Files: 1814bcb43cdf455b847c17f1313eb35d73f94716 / example.cfg
3244 bytesRaw
| 1 | # This file is provided as documentation to show what is |
| 2 | # possible. It should not be used as-is, and probably should |
| 3 | # not be used as a starting point for a working |
| 4 | # configuration. Instead use basic.cfg. |
| 5 | |
| 6 | verbose: true; |
| 7 | foreground: true; |
| 8 | inetd: false; |
| 9 | numeric: false; |
| 10 | transparent: false; |
| 11 | timeout: 2; |
| 12 | user: "nobody"; |
| 13 | pidfile: "/var/run/sslh.pid"; |
| 14 | |
| 15 | |
| 16 | # List of interfaces on which we should listen |
| 17 | listen: |
| 18 | ( |
| 19 | { host: "thelonious"; port: "443"; }, |
| 20 | { host: "thelonious"; port: "8080"; } |
| 21 | ); |
| 22 | |
| 23 | # List of protocols |
| 24 | # |
| 25 | # Each protocol entry consists of: |
| 26 | # name: name of the probe. These are listed on the command |
| 27 | # line (ssh -?), plus 'regex' and 'timeout'. |
| 28 | |
| 29 | # service: (optional) libwrap service name (see hosts_access(5)) |
| 30 | # host, port: where to connect when this probe succeeds |
| 31 | # |
| 32 | # Probe-specific options: |
| 33 | # tls: |
| 34 | # sni_hostnames: list of FQDN for that target |
| 35 | # alpn_protocols: list of ALPN protocols for that target, see: |
| 36 | # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids |
| 37 | # |
| 38 | # if both sni_hostnames AND alpn_protocols are specified, both must match |
| 39 | # if neither are set, it is just checked whether this is the TLS protocol or not |
| 40 | # regex: |
| 41 | # regex_patterns: list of patterns to match for |
| 42 | # that target. |
| 43 | # |
| 44 | # sslh will try each probe in order they are declared, and |
| 45 | # connect to the first that matches. |
| 46 | # |
| 47 | # You can specify several of 'regex' and 'tls'. |
| 48 | |
| 49 | protocols: |
| 50 | ( |
| 51 | { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; }, |
| 52 | { name: "http"; host: "localhost"; port: "80"; }, |
| 53 | |
| 54 | # match BOTH ALPN/SNI |
| 55 | { name: "tls"; host: "localhost"; port: "5223"; alpn_protocols: [ "xmpp-client" ]; sni_hostnames: [ "im.somethingelse.net" ]; log_level: 0;}, |
| 56 | |
| 57 | # just match ALPN |
| 58 | { name: "tls"; host: "localhost"; port: "443"; alpn_protocols: [ "h2", "http/1.1", "spdy/1", "spdy/2", "spdy/3" ]; log_level: 0; }, |
| 59 | { name: "tls"; host: "localhost"; port: "xmpp-client"; alpn_protocols: [ "xmpp-client" ]; log_level: 0;}, |
| 60 | |
| 61 | # just match SNI |
| 62 | { name: "tls"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; log_level: 0; }, |
| 63 | { name: "tls"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; log_level: 0;}, |
| 64 | |
| 65 | # catch anything else TLS |
| 66 | { name: "tls"; host: "localhost"; port: "443"; }, |
| 67 | |
| 68 | # OpenVPN |
| 69 | { name: "regex"; host: "localhost"; port: "1194"; regex_patterns: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; }, |
| 70 | # Jabber |
| 71 | { name: "regex"; host: "localhost"; port: "5222"; regex_patterns: [ "jabber" ]; }, |
| 72 | |
| 73 | # Catch-all |
| 74 | { name: "regex"; host: "localhost"; port: "443"; regex_patterns: [ "" ]; }, |
| 75 | |
| 76 | # Where to connect in case of timeout (defaults to ssh) |
| 77 | { name: "timeout"; service: "daytime"; host: "localhost"; port: "daytime"; } |
| 78 | ); |
| 79 | |
| 80 | # Optionally, specify to which protocol to connect in case |
| 81 | # of timeout (defaults to "ssh"). |
| 82 | # You can timeout to any arbitrary address by setting an |
| 83 | # entry in 'protocols' named "timeout". |
| 84 | # This enables you to set a tcpd service name for this |
| 85 | # protocol too. |
| 86 | on-timeout: "timeout"; |
| 87 | |
| 88 |
Built with git-ssb-web