I just had a brilliant idea.



I suddenly remembered what it was!

I was recently on WiFi that blocked my SSH port, so I thought about setting up some TLS or HTTPS tunnel on my main server and use ALPN or SNI to differentiate between normal site traffic and my SSH tunnel. It looks like nginx can do this with the stream_ssl_preread module[1], but it doesn't look like that module can use the internal HTTP server as 'upstream', so it will cause an extra level of indirection for all HTTPS traffic. Not sure I like that solution. Maybe I can hack something together with Websockets instead.

To be continued...

1. nginx.org/en/docs/stream/ngx_s

Looks like wstunnel[1] can be abused for SSH-over-HTTPS tunneling. Exactly what I had in mind, except I'm not comfortable running half of NPM on my systems. 🙄

1. github.com/mhzed/wstunnel

@ayo what about sslh? i think there was another project too, but i can't remember the name off the top of my head

@applehq Has the same downside: Adds a layer of indirection to all HTTPS traffic. Considering the traffic my server has to deal with, I'd rather avoid that approach.

@ayo I am using corkscrew for this... smaller and does the job, https://github.com/bryanpkc/corkscrew/ You need a sshd listening on port 443 though...

@ckeen That *is* beautifully small, but it uses HTTP CONNECT to go through a proxy, which Nginx doesn't support.

At least... not by itself, but I see there's an out-of-tree module that could be used for this purpose: github.com/chobits/ngx_http_pr

Worth investigating!

@ayo Ah thanks for the heads up, I use it to get through a good ol' squid...
Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !