Updated to make transparency proxy work for sslh. Fix the “setsockopt: Operation not permitted when using init.d” error. No need to run as root.
Git Clone
git clone https://github.com/yrutschle/sslh
Prepare compile environment
sudo apt-get install libwrap0-dev libconfig-dev libcap-dev
Compile sslh
sudo make install
Copy startup and configuration files into target location
sudo cp sslh-fork /usr/local/sbin/sslh sudo mkdir -p /etc/sslh sudo cp basic.cfg /etc/sslh/sslh.cfg sudo cp scripts/etc.init.d.sslh /etc/init.d/sslh
Modify the startup file: /etc/init.d/sslh
PREFIX=/usr
start()
{
echo "Start services: sslh"
$DAEMON -c nobody setcap cap_net_bind_service,cap_net_admin+pe /usr/local/sbin/sslh -F/etc/sslh/sslh.cfg
logger -t ${tag} -p ${facility} -i 'Started sslh'
}
Modify the configuration file: /etc/sslh/sslh.cfg
transparent: true;
listen:
(
{ host: "0.0.0.0"; port: "443"; }
);
...
#do not use localhost or 127.0.0.1, use the internal ip, try ifconfig to get it.
{ name: "ssl"; host: "192.168.1.3"; port: "4433"; }
Update Firewall
iptables -t mangle -N SSLH iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 22 --jump SSLH iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 4443 --jump SSLH iptables -t mangle -A SSLH --jump MARK --set-mark 0x1 iptables -t mangle -A SSLH --jump ACCEPT ip rule add fwmark 0x1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
iptables-save > /etc/iptables.rules cat << EOF > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF chmod +x /etc/network/if-pre-up.d/iptablesload
Add the following 2 lines to startup:
# nano /etc/rc.local ip rule add fwmark 0x1 lookup 100 ip rule add fwmark 0x1 lookup 100 exit 0
References:
hi, 我想 80 同时访问 22 和 nginx,环境是 centos rpm 安装 1.18,没有你说的这些文件,也找不到。官方说明文档就一句话….
可以告诉我,你找不到的是哪个文件吗?
cfg 文件是自己创建的,执行文件 sslh 也是自己放进去的。
然后修改启动脚本就可以。
cfg 自建就 ok 多谢我尝试一下