From c74fd4f65c577dcda873f79b322d6161acc7656c Mon Sep 17 00:00:00 2001 From: hgy59 Date: Mon, 10 Feb 2025 12:18:47 +0100 Subject: [PATCH] add wizards to choose service variant - add install and upgrade wizards to choose service variant - add detailed logger config - remove unsupported config options (verbose, timeout) --- cross/sslh/Makefile | 2 +- cross/sslh/PLIST | 2 +- spk/sslh/Makefile | 4 +++- spk/sslh/src/service-setup.sh | 24 ++++++++++++++++++++++++ spk/sslh/src/sslh.cfg | 22 ++++++++++++++++++++-- spk/sslh/src/wizard/install_uifile | 20 ++++++++++++++++++++ spk/sslh/src/wizard/upgrade_uifile | 20 ++++++++++++++++++++ 7 files changed, 89 insertions(+), 5 deletions(-) create mode 100644 spk/sslh/src/wizard/install_uifile create mode 100644 spk/sslh/src/wizard/upgrade_uifile diff --git a/cross/sslh/Makefile b/cross/sslh/Makefile index 1f3bd69992a..b6684e0d3ac 100644 --- a/cross/sslh/Makefile +++ b/cross/sslh/Makefile @@ -34,6 +34,6 @@ include ../../mk/spksrc.cross-cc.mk .PHONY: sslh_install sslh_install: @install -d -m 755 $(STAGING_INSTALL_PREFIX)/bin - @install -m 755 $(WORK_DIR)/$(PKG_DIR)/sslh-fork $(STAGING_INSTALL_PREFIX)/bin/sslh + @install -m 755 $(WORK_DIR)/$(PKG_DIR)/sslh-fork $(STAGING_INSTALL_PREFIX)/bin/ @install -m 755 $(WORK_DIR)/$(PKG_DIR)/sslh-select $(STAGING_INSTALL_PREFIX)/bin/ @install -m 755 $(WORK_DIR)/$(PKG_DIR)/sslh-ev $(STAGING_INSTALL_PREFIX)/bin/ diff --git a/cross/sslh/PLIST b/cross/sslh/PLIST index 226fe6a7a8e..49005eb301f 100644 --- a/cross/sslh/PLIST +++ b/cross/sslh/PLIST @@ -1,3 +1,3 @@ -bin:bin/sslh +bin:bin/sslh-fork bin:bin/sslh-ev bin:bin/sslh-select diff --git a/spk/sslh/Makefile b/spk/sslh/Makefile index 9093aea6904..237e44feb8d 100644 --- a/spk/sslh/Makefile +++ b/spk/sslh/Makefile @@ -11,12 +11,14 @@ MAINTAINER = SynoCommunity DESCRIPTION = sslh is a ssl/ssh multiplexer. sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, TLS/SSL \(including SNI and ALPN\), SSH, OpenVPN, tinc, XMPP, SOCKS5, are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 \(e.g. to connect to SSH from inside a corporate firewall, which almost never block port 443\) while still serving HTTPS on that port. DISPLAY_NAME = sslh -CHANGELOG = "1. Update sslh to v2.1.4.
