added documentation for the new tcp.proxy module
This commit is contained in:
parent
138f59bea3
commit
b44ad7b17a
85
README.md
85
README.md
|
@ -64,13 +64,15 @@ some of which have modules:
|
|||
- [proxy (reverse proxy)](#tlsproxy)
|
||||
- [acme](#tlsacme)
|
||||
* [tcp](#tcp)
|
||||
- [proxy](#tcpproxy)
|
||||
- [forward](#tcpforward)
|
||||
* [udp](#udp)
|
||||
- [forward](#udpforward)
|
||||
* [domains](#domains)
|
||||
* [tunnel_server](#tunnel_server)
|
||||
* [DDNS](#ddns)
|
||||
* [tunnel_client](#tunnel)
|
||||
* [mdns](#mdns)
|
||||
* [mDNS](#mdns)
|
||||
* [socks5](#socks5)
|
||||
* api
|
||||
|
||||
|
@ -294,6 +296,37 @@ tcp:
|
|||
address: '127.0.0.1:2222'
|
||||
```
|
||||
|
||||
### tcp.proxy
|
||||
|
||||
The proxy module routes traffic based on the servername contained in a SNI header.
|
||||
As such this only works to route TCP connections wrapped in a TLS stream.
|
||||
|
||||
It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
|
||||
|
||||
Example config:
|
||||
```yml
|
||||
tcp:
|
||||
modules:
|
||||
- type: proxy
|
||||
domains:
|
||||
- ssh.example.com
|
||||
port: 22
|
||||
```
|
||||
|
||||
In order to use this to route SSH connections you will need to use `ssh`'s
|
||||
`ProxyCommand` option. For example to ssh into `ssh.example.com` you could use
|
||||
the following command.
|
||||
|
||||
```bash
|
||||
ssh user@ssh.example.com -o ProxyCommand='openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com'
|
||||
```
|
||||
|
||||
Alternatively you could add the following lines to your ssh config file.
|
||||
```
|
||||
Host ssh.example.com
|
||||
ProxyCommand openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com
|
||||
```
|
||||
|
||||
### tcp.forward
|
||||
|
||||
The forward module routes traffic based on port number **without decrypting** it.
|
||||
|
@ -366,27 +399,45 @@ udp:
|
|||
To reduce repetition defining multiple modules that operate on the same domain
|
||||
name the `domains` field can define multiple modules of multiple types for a
|
||||
single list of names. The modules defined this way do not need to have their
|
||||
own `domains` field.
|
||||
own `domains` field. Note that the [tcp.forward](#tcpforward) module is not
|
||||
allowed in a domains group since its routing is not based on domains.
|
||||
|
||||
Example Config
|
||||
|
||||
```yml
|
||||
domains:
|
||||
names:
|
||||
- example.com
|
||||
- www.example.com
|
||||
- api.example.com
|
||||
modules:
|
||||
tls:
|
||||
- type: acme
|
||||
email: joe.schmoe@example.com
|
||||
challenge_type: 'http-01'
|
||||
http:
|
||||
- type: redirect
|
||||
from: /deprecated/path
|
||||
to: /new/path
|
||||
- type: proxy
|
||||
port: 3000
|
||||
- names:
|
||||
- example.com
|
||||
- www.example.com
|
||||
- api.example.com
|
||||
modules:
|
||||
tls:
|
||||
- type: acme
|
||||
email: joe.schmoe@example.com
|
||||
challenge_type: 'http-01'
|
||||
http:
|
||||
- type: redirect
|
||||
from: /deprecated/path
|
||||
to: /new/path
|
||||
- type: proxy
|
||||
port: 3000
|
||||
dns:
|
||||
- type: 'dns@oauth3.org'
|
||||
token_id: user_token_id
|
||||
|
||||
- names:
|
||||
- ssh.example.com
|
||||
modules:
|
||||
tls:
|
||||
- type: acme
|
||||
email: john.smith@example.com
|
||||
challenge_type: 'http-01'
|
||||
tcp:
|
||||
- type: proxy
|
||||
port: 22
|
||||
dns:
|
||||
- type: 'dns@oauth3.org'
|
||||
token_id: user_token_id
|
||||
```
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue