SNI-like routing

Andrej Manduch amanduch at gmail.com
Thu Sep 22 19:45:30 AEST 2022


Hi,

I'm not sure if I understand your problem correctly but if so I would 
recommend this:

 From that one public IP you can use tool caled sniproxy (It's pretty 
awesome tool, I used it for a quite long time) and that would enable you 
to send even https traffic based of hostnames to correct hosts. 
Unfortunatelly I don't have similiar solution for ssh (I think you can 
make some kind of weird server with paramico, but it would be not trivial)

But I would suggest you to do something different. If I were your 
clients, I would just install cloudflare client on their VMs and use 
cloudflare tunnel for both http/s and ssh, it works great. (if you want 
to hear more or help with setting up, feel free to ping me), This is 
solution that I'm currently using on some projects.

--

Kind regards,

b.


On 9/21/22 22:59, Carl Karsten wrote:
> The goal is to host 4 or 5 websites for friends. all low traffic, so a
> single box should be fine. 16 cores, 32g ram, 1 nic, 1 public IP.
> hostname: prox
>
> each site gets a VM, created manually, (they all get debian) add
> friends ssh keys and let them ssh in and do whatever they want in
> their vm.  and be able to ansible over ssh like ansible does.
>
> hostnames vm1, vm2... friends all manage their own domain name
> register / dns, point their www's at my IP.
>
> I would like to keep ports all standard: 22 for ssh, 80/443 for
> http/s, etc. and route to the VM based on hostname.
>
> ssh user at prox gets the host, ssh user at vm1 gets vm1. curl http://vm1 gets vm1.
>
> There are lots of ways to do this, I'm trying to work out a config
> that makes it easy on their end.
>
> Telling them all to use ProxyJump isn't out of the question, but I'm
> hoping there are other options.
>
> I don't mind a separate solution for ssh and http.  like for http I
> can run an nginx on the public IP with
>
>   server_name vm1;
>    location / { proxy_pass http://10.0.0.1;
>


More information about the openssh-unix-dev mailing list