cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3575a88b58
openbsd-ports/net/sslh/patches/patch-sslh_pod
sthen 68aad04c97 update to sslh 1.11; from Björn Ketelaars 
note, if you set sslh_flags in rc.conf.local you'll need to add --user=_sslh
2012-04-22 20:50:12 +00:00

67 lines
2.1 KiB
Plaintext
Raw Blame History

--- sslh.pod.orig Sat Apr 21 18:34:14 2012
+++ sslh.pod Sun Apr 22 09:45:36 2012
@@ -16,12 +16,19 @@
inside a corporate firewall, which almost never block port
443) while still serving HTTPS on that port.
-
The idea is to have B<sslh> listen to the external 443 port,
accept the incoming connections, work out what type of
connection it is, and then fordward to the appropriate
server.
+B<sslh> comes in two versions: B<sslh-fork> forks a new process
+for each incoming connection. It is well-tested and very
+reliable, but incurs the overhead of many processes. B<sslh-select>
+uses only one thread, which monitors all connections at once.
+It is more recent and less tested, but only incurs a 16 byte
+overhead per connection. Also, if it stops, you'll lose all
+connections, which means you can't upgrade it remotely.
+
=head2 Protocol detection
The protocol detection is made based on the first bytes sent
@@ -45,17 +52,6 @@
provides, and connects it to the SSH server if it starts
with "SSH-", or connects it to the SSL server otherwise.
-=head2 Libwrap support
-
-One drawback of B<sslh> is that the B<ssh> and B<httpd>
-servers do not see the original IP address of the client
-anymore, as the connection is forwarded through B<sslh>.
-B<sslh> provides enough logging to circumvent that problem.
-However it is common to limit access to B<ssh> using
-B<libwrap> or B<tcpd>. For this reason, B<sslh> can be
-compiled to check SSH accesses against SSH access lists as
-defined in F</etc/hosts.allow> and F</etc/hosts.deny>.
-
=head1 OPTIONS
=over 4
@@ -140,24 +136,6 @@
Runs in foreground. The server will not fork and will remain connected
to the terminal. Messages normally sent to B<syslog> will also be sent
to I<stderr>.
-
-=back
-
-=head1 FILES
-
-=over 4
-
-=item F</etc/init.d/sslh>
-
-Start-up script. The standard actions B<start>, B<stop> and
-B<restart> are supported.
-
-=item F</etc/default/sslh>
-
-Server configuration. These are environment variables
-loaded by the start-up script and passed to B<sslh> as
-command-line arguments. Refer to the OPTIONS section for a
-detailed explanation of the variables used by B<sslh>.
=back
Reference in New Issue View Git Blame Copy Permalink