Public | Automated Build

Last pushed: 10 months ago
Short Description
Lightweight Server Name Identification proxy server for multi-hosting of TLS and non-TLS websites.
Full Description


A proxy server that redirects based on the Host header (HTTP) or Server Name
Identification header (HTTPS) present in the request.


Most aspects of sniproxy are configured in environment variables. This is in
contrast to many sniproxy containers seen which either hardcode configurations
or expect to be provided with a hand-crafted configuration file.

Global settings

The following are global settings for sniproxy, these should not need
modification but are listed for documentation purposes:

  • SNIPROXY_USER (default: nobody): The user sniproxy runs as after binding
  • SNIPROXY_PIDFILE: The PID file to write the sniproxy PID to.

DNS configuration

By default, sniproxy will use the configuration in /etc/resolv.conf, but
also incorporates its own resolver and can make decisions based on that.

DNS servers are specified using parameters SNIPROXY_NS_SRVn where n
increments starting at 0. These specify individual nameservers to try.

DNS domain search order is specified using parameters SNIPROXY_NS_SEARCHn,
again with n incrementing from 0.

Finally, you can specify SNIPROXY_NS_MODE to dictate the resolution mode:

  • ipv4_only: Only resolve IPv4 addresses
  • ipv6_only: Only resolve IPv6 addresses
  • ipv4_first: Resolve both IPv4 and IPv6 but try IPv4 first
  • ipv6_first: Resolve both IPv4 and IPv6 but try IPv6 first

Listening socket configuration

The port numbers used by sniproxy, protocol types and redirection tables are
defined using the following parameters. In all of these, the n is an integer
that increments from 0 for each socket being configured.

    Protocol in use, either http or tls (HTTPS).
  • SNIPROXY_LISTENn_PORT: (Required) TCP port number to use.
  • SNIPROXY_LISTENn_ADDR: (Optional) Bind address for socket. Default is to
    bind to all possible addresses. (aka on IPv4 or :: on IPv6)
  • SNIPROXY_LISTENn_FALLBACK: (Optional) Address and port number of a server
    to direct clients to in the event that sniproxy can't figure out what server
    is requested.
  • SNIPROXY_LISTENn_SOURCE: (Optional) Source IP to use for requests to the
    back-end server.
  • SNIPROXY_LISTENn_TABLE: (Optional) Redirection table to use for this socket.
    By default, the default table is used. This should be the name of a table
    given in the proxy table configuration.

Proxy table configuration

The actual source/destination mapping tables are defined here. Table 0 is
hard-coded as being the "default" table, all tables following 0 must be named
explicitly using the parameter SNIPROXY_TABLEn (where n is 1 onwards).

The source hostname pattern and destination address/port is specified using
parameter pairs SNIPROXY_TABLEn_SRCm (source pattern) and
SNIPROXY_TABLEn_DESTm (destination address).

Known issues

SNIPROXY_USER presently has no effect as supervisord requires we run
sniproxy in the foreground and sniproxy does not allow us to drop privileges
and remain in the foreground. This issue has been raised




We use SemVer for versioning. For the versions available, see the tags on this repository.


Docker Pull Command
Source Repository