Giter Club home page Giter Club logo

Comments (4)

lgrn avatar lgrn commented on June 16, 2024 2

Well that explains why I didn't find anything!

It wouldn't really help in this case unfortunately since this environment has no independent CA and no current plans to implement one.

While supporting additional CAs is also a good idea, I'd argue that it also makes sense to allow the user to bypass certificate checks for sshx completely if they know what they're doing, much like curl does.

VPN isn't the only use case for this, the connection could also be happening over an SSH tunnel for example, or it could be running on localhost, serving https externally but with no plans to accept external sshx clients. Simply put, it would add a lot of useful flexibility.

from sshx.

lgrn avatar lgrn commented on June 16, 2024 1

I got it to work decently, I think.

I set up caddy on the node running sshx-server and simply told it to:

[vpn-dns]:443 {
    tls internal
    reverse_proxy [vpn-ip]:8080
}

This works with the caveat that the sshx binary itself will refuse to connect to https://[vpn-dns] since the certificate is self signed. Therefore, when connecting you need to make sure you're using regular http:

sshx --server http://[vpn-dns]:8080

Since this isn't the URL you want back in your response link, you also need to run the server component with --override-origin like this:

sshx-server --listen [vpn-ip] --port 8080 --override-origin "https://[vpn-dns]"

The response given when running sshx then correctly has [vpn-dns] in the link.

In summary, I guess a very minor feature request could be to add an --insecure flag to sshx as it would make setup a bit easier.

from sshx.

ekzhang avatar ekzhang commented on June 16, 2024

I'm experimenting with self-hosting sshx-server, which doesn't seem to be documented from what I can find

It is actually mentioned in the README that this is unsupported!

image

Glad you were able to get it to work for your use case though. Trusting self-signed certificates seems like a reasonable option to have for now. Would #31 fit your use case?

from sshx.

ekzhang avatar ekzhang commented on June 16, 2024

Makes sense!

from sshx.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.