1d4afb5ceSopenharmony_ci# lws minimal ws server raw proxy fallback 2d4afb5ceSopenharmony_ci 3d4afb5ceSopenharmony_ciThis demonstrates how a vhost doing normal http or http(s) duty can be also be 4d4afb5ceSopenharmony_cibound to a specific role and protocol as a fallback if the incoming protocol is 5d4afb5ceSopenharmony_ciunexpected for tls or http. The example makes the fallback role + protocol 6d4afb5ceSopenharmony_cian lws plugin that performs raw packet proxying. 7d4afb5ceSopenharmony_ci 8d4afb5ceSopenharmony_ciBy default the fallback in the example will proxy 127.0.0.1:22, which is usually 9d4afb5ceSopenharmony_ciyour ssh server listen port, on 127.0.0.1:7681. You should be able to ssh into 10d4afb5ceSopenharmony_ciport 7681 the same as you can port 22. At the same time, you should be able to 11d4afb5ceSopenharmony_civisit http://127.0.0.1:7681 in a browser (and if you give -s, to 12d4afb5ceSopenharmony_cihttps://127.0.0.1:7681 while your ssh client can still connect to the same 13d4afb5ceSopenharmony_ciport. 14d4afb5ceSopenharmony_ci 15d4afb5ceSopenharmony_ci## build 16d4afb5ceSopenharmony_ci 17d4afb5ceSopenharmony_ciTo build this standalone, you must tell cmake where the lws source tree 18d4afb5ceSopenharmony_ci./plugins directory can be found, since it relies on including the source 19d4afb5ceSopenharmony_ciof the raw-proxy plugin. 20d4afb5ceSopenharmony_ci 21d4afb5ceSopenharmony_ci``` 22d4afb5ceSopenharmony_ci $ cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins && make 23d4afb5ceSopenharmony_ci``` 24d4afb5ceSopenharmony_ci 25d4afb5ceSopenharmony_ci## usage 26d4afb5ceSopenharmony_ci 27d4afb5ceSopenharmony_ciCommandline option|Meaning 28d4afb5ceSopenharmony_ci---|--- 29d4afb5ceSopenharmony_ci-d <loglevel>|Debug verbosity in decimal, eg, -d15 30d4afb5ceSopenharmony_ci-r ipv4:address:port|Configure the remote IP and port that will be proxied, by default ipv4:127.0.0.1:22 31d4afb5ceSopenharmony_ci-s|Configure the server for tls / https and `LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT` 32d4afb5ceSopenharmony_ci-h|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER`, allowing http service on tls port (caution... it's insecure then) 33d4afb5ceSopenharmony_ci-u|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS`, so the server issues a redirect to https to clients that attempt to connect to a server configured for tls with http. 34d4afb5ceSopenharmony_ci``` 35d4afb5ceSopenharmony_ci $ ./lws-minimal-raw-proxy 36d4afb5ceSopenharmony_ci[2018/11/30 19:22:35:7290] USER: LWS minimal raw proxy-fallback 37d4afb5ceSopenharmony_ci[2018/11/30 19:22:35:7291] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off 38d4afb5ceSopenharmony_ci[2018/11/30 19:22:35:7336] NOTICE: callback_raw_proxy: onward ipv4 127.0.0.1:22 39d4afb5ceSopenharmony_ci... 40d4afb5ceSopenharmony_ci``` 41d4afb5ceSopenharmony_ci 42d4afb5ceSopenharmony_ci``` 43d4afb5ceSopenharmony_ci $ ssh -p7681 me@127.0.0.1 44d4afb5ceSopenharmony_ciLast login: Fri Nov 30 19:29:23 2018 from 127.0.0.1 45d4afb5ceSopenharmony_ci[me@learn ~]$ 46d4afb5ceSopenharmony_ci``` 47d4afb5ceSopenharmony_ci 48d4afb5ceSopenharmony_ciAt the same time, visiting http(s)://127.0.0.1:7681 in a browser works fine. 49d4afb5ceSopenharmony_ci 50