Run many services on the same port with sslh

Objective: run many services on the same port with sslh

sslh is a superb utility which greatly increased my satisfaction of self-hosting xmpp, www, vpn, ssh and other. Why? How? Let’s see!

Introduction

Sometimes it may be neccesary to run different services that listen on the same port. Often the case is with VPN, XMPP, HTTP(s), SSH.
sslh will enable us to do so in a easy and efficient way.

Installation

There already is packed sslh in Debian, Gentoo, FreeBSD repositories, so all we have to do is use apprioperiate package manager, on Debian it would be:

aptitude install sslh

Last step needs the most interaction: launching sslh. All aptions are neatly described by the --help switch:

sslh --help      
 
    sslh 1.16-2

usage:

    sslh  [-v] [-i] [-V] [-f] [-n] [-F <file>]
    
    [-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] 
    
    [--ssh <addr>]
    
    [--openvpn <addr>]
    
    [--tinc <addr>]
    
    [--xmpp <addr>]
    
    [--http <addr>]
    
    [--ssl <addr>]
    
    [--tls <addr>]
    
    [--anyprot <addr>]


    [--on-timeout <addr>]
    
    -v: verbose

-V: version

-f: foreground

-n: numeric output

-F: use configuration file

--on-timeout: connect to specified address upon timeout (default: ssh address)

-t: seconds to wait before connecting to --on-timeout address.

-p: address and port to listen on.

Can be used several times to bind to several addresses.

--[ssh,ssl,...]: where to connect connections from corresponding protocol.

-F: specify a configuration file

-P: PID file.

-i: Run as a inetd service.

Or you may change the default configuration in a config file: /etc/default/sslh

I usually launch sslh with:

sslh --listen 0.0.0.0 80 --ssh 127.0.0.1 22 --http 127.0.0.1 8880 --xmpp 127.0.0.1 5222 --user sslh --pidfile /var/run/sslh.pid

As you can see, at the moment we cay run many services on the same port with sslh, which was our objective from the beggining. Hope you like it!

Transparent proxing

To be continued…

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *