diff --git a/Makefile b/Makefile index 2e9de22..ef77957 100644 --- a/Makefile +++ b/Makefile @@ -75,7 +75,6 @@ install: sslh $(MAN) install-debian: install sslh $(MAN) sed -e "s+^PREFIX=+PREFIX=$(PREFIX)+" scripts/etc.init.d.sslh > /etc/init.d/sslh chmod 755 /etc/init.d/sslh - cp scripts/etc.default.sslh /etc/default/sslh update-rc.d sslh defaults uninstall: diff --git a/README.md b/README.md index a97760a..7000160 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,8 @@ Installation make cp sslh-fork /usr/local/sbin/sslh - cp scripts/etc.default.sslh /etc/default/sslh + cp basic.cfg /etc/sslh.cfg + vi /etc/sslh.cfg * For Debian: @@ -113,14 +114,12 @@ start automatically at boot-up, e.g. under Debian: Configuration ============= -You can edit settings in /etc/default/sslh: - - LISTEN=ifname:443 - SSH=localhost:22 - SSL=localhost:443 +If you use the scripts provided, sslh will get its +configuration from /etc/sslh.cfg. Please refer to +example.cfg for an overview of all the settings. A good scheme is to use the external name of the machine in -`$LISTEN`, and bind `httpd` to `localhost:443` (instead of all +`listen`, and bind `httpd` to `localhost:443` (instead of all binding to all interfaces): that way, HTTPS connections coming from inside your network don't need to go through `sslh`, and `sslh` is only there as a frontal for connections diff --git a/scripts/etc.default.sslh b/scripts/etc.default.sslh deleted file mode 100755 index 50894b9..0000000 --- a/scripts/etc.default.sslh +++ /dev/null @@ -1,5 +0,0 @@ -LISTEN=ifname:443 -SSH=localhost:22 -SSL=localhost:443 -USER=nobody -PID=/var/run/sslh.pid diff --git a/scripts/etc.init.d.sslh b/scripts/etc.init.d.sslh index 5cb89f9..54aa0d1 100755 --- a/scripts/etc.init.d.sslh +++ b/scripts/etc.init.d.sslh @@ -27,7 +27,7 @@ DAEMON=$PREFIX/sbin/sslh start() { echo "Start services: sslh" - $DAEMON --user ${USER} --pidfile ${PID} --listen ${LISTEN} --ssh ${SSH} --ssl ${SSL} + $DAEMON -F /etc/sslh.cfg logger -t ${tag} -p ${facility} -i 'Started sslh' }