Question 1

How to set up sshttp for SSH and HTTPS on port 443?

Accepted Answer

Compile sshttp, edit the nf-setup script to match ports like 22 for SSH and 4433 for HTTPS, then run sshttpd with -L 443 -H 4433 -S 22. Ensure your web server listens on 4433 and sshd on 22.

Question 2

sshttp vs stunnel for port multiplexing?

Accepted Answer

sshttp is optimized for transparent SSH/HTTP multiplexing on Linux with zero-copy and SNI support, while stunnel is a general SSL tunneling tool that may require more config for similar use cases. sshttp excels in performance but is Linux-only.

Question 3

Can sshttp handle IPv6 connections?

Accepted Answer

Yes, use the nf6-setup script for IPv6 firewall rules and invoke sshttpd with the -6 switch to enable IPv6 support, as mentioned in the transparent proxy setup section.

Question 4

How to configure SNI multiplexing for multiple domains?

Accepted Answer

Add multiple -N name:port switches when running sshttpd, e.g., -N domain1:7350 -N domain2:8080, and update the nf-setup script to include all backend ports for routing based on HTTPS SNI.

Question 5

Is sshttp secure for production use?

Accepted Answer

sshttp includes security hardening like chroot and unprivileged execution, but misconfiguring firewall rules can expose services. Test thoroughly in a safe environment and monitor logs for any issues.

Question 6

What happens if sshttp misidentifies a protocol?

Accepted Answer

sshttp inspects incoming traffic to decide between SSH and HTTP/HTTPS based on banners; if detection fails, connections may be routed incorrectly, so ensure SSH_BANNER and SMTP_DOMAIN in the Makefile match your server settings.

sshttp

What is sshttp?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions