Logging when using sslh
On a server I use sslh to allow ssh to port 443 and allow serving https sites at the same time. But when this is used, the logging for the TLS/SSL vhosts all show 127.0.0.1 as the source IP. This post will fix this problem
Needed changes
The original documentation mentioned the transparent mode, but when I tried to set it up on a test system it didn’t work. After searching I found a good article which works and does not need iptables configuration.
Configure the network
In order to get everything to work after a reboot the network configuration in /etc/network/interfaces should be edited.
iface XXX inet static
post-up ip rule add fwmark 0x1 lookup 100
post-up ip route add local 0.0.0.0/0 dev lo table 100
post-up ip rule add from 127.0.0.2/32 table 100
pre-down ip rule del fwmark 0x1 lookup 100
pre-down ip route del local 0.0.0.0/0 dev lo table 100
pre-down ip rule del from 127.0.0.2/32 table 100
Apache configuration
During the original sslh configuration, apache is configured to listen on localhost:443. This has to be changed to 127.0.0.2:443
sslh configuration
On my debian I needed to change the /etc/default/sslh config file to enable the transparent mode.
DAEMON_OPTS="--user sslh -n --transparent --listen <public IP>:443 --ssh 127.0.0.2:22 --ssl 127.0.0.2:443 --pidfile /var/run/sslh/sslh.pid"
I have added the -n and –transparent options.