# This file is provided as documentation to show what is
# possible. It should not be used as-is, and probably should
# not be used as a starting point for a working
# configuration. Instead use basic.cfg.

verbose: true;
foreground: true;
inetd: false;
numeric: false;
transparent: false;
timeout: 2;
user: "nobody";
pidfile: "/var/run/sslh.pid";


# List of interfaces on which we should listen
listen:
(
    { host: "thelonious"; port: "443"; },
    { host: "thelonious"; port: "8080"; }
);

# List of protocols
#
# Each protocol entry consists of:
#   name: name of the protocol
#   service: (optional) libwrap service name (see hosts_access(5))
#   host: host name to connect that protocol
#   port: port number to connect that protocol
#   probe: "builtin" or a list of regular expressions
#          (can be left out, e.g. to use with on-timeout)
#   
# sslh will try each probe in order they are declared, and
# connect to the first that matches.

protocols:
(
     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
     { name: "openvpn"; host: "localhost"; port: "1194"; probe: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
     { name: "xmpp"; host: "localhost"; port: "5222"; probe: [ "jabber" ]; },
     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
     { name: "ssl"; host: "localhost"; port: "443"; probe: [ "" ]; },
     { name: "timeout"; service: "daytime"; host: "localhost"; port: "daytime"; }
);

# Optionally, specify to which protocol to connect in case
# of timeout (defaults to "ssh").
# You can timeout to any arbitrary address by setting a
# protocol with no probe, as is the case with this example.
# This enables you to set a tcpd service name for this
# protocol too.
on-timeout: "timeout";