Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yrutschle/sslh
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
https://github.com/yrutschle/sslh
Last synced: 3 months ago
JSON representation
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
- Host: GitHub
- URL: https://github.com/yrutschle/sslh
- Owner: yrutschle
- License: gpl-2.0
- Created: 2013-07-10T21:25:31.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2024-01-11T20:32:44.000Z (5 months ago)
- Last Synced: 2024-01-15T04:42:24.848Z (5 months ago)
- Language: C
- Homepage: https://www.rutschle.net/tech/sslh/README.html
- Size: 1010 KB
- Stars: 4,265
- Watchers: 96
- Forks: 368
- Open Issues: 58
-
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog
- License: COPYING
Lists
- awesome-network-stuff - **2530**星
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-ssh - sslh - Applicative Protocol Multiplexer (i.e: *SSH* + *HTTPS*). (Apps / Network)
- cli-apps - sslh - A ssl/ssh multiplexer (Applicative Protocol Multiplexer) that allows, for example, to share SSH and HTTPS on the same port. (<a name="networking"></a>Networking)
- awesome-network-stuff - **2530**星
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- my-awesome - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-repositories - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-stars - sslh
- awesome-ssh - sslh - Applicative Protocol Multiplexer (i.e: *SSH* + *HTTPS*). (Apps / Network)
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-stenudd - sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-stars - sslh
- awesome-from-stars - yrutschle/sslh
- awesome-ssh - sslh - Applicative Protocol Multiplexer (i.e: *SSH* + *HTTPS*). (Apps / Network)
- my-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-starred - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (others)
- awesome-stars - yrutschle/sslh - `★4422` Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- my-awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-cyber-security - **2468**星
- awesome-cli-apps - sslh - A ssl/ssh multiplexer (Applicative Protocol Multiplexer) that allows, for example, to share SSH and HTTPS on the same port. (<a name="networking"></a>Networking)
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (C)
- awesome-stars - yrutschle/sslh - Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) (others)
README
sslh -- A ssl/ssh multiplexer
=============================`sslh` accepts connections on specified ports, and forwards
them further based on tests performed on the first data
packet sent by the remote client.Probes for HTTP, TLS/SSL (including SNI and ALPN), SSH,
OpenVPN, tinc, XMPP, SOCKS5, are implemented, and any other
protocol that can be tested using a regular expression, can
be recognised. A typical use case is to allow serving
several services on port 443 (e.g. to connect to SSH from
inside a corporate firewall, which almost never block port
443) while still serving HTTPS on that port.Hence `sslh` acts as a protocol demultiplexer, or a
switchboard. With the SNI and ALPN probe, it makes a good
front-end to a virtual host farm hosted behind a single IP
address.`sslh` has the bells and whistles expected from a mature
daemon: privilege and capabilities dropping, inetd support,
systemd support, transparent proxying, chroot, logging,
IPv4 and IPv6, TCP and UDP, a fork-based, a select-based
model, and yet another based on libev for larger
installations.Install
=======Please refer to the [install guide](doc/INSTALL.md).
Configuration
=============Please refer to the [configuration guide](doc/config.md).
Docker image
------------How to use
---
```bash
docker run \
--cap-add CAP_NET_RAW \
--cap-add CAP_NET_BIND_SERVICE \
--rm \
-it \
ghcr.io/yrutschle/sslh:latest \
--foreground \
--listen=0.0.0.0:443 \
--ssh=hostname:22 \
--tls=hostname:443
```docker-compose example
```yaml
version: "3"services:
sslh:
image: ghcr.io/yrutschle/sslh:latest
hostname: sslh
ports:
- 443:443
command: --foreground --listen=0.0.0.0:443 --tls=nginx:443 --openvpn=openvpn:1194
depends_on:
- nginx
- openvpnnginx:
image: nginxopenvpn:
image: openvpn
```Transparent mode 1: using sslh container for networking
_Note: For transparent mode to work, the sslh container must be able to reach your services via **localhost**_
```yaml
version: "3"services:
sslh:
build: https://github.com/yrutschle/sslh.git
container_name: sslh
environment:
- TZ=${TZ}
cap_add:
- NET_ADMIN
- NET_RAW
- NET_BIND_SERVICE
sysctls:
- net.ipv4.conf.default.route_localnet=1
- net.ipv4.conf.all.route_localnet=1
command: --transparent --foreground --listen=0.0.0.0:443 --tls=localhost:8443 --openvpn=localhost:1194
ports:
- 443:443 #sslh- 80:80 #nginx
- 8443:8443 #nginx- 1194:1194 #openvpn
extra_hosts:
- localbox:host-gateway
restart: unless-stoppednginx:
image: nginx:latest
.....
network_mode: service:sslh #set nginx container to use sslh networking.
# ^^^ This is required. This makes nginx reachable by sslh via localhost
openvpn:
image: openvpn:latest
.....
network_mode: service:sslh #set openvpn container to use sslh networking
```Transparent mode 2: using host networking
```yaml
version: "3"services:
sslh:
build: https://github.com/yrutschle/sslh.git
container_name: sslh
environment:
- TZ=${TZ}
cap_add:
- NET_ADMIN
- NET_RAW
- NET_BIND_SERVICE
# must be set manually
#sysctls:
# - net.ipv4.conf.default.route_localnet=1
# - net.ipv4.conf.all.route_localnet=1
command: --transparent --foreground --listen=0.0.0.0:443 --tls=localhost:8443 --openvpn=localhost:1194
network_mode: host
restart: unless-stopped
nginx:
image: nginx:latest
.....
ports:
- 8443:8443 # bind to docker host on port 8443openvpn:
image: openvpn:latest
.....
ports:
- 1194:1194 # bind to docker host on port 1194
```Comments? Questions?
====================You can subscribe to the `sslh` mailing list here:
This mailing list should be used for discussion, feature
requests, and will be the preferred channel for announcements.Of course, check the [FAQ](doc/FAQ.md) first!