SNIproxy - Proxies incoming HTTP and TLS connections based on the

hostname contained in the initial request of the TCP session. This
enables HTTPS name-based virtual hosting to separate backend servers
without installing the private key on the proxy machine.

Features:
Name-based proxying of HTTPS without decrypting traffic. No keys or
certificates required.
Supports both TLS and HTTP protocols.
Supports IPv4, IPv6 and Unix domain sockets for both back end
servers and listeners.
Supports multiple listening sockets per instance.
Supports HAProxy proxy protocol to propagate original source address
to backend servers.

WWW: https://github.com/dlundquist/sniproxy

net/Makefile

@@ -1373,6 +1373,7 @@
     SUBDIR += smm++
     SUBDIR += sngrep
     SUBDIR += sniffit
+    SUBDIR += sniproxy
     SUBDIR += sntop
     SUBDIR += sobby
     SUBDIR += socat

net/sniproxy/Makefile

@@ -0,0 +1,42 @@
+# $FreeBSD$
+
+PORTNAME=	sniproxy
+DISTVERSION=	0.5.0
+CATEGORIES=	net
+
+MAINTAINER=	krion@FreeBSD.org
+COMMENT=	Proxy that routes based on TLS server name extension
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libev.so:devel/libev \
+  		libpcre.so:devel/pcre \
+		libudns.so:dns/udns
+
+USES=		autoreconf:build gettext pkgconfig
+
+SUB_FILES=	pkg-message
+USE_RC_SUBR=	sniproxy
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	dlundquist
+
+GNU_CONFIGURE=	yes
+USE_LDCONFIG=	yes
+
+PLIST_FILES=	man/man5/sniproxy.conf.5.gz \
+		man/man8/sniproxy.8.gz \
+		sbin/sniproxy \
+		"@sample etc/sniproxy.conf.sample"
+
+pre-configure:
+	cd ${WRKSRC} && ${SH} autogen.sh
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/var/tmp/|/var/run/|' ${WRKSRC}/${PORTNAME}.conf
+
+post-install::
+	${INSTALL_DATA} ${WRKSRC}/sniproxy.conf ${STAGEDIR}${PREFIX}/etc/sniproxy.conf.sample
+
+.include <bsd.port.mk>

net/sniproxy/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1524378674
+SHA256 (dlundquist-sniproxy-0.5.0_GH0.tar.gz) = 0b8dd06f9aa9e1c4151b572caf645ffceacdd35a139ded16a7fb0035452c17e5
+SIZE (dlundquist-sniproxy-0.5.0_GH0.tar.gz) = 72654

net/sniproxy/files/pkg-message.in

@@ -0,0 +1,9 @@
+*******************************************************************
+ Enable sniproxy in /etc/rc.conf with the following line:
+
+    sniproxy_enable="YES"
+
+ A configuration template is available in
+ %%PREFIX%%/etc/sniproxy.conf
+
+*******************************************************************

net/sniproxy/files/sniproxy.in

@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+#$FreeBSD$
+#
+
+# PROVIDE: sniproxy
+# REQUIRE: SERVERS cleanvar
+# BEFORE:  DAEMON
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable sniproxy:
+#
+# sniproxy_enable="YES"
+#
+#
+
+. /etc/rc.subr
+
+name=sniproxy
+rcvar=sniproxy_enable
+
+command=%%PREFIX%%/sbin/sniproxy
+
+pidfile=${sniproxy_pidfile:-"/var/run/sniproxy.pid
+
+sniproxy_enable=${sniproxy_enable:-"NO"}
+sniproxy_conf=${sniproxy_conf:-"%%PREFIX%%/etc/sniproxy.conf"}
+
+stop_postcmd="rm -f $pidfile"
+sig_reload="HUP"
+
+load_rc_config ${name}
+
+required_files=${sniproxy_conf}
+
+command_args="-c ${sniproxy_conf}"
+run_rc_command "$1"
+

net/sniproxy/pkg-descr

@@ -0,0 +1,21 @@
+SNIproxy - Proxies incoming HTTP and TLS connections based on the
+hostname contained in the initial request of the TCP session. This
+enables HTTPS name-based virtual hosting to separate backend servers
+without installing the private key on the proxy machine.
+
+Features:
+
+Name-based proxying of HTTPS without decrypting traffic. No keys or
+certificates required.
+
+Supports both TLS and HTTP protocols.
+
+Supports IPv4, IPv6 and Unix domain sockets for both back end
+servers and listeners.
+
+Supports multiple listening sockets per instance.
+
+Supports HAProxy proxy protocol to propagate original source address
+to backend servers.
+ 
+WWW: https://github.com/dlundquist/sniproxy