Commit 8cd30e16 authored by nimrod's avatar nimrod
Browse files

Router: Route SSH through HAProxy.

Use the HTTPS port so I can break out from restricted networks.
parent 0153391a
Loading
Loading
Loading
Loading
Loading
+8 −1
Original line number Diff line number Diff line
@@ -58,12 +58,19 @@ frontend https
        acl private_ip src 62.219.131.121
        acl shore_ip src 62.219.131.121
        acl shore_ip src 163.172.74.36
        acl ssh req.payload(0,7) -m str "SSH-2.0"
        acl ssl req_ssl_hello_type 1
        tcp-request content reject if lam !private_ip
        tcp-request content reject if auth !shore_ip !private_ip
        tcp-request content accept if { req_ssl_hello_type 1 }
        tcp-request content accept if ssh ssl
        use_backend kodi_https if kodi
        use_backend localhost_ssh if ssh
        default_backend host01_https

backend localhost_ssh
        mode tcp
        server ns1 127.0.0.1:22 check

backend host01_http
        mode http
        option forwardfor