"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "hitch.8" between
hitch-1.6.1.tar.gz and hitch-1.7.0.tar.gz

About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.

hitch.8  (hitch-1.6.1):hitch.8  (hitch-1.7.0)
skipping to change at line 22 skipping to change at line 22
Hitch has very few features -- it's designed to be paired with an intelli gent backend like Varnish Cache. Hitch has very few features -- it's designed to be paired with an intelli gent backend like Varnish Cache.
It maintains a strict 1:1 connection pattern with this backend handler so that the backend can dictate It maintains a strict 1:1 connection pattern with this backend handler so that the backend can dictate
throttling behavior, maximum connection behavior, availability of service , etc. throttling behavior, maximum connection behavior, availability of service , etc.
The only required argument is a path to a PEM file that contains the cert ificate (or a chain of certifi- The only required argument is a path to a PEM file that contains the cert ificate (or a chain of certifi-
cates) and private key. It should also contain DH parameter if you w ish to use Diffie-Hellman cipher cates) and private key. It should also contain DH parameter if you w ish to use Diffie-Hellman cipher
suites. suites.
COMMAND LINE ARGUMENTS COMMAND LINE ARGUMENTS
--config=FILE --config=FILE
Load configuration from specified file. See hitch.conf(5) for d Load configuration from specified file. See hitch.conf(5) for details.
etails.
--tls All TLS versions, no SSLv3 (deprecated). See config file settin --tls-protos=LIST
g tls-protos. Specifies which SSL/TLS protocols to use. Available tokens are SSLv3,
TLSv1.0, TLSv1.1, TLSv1.2 and
TLSv1.3. (Default "TLSv1.2 TLSv1.3")
--ssl enable SSLv3 (deprecated). See config file setting tls-protos. -c --ciphers=SUITE
Sets allowed ciphers (Default: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES2
56+EDH")
-c -e --ssl-engine=NAME
Sets OpenSSL engine (Default: "")
--ciphers=SUITE -O --prefer-server-ciphers[=on|off]
Sets allowed ciphers (Default: "") Prefer server list order (Default: "off")
-e --client
Enable client proxy mode
--ssl-engine=NAME -b --backend=[HOST]:PORT
Sets OpenSSL engine (Default: "") Backend endpoint (default is "[127.0.0.1]:8000") The -b argument can als
o take a UNIX domain socket path
E.g. --backend="/path/to/sock"
-O -f --frontend=[HOST]:PORT[+CERT]
Frontend listen endpoint (default is "[*]:8443") (Note: brackets are mand
atory in endpoint specifiers.)
--prefer-server-ciphers -n --workers=NUM
Prefer server list order Number of worker processes (Default: 1)
--client -B --backlog=NUM
Enable client proxy mode Set listen backlog size (Default: 100)
-b --backend=[HOST]:PORT Backend [connect] (default is "[127.0 -k --keepalive=SECS
.0.1]:8000") The -b argument can TCP keepalive on client socket (Default: 3600)
also take a UNIX domain socket path E.g. --backend="/path/to/so
ck"
-f --frontend=[HOST]:PORT[+CERT] Frontend [bind] (default is -R --backend-refresh=SECS
"[*]:8443") (Note: brackets are Periodic backend IP lookup, 0 to disable (Default: 0)
mandatory in endpoint specifiers.)
