[sslh] SSLH not proxying to webserver if listen port not 443
Sean Warner
plica2006 at gmail.com
Sat Apr 21 16:54:23 UTC 2018
Hello,
I am new to sslh and trying to understand many new concepts.. apologies if
this is very obvious. From my reading of the instructions on the webpage
https://github.com/yrutschle/sslh#transparent-proxy-support we have to give
sslh capabilities so we can run it as an unprivileged user. I think this is
because it listens on port 443? But what if we change the port it listens
on? I can port forward external port 443 from my router to any internal port
number I like. so I tried forwarding 443 outside my router to 1445 inside
and then my /etc/sslh.cfg is like:
verbose: true;
foreground: false;
inetd: false;
numeric: false;
transparent: false;
timeout: 2;
user: "sslh"; # was nobody
pidfile: "/var/run/sslh.pid";
chroot: "/var/empty";
# Change hostname with your external address name.
listen:
(
{ host: "192.168.1.124"; port: "1445"; }
);
protocols:
(
{ name: "ssh"; service: "ssh"; host: "127.0.0.1"; port: "1022"; },
{ name: "ssl"; host: "127.0.0.1"; port: "444"; }
);
If I run it as ROOT then sslh will start and run but I can't load a webpage
from my server because in my browser, I get ERR_CONNECTION_REFUSED.
If I change the listen port back to 443 it will work again.
I gave filesystem capabilities to sslh from command line:
# setcap cap_net_bind_service,cap_net_admin+pe /usr/local/sbin/sslh
But now when I try to run sslh NOT as ROOT
$ /etc/init.d/sslh start
I get:
pi at nextcloudpi:~ $ /etc/init.d/sslh start
Start services: sslh
ssh addr: localhost:1022. libwrap service: ssh log_level: 1 family 2 2 [] []
ssl addr: localhost:snpp. libwrap service: (null) log_level: 1 family 2 2 []
[]
listening on:
192.168.1.124:1445 []
timeout: 2
on-timeout: ssh
listening to 1 addresses
/var/run/sslh.pid: Permission denied
pi at nextcloudpi:~ $
I am grateful for any help offered J
Flex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20180421/f5ff7f15/attachment.html>
More information about the sslh
mailing list