SSH and HTTPS Support?

[FantaBlueMystery]

Can you add SSH Support? (Nice to have)

For example by my SSH-Proxy

stream {

    upstream ssh {
        server 10.8.0.16:22;
    }

    upstream https {
        server 10.8.0.15:443;
    }

    upstream https2 {
        server 10.8.0.18:443;
    }

    map $ssl_preread_server_name $name {
     mysdomain.com https2;
      default https;
    }

    map $ssl_preread_protocol $upstream {
        default ssh;
        "TLSv1.2" $name;
        "TLSv1.3" $name;
        "TLSv1.1" $name;
        "TLSv1.0" $name;
    }

    # SSH and SSL on the same port
    server {
        listen 443;

        proxy_pass $upstream;
        ssl_preread on;
    }

[Thijmen]

I am already forwarding SSH with streams, would this help you?

[FantaBlueMystery]

Hi there Thanks for the answer! Your answer would only be a part because according to the protocol "$ ssl_preread_protocol" it would have to be divided into "TLSv1.2", "TLSv1.3", "TLSv1.1", "TLSv1.0" and the "default" for the ssh. All this would be necessary to separate the HTTPS and SSH on one port (443). If it could then be separated by domain, that would be wonderful.

Would that be possible with the streams in the UI? Can you set the stream again on port 443? It would be important that only one port is present on the outside.

[Thijmen]

Is that even possible, @FantaBlueMystery ?

[FantaBlueMystery]

yes clearly see my first post, currently I have another nginx before npm that uses this config and on 'server 10.8.0.15:443;' forward to the npm

:)

[gustavosbarreto]

Hi @FantaBlueMystery, did you know ShellHub? I think you can configure NGINX Proxy Manager to work together ShellHub for SSH access.

I'm doing some tests with NGINX Proxy Manager and ShellHub to provide HTTPS access.

[FantaBlueMystery]

Hello @gustavosbarreto thanks for the info, I didn't know "shellhub" until now. It looks very interesting e.g. with "web-based user interface".

But here it would also be the case that it should be accessible using the SSH protocol. As an example, we would use sftp or the Ansible program.

But I'll still have a look at "shellhub". But I think to get the destination a port on the router you still can't get without the settings like in my first post.

Port 22 (or another ssh port) should not be visible from the outside. Therefore, a camouflage via https (443) is ingenious, since you can determine the HTTPs server and SSH in the internal network at the same time based on the domain (subdomaining).

[ursus69]

Has there been any advancement on this enhancement? It would make it the ultimate NGinx project if we could make this happen! almost all the businesses blocks other ports than 80 and 443, so this will allow me to connect to my home undetected. If we could also add other streams like VPN over 443 it will be great! Cordially

[ursus69]

yes clearly see my first post, currently I have another nginx before npm that uses this config and on 'server 10.8.0.15:443;' forward to the npm

:)

How do you achieve this? which docker image you use for your head Nginx with streams? Cheers!

[FantaBlueMystery]

Hey @ursus69 sorry for my late answer:

docker-compose.yml

services:
  npm:
    image: nginx
    container_name: sshproxy
    restart: always
    ports:
      - 444:443
      - 84:80
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./logs/:/var/log/nginx/

Edit your nginx.conf and add:

Can you add SSH Support? (Nice to have)

For example by my SSH-Proxy

stream {

    upstream ssh {
        server 10.8.0.16:22;
    }

    upstream https {
        server 10.8.0.15:443;
    }

    upstream https2 {
        server 10.8.0.18:443;
    }

    map $ssl_preread_server_name $name {
     mysdomain.com https2;
      default https;
    }

    map $ssl_preread_protocol $upstream {
        default ssh;
        "TLSv1.2" $name;
        "TLSv1.3" $name;
        "TLSv1.1" $name;
        "TLSv1.0" $name;
    }

    # SSH and SSL on the same port
    server {
        listen 443;

        proxy_pass $upstream;
        ssl_preread on;
    }

Simple and fast :)

[ursus69]

Many thanks @FantaBlueMystery, I t works like a charm!

[fdelucchijr]

This is an exiting enhancement!!! It would add an extra layer of security for my network! Praying to see it in NPM soon!

[litio2001]

Do you know when this new enhancement will be available in the docker NPM image?

thanks in advance for the wonderful development!!

[chaptergy]

I don't think this code snippet will ever be officially added to NPM unless someone creates a pull request adding this and creating a user interface where this is configurable. As it is now, this is very specific for one ssh server, and the file would have to be edited manually anyways, so there is no point in adding it. You would have to add this nginx config inside your container yourself.

[fdelucchijr]

I don't think this code snippet will ever be officially added to NPM unless someone creates a pull request adding this and creating a user interface where this is configurable. As it is now, this is very specific for one ssh server, and the file would have to be edited manually anyways, so there is no point in adding it. You would have to add this nginx config inside your container yourself.

This comment make me kind of sad, but its acceptable. I get an alternative. Using Cloudflare's Argo Tunnels make this so easy! also provides TLS secure connection, IP hidding, DDNS, CGNAT Bypass and other amazing features.

For ssh with WebRender you can use this guide: This

To use the setup with the ssh cli (ProxyJump) you can use this

And, of you think this offers you a ProxyJump to far away when your locally you can use this amazing blog

KEEP IN MIND that this heavely relies in Cloudflare/LetsEncrypt DNS certificates and (in this instruction) Docker.

[mriksman]

I don't think this code snippet will ever be officially added to NPM unless someone creates a pull request adding this and creating a user interface where this is configurable. As it is now, this is very specific for one ssh server, and the file would have to be edited manually anyways, so there is no point in adding it. You would have to add this nginx config inside your container yourself.

We just need a way to enter/edit the stream block manually. Do not need a full blown GUI for it. Just click the 'Add Stream' button, have a tab that says 'Manual Entry', enter your code, and click save.

[stefanwerfling]

Hello everyone, I'm a big fan of NPM!

I've started to write my own software for this implementation and I'm still looking for testers, whoever is interested can take a look at the whole thing.

I'm just posting this because the idea isn't being picked up. The whole thing is still under development. I use it for myself already in a live test. You can find it through my profile.

[marky421]

Can this feature be used to enable SSH support? Would the streams feature come into play? I'm hoping to only have ports 80/443 open on my firewall but I want to be able to SSH and host some https sites.

https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations

[stefanwerfling]

@marky421 I do not fully understand the question.

The example above shows how an SSH protocol can be placed over the HTTPS port. Nginx looks at which protocol applies to TLS and directs it to the appropriate upstream. If none of the protocols match, the default target is the SSH server.

Magic :)