sslh: nginx + openvpn + ssh

sslh.md

install

su
apt-get install sslh nginx libcap2-bin
setcap 'cap_net_bind_service=+ep' /usr/sbin/sslh

nano /etc/default/sslh

DAEMON=/usr/sbin/sslh

RUN=yes
DAEMON_OPTS="--user sslh \
--listen 0.0.0.0:443 \
--ssl 127.0.0.1:4433 \
--openvpn 127.0.0.1:1194 \
--ssh 127.0.0.1:22 \
--pidfile /var/run/sslh/sslh.pid"

nginx

#listen 443 ssl;
listen 4433 ssl;

nano /etc/nginx/conf.d/header.conf

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;

iptables

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4433
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p udp --dport 1194 -j REDIRECT --to-ports 1194
iptables-save > /etc/iptables.rules

nano /etc/systemd/system/iptables-restore.service

[Unit]
Description=Restore iptables rules
After=network.target

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/iptables.rules

[Install]
WantedBy=multi-user.target

enable iptables daemon

systemctl enable iptables-restore.service
systemctl start iptables-restore.service

install pivpn

curl https://raw.githubusercontent.com/pivpn/pivpn/master/auto_install/install.sh | bash

add user to openvpn

pivpn add

edit user.ovpn and

remote your-host 1194

replace with

remote your-host 443