I just had a brilliant idea.
I suddenly remembered what it was!
I was recently on WiFi that blocked my SSH port, so I thought about setting up some TLS or HTTPS tunnel on my main server and use ALPN or SNI to differentiate between normal site traffic and my SSH tunnel. It looks like nginx can do this with the stream_ssl_preread module, but it doesn't look like that module can use the internal HTTP server as 'upstream', so it will cause an extra level of indirection for all HTTPS traffic. Not sure I like that solution. Maybe I can hack something together with Websockets instead.
To be continued...
Looks like wstunnel can be abused for SSH-over-HTTPS tunneling. Exactly what I had in mind, except I'm not comfortable running half of NPM on my systems. 🙄
@ayo R.I.P. idea
@ayo what about sslh? i think there was another project too, but i can't remember the name off the top of my head
@applehq Has the same downside: Adds a layer of indirection to all HTTPS traffic. Considering the traffic my server has to deal with, I'd rather avoid that approach.
@ckeen That *is* beautifully small, but it uses HTTP CONNECT to go through a proxy, which Nginx doesn't support.
At least... not by itself, but I see there's an out-of-tree module that could be used for this purpose: https://github.com/chobits/ngx_http_proxy_connect_module
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !