unrecognized SNI server name (Default:


                 --test Test configuration and exit


                        PID file


                        Print program version and exit


                 --help This help message


       Hitch was originally called stud and was written by Jamie Turner at