Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
OrganizationAdvent CalendarQiitadon (β)
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

SSL/TLSプロキシサーバ Hitch インストール

More than 1 year has passed since last update.


Varnishを使用していてSSL/TLS(https)を使いたいならシンプルな Hitch が心強い助けになる。
※Varnish4.1以降でないとPROXY Protocolに対応してないので注意


2016-01-26: Hitch 1.1.1 has been released. This is a maintenance release with various bug fixes.

Support for TLS1.0, TLS1.1 and TLS1.2
SNI, with and without wildcard certificates
Support for HAproxy's PROXY protocol
Safe for large installations: performant up to 15 000 listening sockets and 500 000 certificates.
Support for seamless run-time configuration reloads of certificates and listen endpoints.


git clone https://github.com/varnish/hitch
cd ./hitch


$ sudo yum install python-docutils
$ sudo yum install libev-devel
$ sudo yum install openssl-devel
$ sudo yum install flex-devel


$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for a BSD-compatible install... /usr/bin/install -c
checking whether make sets $(MAKE)... (cached) yes
checking for bison... bison -y
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... none needed
checking whether yytext is a pointer... no
checking for rst2man... rst2man
checking whether to enable maintainer-specific portions of Makefiles... no
checking for ev_default_loop in -lev... yes
checking for SSL_CTX_free in -lssl... yes
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for struct stat.st_mtim... yes
checking for struct stat.st_mtimespec... no
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking for uid_t in sys/types.h... yes
checking for inline... inline
checking for int32_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for uint32_t... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking for getpagesize... yes
checking for working mmap... yes
checking for inet_ntoa... yes
checking for accept4... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: executing depfiles commands

make と make install

$ make
$ sudo make install
Making install in src
make[1]: ディレクトリ `/home/vagrant/hitch/src' に入ります
make  install-am
make[2]: ディレクトリ `/home/vagrant/hitch/src' に入ります
make[3]: ディレクトリ `/home/vagrant/hitch/src' に入ります
test -z "/usr/local/sbin" || /bin/mkdir -p "/usr/local/sbin"
  /usr/bin/install -c hitch '/usr/local/sbin'
make[3]: `install-data-am' に対して行うべき事はありません.
make[3]: ディレクトリ `/home/vagrant/hitch/src' から出ます
make[2]: ディレクトリ `/home/vagrant/hitch/src' から出ます
make[1]: ディレクトリ `/home/vagrant/hitch/src' から出ます
make[1]: ディレクトリ `/home/vagrant/hitch' に入ります
make[2]: ディレクトリ `/home/vagrant/hitch' に入ります
make[2]: `install-exec-am' に対して行うべき事はありません.
test -z "/usr/local/share/doc/hitch" || /bin/mkdir -p "/usr/local/share/doc/hitch"
 /usr/bin/install -c -m 644 hitch.conf.ex CHANGES.rst README.md '/usr/local/share/doc/hitch'
test -z "/usr/local/share/man/man8" || /bin/mkdir -p "/usr/local/share/man/man8"
 /usr/bin/install -c -m 644 hitch.8 '/usr/local/share/man/man8'
make[2]: ディレクトリ `/home/vagrant/hitch' から出ます
make[1]: ディレクトリ `/home/vagrant/hitch' から出ます




/usr/local/sbin/hitch --config=/hogehoge/hitch.conf

hitch --backend=[]:80 --frontend=[*]:443 server.pem

./hitch --backend= \
    --frontend=[*]:443 \

hitch --backend=[]:80 --frontend=[*]:443 example.pem\

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/hoge/ssl/hitch.key -out /home/hoge/ssl/nginx.crt


sudo setcap CAP_NET_BIND_SERVICE+ep /usr/local/sbin/hitch
sudo getcap /usr/local/sbin/hitch
$ sudo setcap -r /usr/local/sbin/hitch
$ sudo getcap /usr/local/sbin/hitch


/usr/local/sbin/hitch --config=/home/hoge/hitch/hitch.conf
$ ps -aux | grep hitch

2019-01-28 下記に転記

Qiitaに Spark Joy! しないので、 Qiitaで新規投稿はおそらくありません。 しばらくはこのままアカウント維持しますが後々消す可能性があります。ブログとかチェックしてもらえるといいかも。 アカウント残して、他の記事に「いいね。」を継続的に行うだけのアカウントになりそう。
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away