mirror of
https://github.com/moparisthebest/sslh
synced 2024-11-14 05:05:02 -05:00
72 lines
2.2 KiB
INI
72 lines
2.2 KiB
INI
# This file is provided as documentation to show what is
|
|
# possible. It should not be used as-is, and probably should
|
|
# not be used as a starting point for a working
|
|
# configuration. Instead use basic.cfg.
|
|
|
|
verbose: true;
|
|
foreground: true;
|
|
inetd: false;
|
|
numeric: false;
|
|
transparent: false;
|
|
timeout: "2";
|
|
user: "nobody";
|
|
pidfile: "/var/run/sslh.pid";
|
|
|
|
|
|
# List of interfaces on which we should listen
|
|
listen:
|
|
(
|
|
{ host: "thelonious"; port: "443"; },
|
|
{ host: "thelonious"; port: "8080"; }
|
|
);
|
|
|
|
# List of protocols
|
|
#
|
|
# Each protocol entry consists of:
|
|
# name: name of the probe. These are listed on the command
|
|
# line (ssh -?), plus 'regex', 'sni' and 'timeout'.
|
|
|
|
# service: (optional) libwrap service name (see hosts_access(5))
|
|
# host, port: where to connect when this probe succeeds
|
|
#
|
|
# Probe-specific options:
|
|
# sni:
|
|
# sni_hotnames: list of FQDN for that target
|
|
# regex:
|
|
# regex_patterns: list of patterns to match for
|
|
# that target.
|
|
#
|
|
# sslh will try each probe in order they are declared, and
|
|
# connect to the first that matches.
|
|
#
|
|
# You can specify several of 'regex' and 'sni'.
|
|
|
|
protocols:
|
|
(
|
|
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
|
|
{ name: "http"; host: "localhost"; port: "80"; },
|
|
|
|
{ name: "sni"; host: "localhost"; port: "993"; sni_hostnames: [ "mail.rutschle.net", "mail.englishintoulouse.com" ]; },
|
|
{ name: "sni"; host: "localhost"; port: "xmpp-client"; sni_hostnames: [ "im.rutschle.net", "im.englishintoulouse.com" ]; },
|
|
|
|
# OpenVPN
|
|
{ name: "regex"; host: "localhost"; port: "1194"; regex_patterns: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
|
|
# Jabber
|
|
{ name: "regex"; host: "localhost"; port: "5222"; regex_patterns: [ "jabber" ]; },
|
|
|
|
# Catch-all
|
|
{ name: "regex"; host: "localhost"; port: "443"; regex_patterns: [ "" ]; },
|
|
|
|
# Where to connect in case of timeout (defaults to ssh)
|
|
{ name: "timeout"; service: "daytime"; host: "localhost"; port: "daytime"; }
|
|
);
|
|
|
|
# Optionally, specify to which protocol to connect in case
|
|
# of timeout (defaults to "ssh").
|
|
# You can timeout to any arbitrary address by setting an
|
|
# entry in 'protocols' named "timeout".
|
|
# This enables you to set a tcpd service name for this
|
|
# protocol too.
|
|
on-timeout: "timeout";
|
|
|