[sslh] My transparent SSLH setup
Alex Xu
alex_y_xu at yahoo.ca
Mon Sep 29 00:47:24 CEST 2014
the correct solution is to have another IP to proxy to.
all other solutions have their own benefits and drawbacks.
the "standard" solution has the issue of being on the wrong port, which
causes issues in logs, with nginx, and if sslh goes down, as you noted.
the IP solution is somewhat better, since other services continue
functioning in the absence of sslh. however, proxied services now see
connections on the "fake" address, which may cause issues again with
logging or if the software probes the local address; then again, the
latter would not function in the presence of NAT anyways.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://rutschle.net/pipermail/sslh/attachments/20140928/de3e37a9/attachment.sig>
More information about the sslh
mailing list