nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 1 month ago verified publisher icon NginxProxyManager

Add corkscrew package to the docker image

Open Rod-O opened this issue 3 years ago • 5 comments

Is your feature request related to a problem? Please describe. I'd like to tunnel SSH connections through HTTPS

Describe the solution you'd like please add corkscrew package from apt to the docker image

Describe alternatives you've considered

Additional context

Rod-O avatar Sep 01 '22 23:09 Rod-O

Isn't corkscrew a client side fix for putting SSH through a forward HTTPS proxy such as those that guard an enterprises boundaries? How are you going to use it inside NPM?

the1ts avatar Sep 02 '22 12:09 the1ts

@the1ts only if using crappy routers, and no, I was thinking on putting SSH+GIT over HTTP, which is kind of redundant since there is already an implementation for git over HTTPS, but, why not? maybe there are more applications to this.

Rod-O avatar Sep 02 '22 14:09 Rod-O

Again corkscrew is for getting through a forward proxy and is used next to the client as a executable for SSH to run directly so needs to be where your SSH/git client is which is probably not inside the NPM container. Also nginx is used 99.9999999% of the time as a reverse proxy so this doesn't apply to the huge majority of people.

Am I wrong in saying corkscrew takes the SSH connection in over STDIN and not TCP so can't be used over the network by the SSH client? I think the SSH client must be the one to run corkscrew and connect to STDIN

Allowing the required HTTP CONNECT on an internet facing proxy like nginx which isn't built for that seems dangerous at best and open to abuse and you losing your internet provider at worst.

Perhaps I'm still not seeing the problem you are trying to fix. Drawing it out as a simple flow diagram may help e.g. the below

SSH client with corkscrew -> proxy server -> SSH server

If you are wanting to have SSH and SSL on the same port a tool like sslh would be a better fit, it understands both protocols and will forward as required.

the1ts avatar Sep 02 '22 15:09 the1ts

I was trying to use streams to redirect ssh to another port, but streams don't make a difference between subdomains.

On Fri, Sep 2, 2022 at 11:31 AM Paul Mansfield @.***> wrote:

Again corkscrew is for getting through a forward proxy and is used next to the client as a executable for SSH to run directly so needs to be where your SSH/git client is which is probably not inside the NPM container. Also nginx is used 99.9999999% of the time as a reverse proxy so this doesn't apply to the huge majority of people.

Am I wrong in saying corkscrew takes the SSH connection in over STDIN and not TCP so can't be used over the network by the SSH client? I think the SSH client must be the one to run corkscrew and connect to STDIN

Allowing the required HTTP CONNECT on an internet facing proxy like nginx which isn't built for that seems dangerous at best and open to abuse and you losing your internet provider at worst.

Perhaps I'm still not seeing the problem you are trying to fix. Drawing it out as a simple flow diagram may help e.g. the below

SSH client with corkscrew -> proxy server -> SSH server

If you are wanting to have SSH and SSL on the same port a tool like sslh would be a better fit, it understands both protocols and will forward as required.

— Reply to this email directly, view it on GitHub https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2239#issuecomment-1235638095, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB7OWZLV3MH5UAYPQGGJ7TV4IMWPANCNFSM6AAAAAAQCZ33WA . You are receiving this because you authored the thread.Message ID: @.***>

-- Rod.O

Rod-O avatar Sep 02 '22 21:09 Rod-O

sslh looks like a better fit

On Fri, Sep 2, 2022 at 5:07 PM Rodolfo Ochoa @.***> wrote:

I was trying to use streams to redirect ssh to another port, but streams don't make a difference between subdomains.

On Fri, Sep 2, 2022 at 11:31 AM Paul Mansfield @.***> wrote:

Again corkscrew is for getting through a forward proxy and is used next to the client as a executable for SSH to run directly so needs to be where your SSH/git client is which is probably not inside the NPM container. Also nginx is used 99.9999999% of the time as a reverse proxy so this doesn't apply to the huge majority of people.

Am I wrong in saying corkscrew takes the SSH connection in over STDIN and not TCP so can't be used over the network by the SSH client? I think the SSH client must be the one to run corkscrew and connect to STDIN

Allowing the required HTTP CONNECT on an internet facing proxy like nginx which isn't built for that seems dangerous at best and open to abuse and you losing your internet provider at worst.

Perhaps I'm still not seeing the problem you are trying to fix. Drawing it out as a simple flow diagram may help e.g. the below

SSH client with corkscrew -> proxy server -> SSH server

If you are wanting to have SSH and SSL on the same port a tool like sslh would be a better fit, it understands both protocols and will forward as required.

— Reply to this email directly, view it on GitHub https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2239#issuecomment-1235638095, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB7OWZLV3MH5UAYPQGGJ7TV4IMWPANCNFSM6AAAAAAQCZ33WA . You are receiving this because you authored the thread.Message ID: @.***>

-- Rod.O

-- Rod.O

Rod-O avatar Sep 02 '22 21:09 Rod-O

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Feb 10 '24 01:02 github-actions[bot]