Hitch is an SSL/TLS proxy.

It accepts request in HTTPS and converts them to HTTP for Varnish.


Hitch can be stoped, started, and restarted via command line:

service hitch stop | stop | restart | status


The main hitch configuration file, hitch.conf is located at:


The content will appear similar to below:

tls-protos = TLSv1.2 TLSv1.3

        frontend = {
        host = "*"
        port = "443"

        backend = "[]:8443"
        workers = 2
        write-proxy-v2 = on
        daemon = off
        user = "_hitch"
        group = "_hitch"
        pem-file= "/etc/letsencrypt/live/domain.com/bundle.pem"
        alpn-protos = "h2, http/1.1"
        log-level = 1

Note that Hitch accepts requests on the HTTPS 443 port and sends them via port 8443 to Varnish.


If you change the SSL file location, it will need to be updated in above.