SNI-like routing
Alex
al-openssh at none.at
Fri Sep 23 17:11:02 AEST 2022
Hi Carl.
On 21.09.22 22:59, Carl Karsten wrote:
> The goal is to host 4 or 5 websites for friends. all low traffic, so a
> single box should be fine. 16 cores, 32g ram, 1 nic, 1 public IP.
> hostname: prox
>
> each site gets a VM, created manually, (they all get debian) add
> friends ssh keys and let them ssh in and do whatever they want in
> their vm. and be able to ansible over ssh like ansible does.
>
> hostnames vm1, vm2... friends all manage their own domain name
> register / dns, point their www's at my IP.
>
> I would like to keep ports all standard: 22 for ssh, 80/443 for
> http/s, etc. and route to the VM based on hostname.
>
> ssh user at prox gets the host, ssh user at vm1 gets vm1. curl http://vm1 gets vm1.
>
> There are lots of ways to do this, I'm trying to work out a config
> that makes it easy on their end.
>
> Telling them all to use ProxyJump isn't out of the question, but I'm
> hoping there are other options.
>
> I don't mind a separate solution for ssh and http. like for http I
> can run an nginx on the public IP with
>
> server_name vm1;
> location / { proxy_pass http://10.0.0.1;
Another option could be to use `openssl s_client ...` with the
`ProxyCommand`.
```
ssh -o ProxyCommand="openssl s_client -quiet -connect 172.16.0.10:2222
-servername 192.168.0.201" dummyName1
```
Some more good examples can be found in this blog post with routing
examples via HAProxy.
https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/
Hth
Alex
More information about the openssh-unix-dev
mailing list