su
apt-get install sslh nginx libcap2-bin
setcap 'cap_net_bind_service=+ep' /usr/sbin/sslh
nano /etc/default/sslh
DAEMON=/usr/sbin/sslh
RUN=yes
DAEMON_OPTS="--user sslh \
--listen 0.0.0.0:443 \
--ssl 127.0.0.1:4433 \
--openvpn 127.0.0.1:1194 \
--ssh 127.0.0.1:22 \
--pidfile /var/run/sslh/sslh.pid"
#listen 443 ssl;
listen 4433 ssl;
nano /etc/nginx/conf.d/header.conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4433
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p udp --dport 1194 -j REDIRECT --to-ports 1194
iptables-save > /etc/iptables.rules
nano /etc/systemd/system/iptables-restore.service
[Unit]
Description=Restore iptables rules
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/iptables.rules
[Install]
WantedBy=multi-user.target
systemctl enable iptables-restore.service
systemctl start iptables-restore.service
curl https://raw.githubusercontent.com/pivpn/pivpn/master/auto_install/install.sh | bash
pivpn add
remote your-host 1194
remote your-host 443