Skip to content

Sslh

services.sslh.enable

Whether to enable sslh, protocol demultiplexer. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.listenAddresses

Listening addresses or hostnames. Type: (list of string) or string convertible to it

Default

["0.0.0.0""[::]"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.method

The method to use for handling connections:

  • fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes.

  • select uses only one thread, which monitors all connections at once. It has lower overhead per connection, but if it stops, you'll lose all connections.

  • ev is implemented using libev, it's similar to select but scales better to a large number of connections.

Type: one of "fork", "select", "ev"

Default

"fork"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.port

Listening port. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

443

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings

sslh configuration. See {manpage}sslh(8) for available settings. Type: attribute set of (libconfig value)

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings.numeric

Whether to disable reverse DNS lookups, thus keeping IP address literals in the log.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings.protocols

List of protocols sslh will probe for and redirect. Each protocol entry consists of:

  • name: name of the probe.

  • service: libwrap service name (see {manpage}hosts_access(5)),

  • host, port: where to connect when this probe succeeds,

  • log_level: to log incoming connections,

  • transparent: proxy this protocol transparently,

  • etc.

See the documentation for all options, including probe-specific ones.

Type: list of attribute set of (libconfig value)

Default

[{host = "localhost";name = "ssh";port = "22";service = "ssh";}{host = "localhost";name = "openvpn";port = "1194";}{host = "localhost";name = "xmpp";port = "5222";}{host = "localhost";name = "http";port = "80";}{host = "localhost";name = "tls";port = "443";}{host = "localhost";name = "anyprot";port = "443";}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings.timeout

Timeout in seconds. Type: unsigned integer, meaning >=0

Default

2

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings.transparent

Whether the services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix

services.sslh.settings.verbose-connections

Where to log connections information. Possible values are:

  1. don't log anything
  2. write log to stdout
  3. write log to syslog
  4. write log to both stdout and syslog
  5. write to a log file ({option}sslh.settings.logfile)

Type: integer between 0 and 4 (both inclusive)

Default

0

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/sslh.nix