Use port 443 for both openvpn https and ssl

Use port 443 for both openvpn https and ssl

In this tutorial, I will show how to use the same port (443) for both openvpn and https. I will start from a fresh virtual Debian 8 install. I have used several sources for this tutorial but more specifically : http://bernaerts.dyndns.org/linux/75-debian/210-debian-sslh for the sslh configuration and https://wiki.duraspace.org/display/VIVO/Localhost+Only+Webserver+Configuration for the apache2 configuration.

Install apache

sudo aptitude install apache2

Install a default https page (this is just for testing purposes)

sudo a2ensite default-ssl
sudo a2enmod ssl

Restart apache

sudo service apache2 restart

Check your ip address

ip addr

Open a browser and navigates to https://[your ip address], accept all the warnings and you should see apache’s default page.

sudo aptitude install sslh

Choose standalone

You then have to change the settings of /etc/default/sslh:

...
# allow start at boot
 RUN=yes
 
 # wait for 2 seconds to avoid error
 STARTTIME=2
 
 # options for listen & forward
DAEMON_OPTS="-u sslh -p [your_ip]:443 --ssh 127.0.0.1:22 --openvpn 127.0.0.1:1194 --ssl 127.0.0.1:443 -P /var/run/sslh.pid"

Restart sslh

sudo service sslh restart

By default, apache listen to the connections comming from the interface. We are going to change it so that it only listens to the connection on localhost. Edit /etc/apache2/ports.conf and change the config of the ssl_module and the mod_gnutls.c to :

<IfModule mod_ssl.c>
 Listen 127.0.0.1:443
 </IfModule>
 
 <IfModule mod_gnutls.c>
 Listen 127.0.0.1:443
</IfModule>

Restart apache

sudo service apache2 restart

If everything is setup correctly, you should be able to connect to the https page and to ssh to your host using port 443.

 


Leave a Reply

Your email address will not be published. Required fields are marked *