/usr/share/doc/sslh/README.Debian is in sslh 1.18-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | sslh configuration
--------------------------
To avoid installation breakage, the daemon is disabled by default to
force the user to read documentation for the following reasons:
- sslh needs a webserver that has ssl support (for example mod_ssl for Apache),
an OpenVPN, another OpenSSH server or an XMPP server.
- sslh needs the server to *not* bind to all available ip on 443/tcp
(but this maybe the default behaviour !)
For example, to forward to a web server, you have to modify the default
configuration, in this way:
* Apache (/etc/apache2/ports.conf, mod_ssl section)
Listen 443
should become:
Listen 127.0.0.1:443
* lighttpd (/etc/lighttpd/conf-enabled/10-ssl.conf; ssl module enabled by
default):
$SERVER["socket"] == "0.0.0.0:443" {
should become:
$SERVER["socket"] == "127.0.0.1:443" {
And you have to modify the default sslh configuration (/etc/default/sslh) to
listen to the IP address of your choice:
[...] -p 0.0.0.0:443 [...]
should become:
[...] -p <ip_address_of_your_choice>:443 [...]
Any others configuration examples for others webserver are welcome.
You could also read /usr/share/doc/sslh/README, section "Configuration"
or the full manpage sslh(8) for more configuration details.
-- Guillaume Delacour <gui@iroqwa.org> Sat Feb 13 00:59:54 +0100 2009
Inetd support
--------------------------
sslh have inetd support since 1.7a release.
If used, inetd bind 443/tcp on all addresses, so your https server must bind
an another unused port (444/tcp proposed).
-- Guillaume Delacour <gui@iroqwa.org> Mon, 26 Jul 2010 23:40:01 +0200
|