Provided by: sniproxy_0.6.0-2_amd64 bug


       sniproxy.conf - sniproxy configuration file




       /etc/sniproxy.conf  is  the  configuration  file for sniproxy. Statements are separated by
       either a new line or semi-colon. Lines starting with # are comments. The configuration  is
       broken  down  into  stanzas  delimited by curly braces. Characters may be escaped using \.
       Configuration directives may may be shorted as long as  they  are  unambiguous  e.g.  user
       daemon instead of username daemon.

       username daemon

       Specify  the  user  sniproxy will run as. When sniproxy is launched as super user, it will
       drop permissions to this user.

       pidfile /var/run/

       Specify the path to the pid file, the directory much be writeable  by  the  user  sniproxy
       runs as.

       error_log {
           syslog daemon
           priority notice

       Specify  how  error  messages  should  be handled. Messages can be either logged to syslog
       using the syslog directive  specifies  that  logs  should  to  a  given  syslog  facility.
       Alternatively  the  filename  directive may be specified to log to file, these two options
       are mutually exclusive. The priority directive indicates what severity of messages  should
       be  logged.  Accepted  priorities the standard syslog priorities, in increasing verbosity:
       emergency, alert, critical, error, warning, notice, info, and debug.

       access_log {
           filename /var/log/sniproxy/access.log

       Specify how connections should be logged,  may  be  overridden  in  a  specific  listener.
       Connections are logged after both the client and server have sockets have been closed. The
       syslog and priority directive may be used here as in error_log.

       resolver {
           mode ipv6_first

       Specify how DNS queries should be resolved, this is only required if  using  hostnames  as
       addresses in the configuration or using wildcard backends.  If not specified the IPv4 only
       queries will be preformed using the system default name servers.

       Four modes are supported:

       ipv4_only: query for any A records, use the  first  A  record  returned  (following  CNAME

       ipv6_only: query for any AAAA records, use the first AAAA record returned (following CNAME

       ipv4_first: query for both A and AAAA records, wait for both queries to complete, use  the
       first A record if any, otherwise use the first AAAA record.

       ipv6_first:  query for both A and AAAA records, wait for both queries to complete, use the
       first AAAA record if any, otherwise use the first A record.

       It is strongly recommended to use a local name server, since a single socket is reused for
       all  DNS  queries  and  thus  the  UDP  port  number is predictable leaving the query only
       protected from spoofed replies by the 16 bit query ID.  Additionally since no internal DNS
       caching is performed a local resolver can improve performance.

       listener {
           protocol http
           reuseport yes
           table http_hosts
           bad_requests log

           access_log {
               filename /var/log/sniproxy/http_access.log

       listener [::]:80 {
           protocol http
           ipv6_v6only yes
           table http_hosts

           fallback unix:/var/run/http_fallback_unix.sock

       Define  a  listening  address  to accept new connections from clients on. Addresses may be
       specified as an IPv4 literal followed by a TCP port number, and IPv6 literal followed by a
       TCP port number, a bare TCP port number or a unix socket path prefixed with 'unix:'.

       Protocol defines how the client request should be parsed to obtain the requested hostname,
       two protocols are supported http and tls.

       Reuseport directive controls if the port is opened in SO_REUSEPORT mode, which  allows  to
       run  several sniproxy instances on the same ip:port pair.  This enables us to evenly load-
       balance incoming connections between these instances without the use of any external load-
       balancing  proxy.  Requires  Linux  kernel  3.9+.  Setting reuseport to "yes" enables this

       The ipv6_v6only directive controls  if  listening  on  the  IPv6  any  address  '::'  will
       accepting  connections  to  any IPv4 address as well as an IPv6 address. This is useful if
       the user wants different configurations for IPv4 and IPv6 or wishes to handle IPv4 traffic
       with  another  server/proxy  entirely.  This  is only applicable to IPv6 listeners, and is
       ignored on other listeners.

       Table specifies the name of  the  table  used  to  lookup  which  server  to  forward  the
       connection to based on the hostname extracted from the initial client request. If no table
       directive is specified the default, unnamed, table will be used.

       The fallback directive specifies a server to be used if the  client  request  can  not  be
       parsed,  a server can not be found in the table for the hostname specified or the hostname
       can not be resolved.. This should be an IP address and port or unix socket path.

       The bad_requests directive allows logging the contents of the client request if it is  not
       parsable, this is useful for debugging.

       The source directive allows specifying a specified address to bind to before connecting to
       the backend server. In most cases it is better to omit this option and allow the operating
       system  to select the outgoing address automatically. Do not include a port number in this
       address, doing so will limit the proxy to one simultaneous to each server at time.

       The access log configuration may be overridden on each listener.

       table http_hosts {
           ^example\.org$ proxy_protocol

       Tables define how to map each hostname to a backend server.  Each  request's  hostname  is
       matched  against  entries in the table in order, until a match is found and that server is
       used. The server address may be either IP, an IP and port, a unix socket path, a  hostname
       or '*'. If no port is specified, the port of the listener which connection was received on
       will be used.

       The optional proxy_protocol option will prepend a HAProxy PROXY v1 protocol header to  the
       proxied  connection allowing supporting webservers to obtain the source and destination IP
       and port of the original incoming TCP connection.