{"id":16776347,"url":"https://github.com/ameshkov/snirelay","last_synced_at":"2025-04-10T20:14:26.310Z","repository":{"id":229626840,"uuid":"777210529","full_name":"ameshkov/snirelay","owner":"ameshkov","description":"SNI proxy with an option to relay traffic to a custom IP address when required","archived":false,"fork":false,"pushed_at":"2024-06-16T21:19:21.000Z","size":65,"stargazers_count":12,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T17:55:19.244Z","etag":null,"topics":["relay","sniproxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ameshkov.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-25T12:25:18.000Z","updated_at":"2025-03-09T01:23:29.000Z","dependencies_parsed_at":"2024-06-19T02:57:58.462Z","dependency_job_id":null,"html_url":"https://github.com/ameshkov/snirelay","commit_stats":null,"previous_names":["ameshkov/snirelay"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ameshkov%2Fsnirelay","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ameshkov%2Fsnirelay/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ameshkov%2Fsnirelay/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ameshkov%2Fsnirelay/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ameshkov","download_url":"https://codeload.github.com/ameshkov/snirelay/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248288383,"owners_count":21078903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["relay","sniproxy"],"created_at":"2024-10-13T07:09:41.257Z","updated_at":"2025-04-10T20:14:26.283Z","avatar_url":"https://github.com/ameshkov.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SNI Relay\n\nSimple SNI relay server written in Go.\n\nWhat it does:\n\n1. Provides a DNS server that can re-route domains to the SNI relay server.\n2. Listens for incoming HTTP or HTTPS connections.\n3. Parses the hostname from the HTTP request or TLS ClientHello.\n4. Proxies the traffic further to that hostname.\n\nWhy would you need it? For instance, if you operate a DNS server, and you want\nto relay some domains to an intermediate server (effectively, change your IP\naddress).\n\n## How to use it\n\n1. Get the version for you OS/arch from the [Releases][releases] page. If you\n   prefer Docker, you can find it below.\n2. Create a configuration file. Read the comments in\n   [./config.yaml.dist][configyaml] to learn about configuration.\n3. Run `snirelay`:\n    ```shell\n    snirelay -c /path/to/config.yaml\n    ```\n\n   You may need to run it with `sudo` since it needs to use privileged ports.\n\n[releases]: https://github.com/ameshkov/snirelay/releases\n\n[configyaml]: ./config.yaml.dist\n\n### Usage\n\n```shell\nUsage:\n  snirelay [OPTIONS]\n\nApplication Options:\n  -c, --config-path= Path to the config file.\n  -v, --verbose      Verbose output (optional).\n\nHelp Options:\n  -h, --help         Show this help message\n```\n\n## Docker\n\nThe docker image [is available][dockerregistry]. In order to use it, you need to\nsupply a configuration file, and you may need to also supply the TLS cert/key\nif you're going to use encrypted DNS.\n\nThe image exposes a number of ports that needs to be mapped to the host machine\ndepending on what parts of the functionality you're using.\n\n* Port `53`: plain DNS server, usually needs to be mapped to port `53` of the\n  host machine.\n* Port `853/tcp`: DNS-over-TLS server, usually needs to be mapped to port `853`\n  of the host machine.\n* Port `853/udp`: DNS-over-QUIC server, usually needs to be mapped to port\n  `853` of the host machine.\n* Port `8443/tcp`: DNS-over-HTTPS server. **Do not expose to `443` as this port\n  is required by the SNI relay server**. Try a different port and don't forget\n  to use it in the server address.\n* Port `80/tcp`: SNI relay port for plain HTTP connections. Map it to port\n  `80` of the host machine.\n* Port `443/tcp`: SNI relay port for HTTPS connections. Map it to port `443` of\n  the host machine.\n* Port `8123/tcp`: Prometheus metrics endpoint. Map it if you use prometheus.\n\nSo imagine we have a configuration file `config.yaml` and the TLS configuration\nfiles in the same directory in `example.crt` and `example.key`. In this case the\nconfiguration section should look like this:\n\n```yaml\ndns:\n  # ... omitted other ...\n  tls-cert-path: \"/app/example.crt\"\n  tls-key-path: \"/app/example.key\"\n  # ... omitted other ...\n```\n\nAnd then run it like this:\n\n```shell\ndocker run -d --name snirelay \\\n  -p 53:53/tcp -p 53:53/udp \\\n  -p 853:853/tcp -p 853:853/udp \\\n  -p 8443:8443/tcp \\\n  -p 8123:8123/tcp \\\n  -p 80:80/tcp -p 443:443/tcp \\\n  -v $(pwd)/config.yaml:/app/config.yaml \\\n  -v $(pwd)/example.crt:/app/example.crt \\\n  -v $(pwd)/example.key:/app/example.key \\\n  ghcr.io/ameshkov/snirelay\n\n```\n\n[dockerregistry]: https://github.com/ameshkov/snirelay/pkgs/container/snirelay\n\n## How to build\n\n```shell\nmake\n```\n\n### How to run it locally\n\nSee the [`config.yaml.dist`][configyaml] for more information on what can be\nconfigured. In normal environment you want to change ports there.\n\n```shell\n./snirelay -c config.yaml\n\n```\n\n[configyaml]: ./config.yaml.dist\n\n### How to test\n\nNote that instructions here use [dnslookup][dnslookup] and [gocurl][gocurl].\n\n#### DNS queries\n\nPlain DNS:\n\n```shell\n# IPv4 will be redirected to 127.0.0.1.\ndnslookup www.google.com 127.0.0.1:5353\n\n# IPv6 will be redirected to ::.\nRRTYPE=AAAA dnslookup www.google.com 127.0.0.1:5353\n\n# HTTPS will be suppressed.\nRRTYPE=HTTPS dnslookup www.google.com 127.0.0.1:5353\n```\n\nEncrypted DNS:\n\n```shell\n# DNS-over-TLS.\nVERIFY=0 dnslookup www.google.com tls://127.0.0.1:8853\n\n# DNS-over-QUIC.\nVERIFY=0 dnslookup www.google.com quic://127.0.0.1:8853\n\n# DNS-over-HTTPS.\nVERIFY=0 dnslookup www.google.com https://127.0.0.1:8443/dns-query\n\n```\n\n#### SNI relay\n\n```shell\n# Relay for plain HTTP:\ngocurl --connect-to=\"example.org:443:127.0.0.1:9080\" -I http://example.org/\n\n# Relay for HTTPS:\ngocurl --connect-to=\"example.org:443:127.0.0.1:9443\" -I https://example.org/\n\n# Or you can specify the DNS server:\ngocurl --dns-servers \"127.0.0.1:5353\" -I https://example.org/\n```\n\n[dnslookup]: https://github.com/ameshkov/dnslookup\n\n[gocurl]: https://github.com/ameshkov/gocurl\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fameshkov%2Fsnirelay","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fameshkov%2Fsnirelay","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fameshkov%2Fsnirelay/lists"}