sslh
accepts connections on specified ports, and forwards
them further based on tests performed on the first data
packet sent by the remote client.
Probes for HTTP, TLS/SSL (including SNI and ALPN), SSH, OpenVPN, tinc, XMPP, SOCKS5, are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to SSH from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh
acts as a protocol demultiplexer, or a
switchboard. With the SNI and ALPN probe, it makes a good
front-end to a virtual host farm hosted behind a single IP
address.
sslh
has the bells and whistles expected from a mature
daemon: privilege and capabilities dropping, inetd support,
systemd support, transparent proxying,
chroot, logging, IPv4 and IPv6, a fork-based and a
select-based model, and more.
Check more at: https://github.com/yrutschle/sslh
https://quay.io/repository/riotkit/sslh?tab=tags
docker pull quay.io/riotkit/sslh:1.20-r3
Please note the network_mode
- in standard networking SSLH freezes on incoming connection.
version: "3.4"
services:
sslh:
image: quay.io/riotkit/sslh:1.20-r3
ports:
- 4443:4443
cap_add:
- cap_net_admin
network_mode: host
environment:
HTTP_TARGET: "127.0.0.1:8000"
SSL_TARGET: "127.0.0.1:443"
#SSL_TARGET: "{{ host }}:443" # example: {{ host }} will be automatically replaced with a gateway IP address
#VPN_TARGET: ""
#HTTP_TARGET: ""
#SOCKS_TARGET: ""
#ADDITIONAL_ARGS: "-v"