mirror of
https://github.com/3proxy/3proxy.git
synced 2026-04-07 05:40:12 +08:00
86 lines
2.7 KiB
Groff
86 lines
2.7 KiB
Groff
.TH tlspr "8" "May 2024" "3proxy 0.9" "Universal proxy server"
|
|
.SH NAME
|
|
.B tlspr
|
|
\- SNI proxy gateway service
|
|
.SH SYNOPSIS
|
|
.BR "tlspr " [ -d ][ -a ]
|
|
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
|
|
.IB \fR[ -p listening_port\fR]
|
|
.IB \fR[ -P destination_port\fR]
|
|
.IB \fR[ -c tls_check_level\fR]
|
|
.IB \fR[ -i internal_ip\fR]
|
|
.IB \fR[ -e external_ip\fR]
|
|
.SH DESCRIPTION
|
|
.B tlspr
|
|
is an SNI gateway service (destination host is taken from TLS handshake). The destination port must be specified via the -P option (or it may be detected with the Transparent plugin).
|
|
.SH OPTIONS
|
|
.TP
|
|
.B -I
|
|
Inetd mode. Standalone service only.
|
|
.TP
|
|
.B -d
|
|
Daemonize. Detach service from console and run in the background.
|
|
.TP
|
|
.B -t
|
|
Be silenT. Do not log start/stop/accept error records.
|
|
.TP
|
|
.B -u
|
|
Never ask for username authentication
|
|
.TP
|
|
.B -e
|
|
External address. IP address of the interface the proxy should initiate connections
|
|
from.
|
|
By default, the system will decide which address to use in accordance
|
|
with the routing table.
|
|
.TP
|
|
.B -i
|
|
Internal address. IP address the proxy accepts connections to.
|
|
By default, connections to any interface are accepted. It\'s usually unsafe.
|
|
.TP
|
|
.B -a
|
|
Anonymous. Hide information about client.
|
|
.TP
|
|
.B -a1
|
|
Anonymous. Show fake information about client.
|
|
.TP
|
|
.B -p
|
|
listening_port. Port proxy listens for incoming connections. Default is 1443.
|
|
.TP
|
|
.B -P
|
|
destination_port. Port to establish outgoing connections. Required unless the Transparent plugin is used, because the TLS handshake does not contain port information. Default is 443.
|
|
.TP
|
|
.B -c
|
|
TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check that the server sends a certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check that the server sends a certificate request and the client sends a certificate (not compatible with TLS 1.3)
|
|
.TP
|
|
.B -l
|
|
Log. By default logging is to stdout. If
|
|
.I logfile
|
|
is specified logging is to file. Under Unix, if
|
|
.RI \' @ \'
|
|
precedes
|
|
.IR logfile ,
|
|
syslog is used for logging.
|
|
.TP
|
|
.B -S
|
|
Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
|
|
crashes.
|
|
.SH CLIENTS
|
|
You should use a client with TLS support or configure a router to redirect
|
|
TLS traffic to the proxy (transparent proxy). Configure the client to connect to
|
|
.I internal_ip
|
|
and
|
|
.IR port .
|
|
If you need to limit clients, use
|
|
.BR 3proxy (8)
|
|
instead.
|
|
.SH BUGS
|
|
Report all bugs to
|
|
.BR 3proxy@3proxy.org
|
|
.SH SEE ALSO
|
|
3proxy(8), ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8), udppm(8), syslogd(8),
|
|
.br
|
|
https://3proxy.org/
|
|
.SH AUTHORS
|
|
3proxy is designed by Vladimir 3APA3A Dubrovin
|
|
.RI ( 3proxy@3proxy.org )
|