NGINX SSH stream based on hostname

Question

Is possible to configure a proxy for SSH based on the hostname?

Such as:

                                 |-> host1.domainexample1.com
                                 |-> host2.domainexample1.com
 SSH from outsite <-> Firewall <-|-> domainx.com (Default)
                                 |-> host1.domainexample2.com
                                 |-> host2.domainexample2.com

Futhermore, for security reasons, I would love to have a multiplex port. Such can be archived with SSHL, making the port 443 work for OpenVPN, HTTPS and SSH.

Ideally, would be great if NGINX could support all of it.

Thank you.

score 1 · Answer 1 · answered Jan 23 '23 at 10:22

Since SSH doesn't send SNI, Nginx can't route SSH connections by hostname.

But there is a trick that can send the hostname before SSH. You need to configure it on your local machine.

Modify ~/.ssh/config:

Host *.domainexample1.com
    ProxyCommand openssl s_client -quiet -servername %h -connect your.firewall.ip.com

In this way, you can get the hostname by $ssl_preread_server_name in Nginx. Then you can route them by setting some upstreams.

NGINX SSH stream based on hostname

1 Answers1