.\" Copyright (c) 2022 Omar Polo .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd February 9, 2022 .Dt KAMIPROXY 1 .Os .Sh NAME .Nm kamiproxy .Nd 9p over tls proxy .Sh SYNOPSIS .Nm .Op Fl dv .Fl c Ar host Ns Oo : Ns Ar port Oc .Fl l Oo Ar host : Oc Ns port .Fl C Ar cert .Op Fl K Ar key .Sh DESCRIPTION .Nm is a proxy for 9p over tls. It listen on a local port for plaintext 9p connections and forwards them to a real server using a TLS-encrypted tunnel and a client certificate. .Pp The options are as follows: .Bl -tag -width Ds .It Fl C Ar cert Path to the client certificate to use. .It Fl c Ar host Ns Oo : Ns Ar port Oc Connect to the remote server identified by the given .Ar host name on the specified .Ar port .Pq 1337 by default. .It Fl d Do not daemonize. If this option is specified, .Nm will run in the foreground and log to standard error. .It Fl K Ar key Path to the key of the client certificate. If not provided, it's assumed to be the same as the .Fl C flag. .It Fl l Oo Ar host : Oc Ns port Listen on the specified address. The .Ar host by default is .Dq localhost . .It Fl v Produce more verbose output. .El .Sh SEE ALSO .Xr 9p 7 , .Xr kamid 8 .Sh AUTHORS .An -nosplit The .Nm program was written by .An Omar Polo Aq Mt op@omarpolo.com . .Sh CAVEATS .Nm opens one TLS-encrypted connection for each incoming connection. A better approach would be to multiplex the traffic to the remote server, akin to what the plan9 kernel does by default.