Skip to content

emilhf/snidl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
certs
certs
 
 
conf
conf
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
run.sh
run.sh
 
 
test.sh
test.sh
 
 

Repository files navigation

snidl

Just point your A record to the service running snidl, and it will gladly serve your IPv6-only servers to an IPv4-audience over TLS with intact end-to-end security. This is done by taking the TLS SNI header, making a DNS look-up to that name and then proxying towards the resulting AAAA record.

Important: snidl is not new, but an alternative implementation of snip. Built with the very performant OpenResty (nginx) and Lua. Tested with openresty-1.11.2.2 on FreeBSD 11.0-RELEASE.

snidl should in theory be pretty fast once it starts hitting caching, but proper benchmarking remains to be performed. If it turns out to be slow, it might be renamed to snigl (snail) :)

Getting started

Install OpenResty. On FreeBSD 11, this is done like so:

$ pkg install devel/gmake security/openssl devel/pcre
$ cd openresty-VERSION/
$ ./configure --with-pcre-jit --with-ipv6 -j2
$ gmake && gmake install

Future work

  • Set up test enviroment.
  • Optimize nginx for proxying.

About

SNI proxy that uses DNS

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages