Using SSLH with existing Apache and OpenSSH setup?

penyuan · 01-26-2016, 03:14 AM

Hello,

I have a running Apache 2.4 web server (listening on port 443) and OpenSSH server on my Manjaro Linux server.

I also just installed the protocol demultiplexer SSLH with configuration:

Code:

# Default Arch configuration
# You can find more examples in /usr/share/doc/sslh

verbose: false;
foreground: true;
inetd: false;
numeric: false;
transparent: false;
timeout: 2;
user: "sslh";
pidfile: "/run/sslh.pid";


listen:
(
    { host: "::0"; port: "443"; }
);

protocols:
(
     { name: "ssh"; service: "ssh"; host: "localhost"; port: "1022"; probe: "bu$
     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
     { name: "http"; host: "localhost"; port: "443"; probe: "builtin"; },
     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
);

When I start the installed SSLH service, I get this error:

Quote:

sslh-select.service - SSL/SSH multiplexer
Loaded: loaded (/usr/lib/systemd/system/sslh-select.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2016-01-26 17:03:22 CST; 2s ago
Process: 28907 ExecStart=/usr/bin/sslh-select -F/etc/sslh.conf (code=exited, status=1/FAILURE)
Main PID: 28907 (code=exited, status=1/FAILURE)

Jan 26 17:03:22 [my hostname] sslh-select[28907]: config: /etc/sslh.conf
Jan 26 17:03:22 [my hostname] systemd[1]: Started SSL/SSH multiplexer.
Jan 26 17:03:22 [my hostname] sslh-select[28907]: [my domain]:https:listen: Address already in use
Jan 26 17:03:22 [my hostname] systemd[1]: sslh-select.service: Main process exited, code=exited, status=1/FAILURE
Jan 26 17:03:22 [my hostname] systemd[1]: sslh-select.service: Unit entered failed state.
Jan 26 17:03:22 [my hostname] systemd[1]: sslh-select.service: Failed with result 'exit-code'.

My best guess is that since my Apache server is already set to listen on port 443, SSLH can no longer listen on it? (would it be the same problem with SSH?)

I tried to tell Apache to listen on another port, say, 1234, and tell SSLH to listen on 443 then pass HTTP connections to localhost:1234. However, I *still* get the "address already in use" error.

I'd appreciate help from anyone who has integrated SSLH into an existing web server. Thank you.

penyuan · 01-26-2016, 03:59 AM

Update:

I managed to get Apache to listen on another port, say, 1234 and start the SSLH service without the "address already in use error". I just had to find all instances of "listen" in Apache's configuration files and make sure they are all listening on 1234.

Now, I can SSH into my server via port 443. But when I try to get to my server's webpage via HTTPS on port 443, I get a "Secure Connection Failed" error from Firefox.

How do I resolve this? Thanks!!!