[sslh] SSLH not proxying to webserver if listen port not 443

Sean Warner plica2006 at gmail.com
Sat Apr 21 16:54:23 UTC 2018 

Hello,

 

I am new to sslh and trying to understand many new concepts.. apologies if
this is very obvious. From my reading of the instructions on the webpage
https://github.com/yrutschle/sslh#transparent-proxy-support we have to give
sslh capabilities so we can run it as an unprivileged user. I think this is
because it listens on port 443? But what if we change the port it listens
on? I can port forward external port 443 from my router to any internal port
number I like. so I tried forwarding 443 outside my router to 1445 inside
and then my /etc/sslh.cfg is like:

 

verbose: true;

foreground: false;

inetd: false;

numeric: false;

transparent: false;

timeout: 2;

user: "sslh"; # was nobody

pidfile: "/var/run/sslh.pid";

chroot: "/var/empty";

 

 

# Change hostname with your external address name.

listen:

(

    { host: "192.168.1.124"; port: "1445"; }

);

 

protocols:

(

     { name: "ssh"; service: "ssh"; host: "127.0.0.1"; port: "1022"; },

     { name: "ssl"; host: "127.0.0.1"; port: "444"; }

);

 

If I run it as ROOT then sslh will start and run but I can't load a webpage
from my server because in my browser, I get ERR_CONNECTION_REFUSED.

 

If I change the listen port back to 443 it will work again.

 

I gave filesystem capabilities to sslh from command line:

# setcap cap_net_bind_service,cap_net_admin+pe /usr/local/sbin/sslh

 

But now when I try to run sslh NOT as ROOT

 

$ /etc/init.d/sslh start

 

I get:

 

pi at nextcloudpi:~ $ /etc/init.d/sslh start

Start services: sslh

ssh addr: localhost:1022. libwrap service: ssh log_level: 1 family 2 2 [] []

ssl addr: localhost:snpp. libwrap service: (null) log_level: 1 family 2 2 []
[]

listening on:

        192.168.1.124:1445      []

timeout: 2

on-timeout: ssh

listening to 1 addresses

/var/run/sslh.pid: Permission denied

pi at nextcloudpi:~ $

 

I am grateful for any help offered J

 

Flex

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20180421/f5ff7f15/attachment.html>

More information about the sslh mailing list