Xaero Posted August 31, 2019 Share Posted August 31, 2019 I don't think there's an SSLH docker for unraid; so I'm using https://github.com/shaddysignal/sslh-hub Configuration is as follows: Privileged Host networking Extra params: -e LISTEN_IP=0.0.0.0 -e HTTPS_PORT=18443 -e LISTEN_PORT=48443 -e SSH_HOST=192.168.1.74 -e HTTPS_HOST=192.168.1.74 -e OPENVPN_HOST=192.168.1.74 192.168.1.74 is my Unraid box. Yes, I realize that makes the "SSH_HOST" my unraid box. Don't worry, SSH is disabled in unraid, it's actually going to a docker. Everything "works" right now, except that when users connect from outside my network the internal requests are seen as having come from the unraid box docker lan: sshd[8232]: Accepted password for [user] from 172.17.0.7 port 36792 ssh2 This is problematic as the docker has both fail2ban and denyhosts running within it. Eventually, malicious attempts come, regardless of what you do. For example, an ip range (now blocked at the router) slammed with a wave of invalid SSH attempts, which put 172.17.0.7 on the hosts.deny list for ssh. Now I can't get in, until I manually clear that list. So I looked into it and "transparent" mode seems to be what I need to use in SSLH. So, I opened the docker entrypoint script, and added "--transparent" to the arguments list, before all the rest. This is when I had to switch from not privileged to privileged - so I know the parameter is accepted and doing "something" but requests are still being seen as from within the internal docker network. Has anyone messed with this at all? Is it worth pursuing this any further? Ideally I don't want to have to add another box to just do my SSLH and HTTPS forwarding with a custom Let's Encrypt + Nginx + sslh + ssh + denyhosts + fail2ban just to get remote access over 443 while sharing the port with other services... Quote Link to comment
ekim Posted January 14, 2020 Share Posted January 14, 2020 Did you have any luck with this? Looking at setting up the same docker on my UnRaid server at the moment. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.