Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Trying to get SSLH transparent mode to work properly

Featured Replies

I don't think there's an SSLH docker for unraid; so I'm using https://github.com/shaddysignal/sslh-hub

Configuration is as follows:
Privileged
Host networking
Extra params:

-e LISTEN_IP=0.0.0.0 -e HTTPS_PORT=18443 -e LISTEN_PORT=48443 -e SSH_HOST=192.168.1.74 -e HTTPS_HOST=192.168.1.74 -e OPENVPN_HOST=192.168.1.74



192.168.1.74 is my Unraid box. Yes, I realize that makes the "SSH_HOST" my unraid box. Don't worry, SSH is disabled in unraid, it's actually going to a docker.

Everything "works" right now, except that when users connect from outside my network the internal requests are seen as having come from the unraid box docker lan:

sshd[8232]: Accepted password for [user] from 172.17.0.7 port 36792 ssh2



This is problematic as the docker has both fail2ban and denyhosts running within it. Eventually, malicious attempts come, regardless of what you do. For example, an ip range (now blocked at the router) slammed with a wave of invalid SSH attempts, which put 172.17.0.7 on the hosts.deny list for ssh. Now I can't get in, until I manually clear that list.

So I looked into it and "transparent" mode seems to be what I need to use in SSLH. So, I opened the docker entrypoint script, and added "--transparent" to the arguments list, before all the rest. This is when I had to switch from not privileged to privileged - so I know the parameter is accepted and doing "something" but requests are still being seen as from within the internal docker network.

Has anyone messed with this at all?
Is it worth pursuing this any further? Ideally I don't want to have to add another box to just do my SSLH and HTTPS forwarding with a custom Let's Encrypt + Nginx + sslh + ssh + denyhosts + fail2ban just to get remote access over 443 while sharing the port with other services...

  • 4 months later...

Did you have any luck with this? 

 

Looking at setting up the same docker on my UnRaid server at the moment. 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.