[Question] - Info about http-auth (tunnel with basic auth)
Opened this issue · 0 comments
manprint commented
Hi @antoniomika
I would need to tunnel some services via subdomains and basic auth.
This is my sish configuration:
docker run -itd \
--name=sish \
--hostname "sish.noc" \
--pull=always \
-v $(pwd)/ssl:/ssl \
-v $(pwd)/keys:/keys \
-v $(pwd)/pubkeys:/pubkeys \
-v /home/alpine/docker/certs/etc-lets:/etc/letsencrypt \
--network=def \
--restart=always \
antoniomika/sish:latest \
--ssh-address=:2222 \
--http-address=:80 \
--https-address=:443 \
--https=true \
--https-certificate-directory=/ssl \
--authentication-keys-directory=/pubkeys \
--private-keys-directory=/keys \
--bind-random-aliases=false \
--bind-random-ports=false \
--bind-random-subdomains=false \
--force-requested-aliases=true \
--force-requested-ports=true \
--force-requested-subdomains=true \
--authentication-password="xxxxxxxxx" \
--force-https \
--admin-console \
--admin-console-token=xxxxxxxxx \
--service-console-max-content-length=0 \
--log-to-client \
--verify-ssl=false \
--domain=dev.mydomain.link
With this setup I'm sure that if someone tries to use an already assigned subdomain, sish won't assign a random subdomain.
With this configuration, when I start the auth tunnel with the command:
ssh -p 443 -R foo\\:bar@test:80:localhost:9090 dev.mydomain.link
the tunnel is not started and the system response is:
Warning: remote port forwarding failed for listen port 80
For authentication to work correctly, I need to set the bind parameters as follows:
--force-requested-aliases=false
--force-requested-ports=false
--force-requested-subdomains=false
With these settings, however, if an already assigned tunnel is requested, sish generates a random subdomain.
My question is this: how do I configure sish to have these two requirements:
- Authentication works.
- If an already assigned tunnel is requested, a random subdomain must NOT be generated, but the bind must fail.
Thank You very Much.