GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
HITCH(8) HITCH(8)

Hitch - high performance TLS proxy

hitch [OPTIONS] [PEM]

Hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines.
Hitch has very few features -- it's designed to be paired with an intelligent backend like Varnish Cache. It maintains a strict 1:1 connection pattern with this backend handler so that the backend can dictate throttling behavior, maximum connection behavior, availability of service, etc.
The only required argument is a path to a PEM file that contains the certificate (or a chain of certificates) and private key. It should also contain DH parameter if you wish to use Diffie-Hellman cipher suites.

--config=FILE
Load configuration from specified file. See hitch.conf(5) for details.
--tls
All TLS versions, no SSLv3 (deprecated). See config file setting tls-protos.
--ssl
enable SSLv3 (deprecated). See config file setting tls-protos.
-c
--ciphers=SUITE
Sets allowed ciphers (Default: "")

-e
--ssl-engine=NAME
Sets OpenSSL engine (Default: "")

-O
--prefer-server-ciphers
Prefer server list order

--client
Enable client proxy mode
-b
--backend=[HOST]:PORT Backend [connect] (default is "[127.0.0.1]:8000") The -b argument can also take a UNIX domain socket path E.g. --backend="/path/to/sock"
-f
--frontend=[HOST]:PORT[+CERT] Frontend [bind] (default is "[*]:8443") (Note: brackets are mandatory in endpoint specifiers.)
-n
--workers=NUM
Number of worker processes (Default: 1)

-B
--backlog=NUM
Set listen backlog size (Default: 100)

-k
--keepalive=SECS
TCP keepalive on client socket (Default: 3600)

-R
--backendrefresh=SECS
Periodic backend IP lookup, 0 to disable (Default: 0)

-r
--chroot=DIR
Sets chroot directory (Default: "")

-u
--user=USER
Set uid/gid after binding the socket (Default: "")

-g
--group=GROUP
Set gid after binding the socket (Default: "")

-q
--quiet
Be quiet; emit only error messages (deprecated in favor of log-level)

-L
--log-level=NUM
Log level. 0=silence, 1=err, 2=info/debug

-s
--syslog
Send log message to syslog in addition to stderr/stdout

--syslog-facility=FACILITY
Syslog facility to use (Default: "daemon")
--daemon
Fork into background and become a daemon; this also sets the --quiet option (Default: off)
--write-ip
Write 1 octet with the IP family followed by the IP address in 4 (IPv4) or 16 (IPv6) octets little-endian to backend before the actual data (Default: off)
--write-proxy-v1
Write HaProxy's PROXY v1 (IPv4 or IPv6) protocol line before actual data (Default: off)
--write-proxy-v2
Write HaProxy's PROXY v2 binary (IPv4 or IPv6) protocol line before actual data (Default: off)
--write-proxy
Equivalent to --write-proxy-v2. For PROXY version 1 use --write-proxy-v1 explicitly
--proxy-proxy
Proxy HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data (PROXY v1 only) (Default: off)
--alpn-protos=LIST
Sets the protocols for ALPN/NPN negotiation, given by a comma separated list. If this is not set explicitly, ALPN/NPN will not be used. Requires OpenSSL 1.0.1 for NPN and OpenSSL 1.0.2 for ALPN.
--sni-nomatch-abort
Abort handshake when client submits an unrecognized SNI server name (Default: off)
--ocsp-dir=DIR
Set OCSP staple cache directory This enables automated retrieval and stapling of OCSP responses (Default: "")
-t
--test
Test configuration and exit

-p
--pidfile=FILE
PID file

-V
--version
Print program version and exit

-h
--help
This help message




Hitch was originally called stud and was written by Jamie Turner at Bump.com.

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.