mirror of
https://github.com/moparisthebest/sslh
synced 2024-11-14 05:05:02 -05:00
f842e2e081
Corrected OpenVPN probe to support pre-shared secret mode (OpenVPN port-sharing code is... wrong). Thanks to Kai Ellinger for help in investigating and testing. Added an actual TLS/SSL probe. Added configurable --on-timeout protocol specification. Added a --anyprot protocol probe (equivalent to what --ssl was). Makefile respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. (Michael Palimaka) Added "After" and "KillMode" to systemd.sslh.service (Thomas Weißschuh). Added LSB tags to etc.init.d.sslh (Thomas Varis).
53 lines
1.7 KiB
INI
53 lines
1.7 KiB
INI
# This file is provided as documentation to show what is
|
|
# possible. It should not be used as-is, and probably should
|
|
# not be used as a starting point for a working
|
|
# configuration. Instead use basic.cfg.
|
|
|
|
verbose: true;
|
|
foreground: true;
|
|
inetd: false;
|
|
numeric: false;
|
|
timeout: 2;
|
|
user: "nobody";
|
|
pidfile: "/var/run/sslh.pid";
|
|
|
|
|
|
# List of interfaces on which we should listen
|
|
listen:
|
|
(
|
|
{ host: "thelonious"; port: "443"; },
|
|
{ host: "thelonious"; port: "8080"; }
|
|
);
|
|
|
|
# List of protocols
|
|
#
|
|
# Each protocol entry consists of:
|
|
# name: name of the protocol
|
|
# service: (optional) libwrap service name (see hosts_access(5))
|
|
# host: host name to connect that protocol
|
|
# port: port number to connect that protocol
|
|
# probe: "builtin" or a list of regular expressions
|
|
# (can be left out, e.g. to use with on-timeout)
|
|
#
|
|
# sslh will try each probe in order they are declared, and
|
|
# connect to the first that matches.
|
|
|
|
protocols:
|
|
(
|
|
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
|
|
{ name: "openvpn"; host: "localhost"; port: "1194"; probe: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
|
|
{ name: "xmpp"; host: "localhost"; port: "5222"; probe: [ "jabber" ]; },
|
|
{ name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
|
|
{ name: "ssl"; host: "localhost"; port: "443"; probe: [ "" ]; },
|
|
{ name: "timeout"; service: "daytime"; host: "localhost"; port: "daytime"; }
|
|
);
|
|
|
|
# Optionally, specify to which protocol to connect in case
|
|
# of timeout (defaults to "ssh").
|
|
# You can timeout to any arbitrary address by setting a
|
|
# protocol with no probe, as is the case with this example.
|
|
# This enables you to set a tcpd service name for this
|
|
# protocol too.
|
|
on-timeout: "timeout";
|
|
|