0

Is possible to configure a proxy for SSH based on the hostname?

Such as:

                                 |-> host1.domainexample1.com
                                 |-> host2.domainexample1.com
 SSH from outsite <-> Firewall <-|-> domainx.com (Default)
                                 |-> host1.domainexample2.com
                                 |-> host2.domainexample2.com

Futhermore, for security reasons, I would love to have a multiplex port. Such can be archived with SSHL, making the port 443 work for OpenVPN, HTTPS and SSH.

Ideally, would be great if NGINX could support all of it.

Thank you.

Danilo Souza
  • 1
  • 2
  • 3
  • Not 100%, but while you can likely do [multplexing with Nginx](https://superuser.com/questions/1135208/can-nginx-serve-ssh-and-https-at-the-same-time-on-the-same-port), as far as I am aware, since SSH isn't HTTP-based, there would be no way to loop in server names in the way you seem to be interested in. You would likely have to use unique IP:port combinations or nested SSH sessions. – Anaksunaman Mar 24 '19 at 05:12
  • Same question as on this site: https://unix.stackexchange.com/questions/290223/how-to-configure-nginx-as-a-reverse-proxy-for-different-port-numbers – unNamed Mar 25 '19 at 10:01

1 Answers1

1

Since SSH doesn't send SNI, Nginx can't route SSH connections by hostname.

But there is a trick that can send the hostname before SSH. You need to configure it on your local machine.

Modify ~/.ssh/config:

Host *.domainexample1.com
    ProxyCommand openssl s_client -quiet -servername %h -connect your.firewall.ip.com

In this way, you can get the hostname by $ssl_preread_server_name in Nginx. Then you can route them by setting some upstreams.

Harry Lee
  • 11
  • 1