ssh proxy

2026-02-25 11:23:39 +01:00 · 2026-02-25 11:23:39 +01:00 · 2e680ff98c
commit 2e680ff98c
parent 81edf99463
1 changed files with 18 additions and 1 deletions
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@ -24,8 +24,10 @@
    ];
    firewall = {
      allowedTCPPorts = [
+        22
        80
        443
+        1005
        2142
      ];
    };
@ -63,7 +65,7 @@ services = {
      listenAddresses = [
        {
          addr = "141.56.51.1";
-          port = 2142;
+          port = 1005;
        }
      ];
    };
@ -113,6 +115,7 @@ services = {

        frontend http-in
          bind *:80
+
          acl is_plone hdr(host) -i stura.htw-dresden.de
          acl is_www_plone hdr(host) -i www.stura.htw-dresden.de
          acl is_pro hdr(host) -i pro.stura.htw-dresden.de
@ -123,6 +126,16 @@ services = {
          default_backend plone_80


+        # ---- SSH Jump ----
+        frontend ssh_jump
+          bind *:22
+          mode tcp
+          use_backend ssh_srs2
+        frontend ssh_jump_alt
+          bind *:2142
+          mode tcp
+          use_backend ssh_srs2
+
        # ---- SNI routing (TCP, peek at handshake) ----
        frontend sni_router
          bind *:443
@ -142,6 +155,10 @@ services = {
          # loopback to the termination frontend below
          server loopback 127.0.0.1:8443

+        backend ssh_srs2
+          mode tcp
+          server srs2 141.56.51.2:80 check
+
        backend tls_passthrough
          mode tcp
          server nginx_host 141.56.51.15:443 check