added documentation for the new tcp.proxy module

2017-10-26 15:44:19 -06:00 · 2017-10-26 15:44:19 -06:00 · b44ad7b17a
commit b44ad7b17a
parent 138f59bea3
1 changed files with 68 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -64,13 +64,15 @@ some of which have modules:
  - [proxy (reverse proxy)](#tlsproxy)
  - [acme](#tlsacme)
 * [tcp](#tcp)
+  - [proxy](#tcpproxy)
  - [forward](#tcpforward)
 * [udp](#udp)
  - [forward](#udpforward)
 * [domains](#domains)
 * [tunnel_server](#tunnel_server)
+* [DDNS](#ddns)
 * [tunnel_client](#tunnel)
-* [mdns](#mdns)
+* [mDNS](#mdns)
 * [socks5](#socks5)
 * api

@ -294,6 +296,37 @@ tcp:
      address: '127.0.0.1:2222'
 ```

+### tcp.proxy
+
+The proxy module routes traffic based on the servername contained in a SNI header.
+As such this only works to route TCP connections wrapped in a TLS stream.
+
+It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
+
+Example config:
+```yml
+tcp:
+  modules:
+    - type: proxy
+      domains:
+        - ssh.example.com
+      port: 22
+```
+
+In order to use this to route SSH connections you will need to use `ssh`'s
+`ProxyCommand` option. For example to ssh into `ssh.example.com` you could use
+the following command.
+
+```bash
+ssh user@ssh.example.com -o ProxyCommand='openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com'
+```
+
+Alternatively you could add the following lines to your ssh config file.
+```
+Host ssh.example.com
+  ProxyCommand openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com
+```
+
 ### tcp.forward

 The forward module routes traffic based on port number **without decrypting** it.
@ -366,13 +399,14 @@ udp:
 To reduce repetition defining multiple modules that operate on the same domain
 name the `domains` field can define multiple modules of multiple types for a
 single list of names. The modules defined this way do not need to have their
-own `domains` field.
+own `domains` field. Note that the [tcp.forward](#tcpforward) module is not
+allowed in a domains group since its routing is not based on domains.

 Example Config

 ```yml
 domains:
-  names:
+  - names:
      - example.com
      - www.example.com
      - api.example.com
@ -387,6 +421,23 @@ domains:
          to: /new/path
        - type: proxy
          port: 3000
+      dns:
+        - type: 'dns@oauth3.org'
+          token_id: user_token_id
+
+  - names:
+      - ssh.example.com
+    modules:
+      tls:
+        - type: acme
+          email: john.smith@example.com
+          challenge_type: 'http-01'
+      tcp:
+        - type: proxy
+          port: 22
+      dns:
+        - type: 'dns@oauth3.org'
+          token_id: user_token_id
 ```