mirror of
https://github.com/yrutschle/sslh.git
synced 2025-04-13 15:47:15 +03:00
0fb4c6b2ad
This allows people to chroot sslh into a path to further harden it. We have to rework the user logic a bit because we need to look up the user details *before* we chroot (as we need to read /etc/passwd files), but do the actual priv dropping *after* we chroot (so we have permission to make the actual chroot call). Similarly, we need to open the syslog before we drop privs because /dev/log won't be available inside the chroot.
31 lines
757 B
INI
31 lines
757 B
INI
# This is a basic configuration file that should provide
|
|
# sensible values for "standard" setup.
|
|
|
|
verbose: false;
|
|
foreground: false;
|
|
inetd: false;
|
|
numeric: false;
|
|
transparent: false;
|
|
timeout: 2;
|
|
user: "nobody";
|
|
pidfile: "/var/run/sslh.pid";
|
|
chroot: "/var/empty";
|
|
|
|
|
|
# Change hostname with your external address name.
|
|
listen:
|
|
(
|
|
{ host: "thelonious"; port: "443"; }
|
|
);
|
|
|
|
protocols:
|
|
(
|
|
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; },
|
|
{ name: "openvpn"; host: "localhost"; port: "1194"; },
|
|
{ name: "xmpp"; host: "localhost"; port: "5222"; },
|
|
{ name: "http"; host: "localhost"; port: "80"; },
|
|
{ name: "ssl"; host: "localhost"; port: "443"; log_level: 0; },
|
|
{ name: "anyprot"; host: "localhost"; port: "443"; }
|
|
);
|
|
|