Network Setup

Description

Several services are available directly: NGINX (HTTP), OpenSSH (SSH), tinc, and ShadowSocks.

All of these services are also availble on port 443 throuh port multiplexing using HAProxy. This is useful for public places where access to ports other than 80 and 443 is blocked by a firewall.

SSL/TLS termination is done by HAProxy. Traffic is decrypted and redirected back to HAProxy to be forwared to the correct service. This enables HTTPS but also allows any of the other protocols to be tunneled through TLS to prevent nosy firewalls from snooping. There is a special redirect from HAProxy to NGINX to support HTTP/2.

Home setup network layout

Tools

OpenSSH	SSH server and client with tunneling support
NGINX	fast and stable HTTP server
HAProxy	HTTP proxy with load balancing support
ShadowSocks	secure socks5 proxy
tinc	VPN that uses tunnelling and encryption to create a mesh network

ExamplesSSH to port 443:

ssh -p 443 marcoen.dev

SSH to port 443 over TLS:

ssh -o ProxyCommand="openssl s_client -connect %h:%p -quiet" -p 443 marcoen.dev