StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh proxy

Browse source
This commit is contained in:
goeranh 2026-02-25 11:23:39 +01:00
parent 81edf99463
commit 2e680ff98c
No known key found for this signature in database
1 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hosts/proxy/default.nix
View file

@ -24,8 +24,10 @@
]; ];
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
22
80 80
443 443
1005
2142 2142
]; ];
}; };
@ -63,7 +65,7 @@ services = {
listenAddresses = [ listenAddresses = [
{ {
addr = "141.56.51.1"; addr = "141.56.51.1";
port = 2142; port = 1005;
} }
]; ];
}; };
@ -113,6 +115,7 @@ services = {
frontend http-in frontend http-in
bind *:80 bind *:80
acl is_plone hdr(host) -i stura.htw-dresden.de acl is_plone hdr(host) -i stura.htw-dresden.de
acl is_www_plone hdr(host) -i www.stura.htw-dresden.de acl is_www_plone hdr(host) -i www.stura.htw-dresden.de
acl is_pro hdr(host) -i pro.stura.htw-dresden.de acl is_pro hdr(host) -i pro.stura.htw-dresden.de
@ -123,6 +126,16 @@ services = {
default_backend plone_80 default_backend plone_80
# ---- SSH Jump ----
frontend ssh_jump
bind *:22
mode tcp
use_backend ssh_srs2
frontend ssh_jump_alt
bind *:2142
mode tcp
use_backend ssh_srs2
# ---- SNI routing (TCP, peek at handshake) ---- # ---- SNI routing (TCP, peek at handshake) ----
frontend sni_router frontend sni_router
bind *:443 bind *:443
@ -142,6 +155,10 @@ services = {
# loopback to the termination frontend below # loopback to the termination frontend below
server loopback 127.0.0.1:8443 server loopback 127.0.0.1:8443
backend ssh_srs2
mode tcp
server srs2 141.56.51.2:80 check
backend tls_passthrough backend tls_passthrough
mode tcp mode tcp
server nginx_host 141.56.51.15:443 check server nginx_host 141.56.51.15:443 check