added documentation for the new tcp.proxy module

This commit is contained in:
tigerbot 2017-10-26 15:44:19 -06:00
parent 138f59bea3
commit b44ad7b17a
1 changed files with 68 additions and 17 deletions

View File

@ -64,13 +64,15 @@ some of which have modules:
- [proxy (reverse proxy)](#tlsproxy)
- [acme](#tlsacme)
* [tcp](#tcp)
- [proxy](#tcpproxy)
- [forward](#tcpforward)
* [udp](#udp)
- [forward](#udpforward)
* [domains](#domains)
* [tunnel_server](#tunnel_server)
* [DDNS](#ddns)
* [tunnel_client](#tunnel)
* [mdns](#mdns)
* [mDNS](#mdns)
* [socks5](#socks5)
* api
@ -294,6 +296,37 @@ tcp:
address: '127.0.0.1:2222'
```
### tcp.proxy
The proxy module routes traffic based on the servername contained in a SNI header.
As such this only works to route TCP connections wrapped in a TLS stream.
It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
Example config:
```yml
tcp:
modules:
- type: proxy
domains:
- ssh.example.com
port: 22
```
In order to use this to route SSH connections you will need to use `ssh`'s
`ProxyCommand` option. For example to ssh into `ssh.example.com` you could use
the following command.
```bash
ssh user@ssh.example.com -o ProxyCommand='openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com'
```
Alternatively you could add the following lines to your ssh config file.
```
Host ssh.example.com
ProxyCommand openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com
```
### tcp.forward
The forward module routes traffic based on port number **without decrypting** it.
@ -366,27 +399,45 @@ udp:
To reduce repetition defining multiple modules that operate on the same domain
name the `domains` field can define multiple modules of multiple types for a
single list of names. The modules defined this way do not need to have their
own `domains` field.
own `domains` field. Note that the [tcp.forward](#tcpforward) module is not
allowed in a domains group since its routing is not based on domains.
Example Config
```yml
domains:
names:
- example.com
- www.example.com
- api.example.com
modules:
tls:
- type: acme
email: joe.schmoe@example.com
challenge_type: 'http-01'
http:
- type: redirect
from: /deprecated/path
to: /new/path
- type: proxy
port: 3000
- names:
- example.com
- www.example.com
- api.example.com
modules:
tls:
- type: acme
email: joe.schmoe@example.com
challenge_type: 'http-01'
http:
- type: redirect
from: /deprecated/path
to: /new/path
- type: proxy
port: 3000
dns:
- type: 'dns@oauth3.org'
token_id: user_token_id
- names:
- ssh.example.com
modules:
tls:
- type: acme
email: john.smith@example.com
challenge_type: 'http-01'
tcp:
- type: proxy
port: 22
dns:
- type: 'dns@oauth3.org'
token_id: user_token_id
```