-n --enable-tcp-fastopen[=on|off]
Enable client-side TCP Fast Open. (Default: off)
--workers=NUM -r --chroot=DIR
Number of worker processes (Default: 1) Sets chroot directory (Default: "")
-B -u --user=USER
Set uid/gid after binding the socket (Default: "")
--backlog=NUM -g --group=GROUP
Set listen backlog size (Default: 100) Set gid after binding the socket (Default: "")
-k -q --quiet[=on|off]
Be quiet; emit only error messages (deprecated, use 'log-level')
--keepalive=SECS -L --log-level=NUM
TCP keepalive on client socket (Default: 3600) Log level. 0=silence, 1=err, 2=info/debug (Default: 1)
-R -l --log-filename=FILE
Send log message to a logfile instead of stderr/stdout
--backendrefresh=SECS -s --syslog[=on|off]
Periodic backend IP lookup, 0 to disable (Default: 0) Send log message to syslog in addition to stderr/stdout
-r --syslog-facility=FACILITY
Syslog facility to use (Default: "daemon")
--chroot=DIR --daemon[=on|off]
Sets chroot directory (Default: "") Fork into background and become a daemon (Default: off)
-u --write-ip[=on|off]
Write 1 octet with the IP family followed by the IP address in 4 (IPv4) o
r 16 (IPv6) octets little-endian
to backend before the actual data (Default: off)
--user=USER --write-proxy-v1[=on|off]
Set uid/gid after binding the socket (Default: "") Write HAProxy's PROXY v1 (IPv4 or IPv6) protocol line before actual data
(Default: off)
-g --write-proxy-v2[=on|off]
Write HAProxy's PROXY v2 binary (IPv4 or IPv6) protocol line before actua
l data (Default: off)
--group=GROUP --write-proxy[=on|off]
Set gid after binding the socket (Default: "") Equivalent to --write-proxy-v2. For PROXY version 1 use --write-proxy-v1
explicitly
-q --proxy-proxy[=on|off]
Proxy HAProxy's PROXY (IPv4 or IPv6) protocol before actual data (PROXYv1
and PROXYv2) (Default: off)
--quiet --sni-nomatch-abort[=on|off]
Be quiet; emit only error messages (deprecated in favor Abort handshake when client submits an unrecognized SNI server name (Defa
of log-level) ult: off)
-L --alpn-protos=LIST
Sets the protocols for ALPN/NPN negotiation, provided as a list of comma-
separated tokens.
--log-level=NUM --ocsp-dir=DIR
Log level. 0=silence, 1=err, 2=info/debug Set OCSP staple cache directory This enables automated retrieval and stap
ling of OCSP responses (Default:
"/var/lib/hitch/")
--log-filename=FILE -t --test
Send log message to a logfile instead of stderr/stdout Test configuration and exit
-s -p --pidfile=FILE
PID file
--syslog -V --version
Send log message to syslog in addition to stderr/stdout Print program version and exit
--syslog-facility=FACILITY -h --help
Syslog facility to use (Default: "daemon") This help message
--daemon
Fork into background and become a daemon; this also sets the --
quiet option (Default: off)
--write-ip
Write 1 octet with the IP family followed by the IP address in
4 (IPv4) or 16 (IPv6) octets
little-endian to backend before the actual data (Default: off)
--write-proxy-v1
Write HaProxy's PROXY v1 (IPv4 or IPv6) protocol line before ac
tual data (Default: off)
--write-proxy-v2
Write HaProxy's PROXY v2 binary (IPv4 or IPv6) protocol line b
efore actual data (Default: off)
--write-proxy
Equivalent to --write-proxy-v2. For PROXY version 1 use --write
-proxy-v1 explicitly
--proxy-proxy
Proxy HaProxy's PROXY (IPv4 or IPv6) protocol line before actua
l data (PROXY v1 only) (Default:
off)
--alpn-protos=LIST
Sets the protocols for ALPN/NPN negotiation, given by a comma s
eparated list. If this is not
set explicitly, ALPN/NPN will not be used. Requires OpenSSL 1.0
.1 for NPN and OpenSSL 1.0.2 for
ALPN.
--sni-nomatch-abort
Abort handshake when client submits an unrecognized SNI server
name (Default: off)
--ocsp-dir=DIR
Set OCSP staple cache directory This enables automated retrieva
l and stapling of OCSP responses
(Default: "")
-t
--test Test configuration and exit
-p
--pidfile=FILE
PID file
-V
--version
Print program version and exit
-h
--help This help message
HISTORY HISTORY
Hitch was originally called stud and was written by Jamie Turner at Bump. com. Hitch was originally called stud and was written by Jamie Turner at Bump. com.
HITCH(8) HITCH(8)
 End of changes. 34 change blocks. 
119 lines changed or deleted 84 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)