Do not use leading underscores for SNI.

This commit is contained in:
AJ ONeal 2017-11-01 14:50:29 -06:00
parent 4a576da545
commit b1d5ed3b14
1 changed files with 6 additions and 6 deletions

View File

@ -321,12 +321,12 @@ tcp:
modules:
- type: proxy
domains:
- _ssh.example.com # Note: this domain would also listed in tls.acme.domains
- ssh.example.com # Note: this domain would also listed in tls.acme.domains
host: localhost
port: 22
- type: proxy
domains:
- _vpn.example.com # Note: this domain would also listed in tls.acme.domains
- vpn.example.com # Note: this domain would also listed in tls.acme.domains
host: localhost
port: 1194
```
@ -339,17 +339,17 @@ in place on such networks.
#### Using with ssh
In order to use this to route SSH connections you will need to use `ssh`'s
`ProxyCommand` option. For example to use the TLS certificate for `_ssh.example.com`
`ProxyCommand` option. For example to use the TLS certificate for `ssh.example.com`
to wrap an ssh connection you could use the following command:
```bash
ssh user@example.com -o ProxyCommand='openssl s_client -quiet -connect example.com:443 -servername _ssh.example.com'
ssh user@example.com -o ProxyCommand='openssl s_client -quiet -connect example.com:443 -servername ssh.example.com'
```
Alternatively you could add the following lines to your ssh config file.
```
Host example.com
ProxyCommand openssl s_client -quiet -connect example.com:443 -servername _ssh.example.com
ProxyCommand openssl s_client -quiet -connect example.com:443 -servername ssh.example.com
```
#### Using with OpenVPN
@ -368,7 +368,7 @@ ssh -L 1194:localhost:1194 example.com
[openvpn-over-goldilocks]
client = yes
accept = 127.0.0.1:1194
sni = _vpn.example.com
sni = vpn.example.com
connect = example.com:443
```