2. Add sslh-select and sslh-ev." +CHANGELOG = "1. Update sslh to v2.1.4.
2. Add sslh-select and sslh-ev.
3. Add option to choose sslh-fork, sslh-select or sslh-ev at installation and upgrade." HOMEPAGE = https://www.rutschle.net/tech/sslh/README.html LICENSE = GPLv2 STARTABLE = yes +WIZARDS_DIR = src/wizard/ + SERVICE_USER = auto SERVICE_SETUP = src/service-setup.sh diff --git a/spk/sslh/src/service-setup.sh b/spk/sslh/src/service-setup.sh index 6b84023ca55..c76491285fc 100644 --- a/spk/sslh/src/service-setup.sh +++ b/spk/sslh/src/service-setup.sh @@ -2,3 +2,27 @@ PATH="${SYNOPKG_PKGDEST}/bin:${PATH}" SSLH="${SYNOPKG_PKGDEST}/bin/sslh" CFG_FILE="${SYNOPKG_PKGVAR}/sslh.cfg" SERVICE_COMMAND="${SSLH} -F${CFG_FILE}" + + +create_sslh_link () +{ + _target=${1} + if [ -z "${_target}" ]; then + _target=sslh-fork + fi + + echo "install ${_target} as sslh" + + cd ${SYNOPKG_PKGDEST}/bin && ln -sf ${_target} ${SSLH} +} + +service_postinst () +{ + if [ "${wizard_sslh_select}" = "true" ]; then + create_sslh_link "sslh-select" + elif [ "${wizard_sslh_ev}" = "true" ]; then + create_sslh_link "sslh-ev" + else + create_sslh_link "sslh-fork" + fi +} diff --git a/spk/sslh/src/sslh.cfg b/spk/sslh/src/sslh.cfg index a6cd9c91588..7ad09e977f3 100644 --- a/spk/sslh/src/sslh.cfg +++ b/spk/sslh/src/sslh.cfg @@ -1,13 +1,31 @@ -verbose: 1; +# You can manually adjust the configuration for sslh +# A package update will keep this file; the config file that comes +# with the update might have different values and will be available as sslh.cfg.new +# + foreground: false; inetd: false; numeric: false; transparent: false; -timeout: "5"; user: "sc-sslh"; pidfile: "/var/packages/sslh/var/sslh.pid"; logfile: "/var/packages/sslh/var/sslh.log"; +# Logging configuration +# Value: 1: stdout; 2: syslog; 3: stdout+syslog; 4: logfile; ...; 7: all +# Generally, you want *-error to be always enabled, to know if something is going wrong. +# for DSM use either 0 to disable or 4 to print to logfile +verbose-config: 4; # print configuration at startup +verbose-config-error: 4; # print configuration errors +verbose-connections: 4; # trace established incoming address to forward address +verbose-connections-error: 4; # connection errors +verbose-connections-try: 0; # connection attempts towards targets +verbose-fd: 0; # file descriptor activity, open/close/whatnot +verbose-packets: 0; # hexdump packets on which probing is done +verbose-probe-info: 0; # what's happening during the probe process +verbose-probe-error: 4; # failures and problems during probing +verbose-system-error: 4; # system call problem, i.e. malloc, fork, failing +verbose-int-error: 4; # internal errors, the kind that should never happen # Change hostname with your external address name, or the IP # of the interface that receives connections diff --git a/spk/sslh/src/wizard/install_uifile b/spk/sslh/src/wizard/install_uifile new file mode 100644 index 00000000000..d27b6ff313e --- /dev/null +++ b/spk/sslh/src/wizard/install_uifile @@ -0,0 +1,20 @@ +[{ + "step_title": "sslh service variant", + "items": [{ + "type": "singleselect", + "desc": "Select what sslh variant to use:", + "subitems": [{ + "key": "wizard_sslh_fork", + "desc": "sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you are going to use sslh for a 'small' setup (less than a dozen ssh connections and a low-traffic https server) then sslh-fork is probably more suited for you.", + "defaultValue": true + },{ + "key": "wizard_sslh_select", + "desc": "sslh-select uses only one thread, which monitors all connections at once. It only incurs a 16 byte overhead per connection. Also, if it stops, you'll lose all connections, which means you can't upgrade it remotely. If you are going to use sslh on a 'medium' setup (a few hundreds of connections), or if you are on a system where forking is expensive (e.g. Windows), sslh-select will be better.", + "defaultValue": false + },{ + "key": "wizard_sslh_ev", + "desc": "sslh-ev is similar to sslh-select, but uses libev as a backend. This allows using specific kernel APIs that allow to manage thousands of connections concurrently.", + "defaultValue": false + }] + }] +}] diff --git a/spk/sslh/src/wizard/upgrade_uifile b/spk/sslh/src/wizard/upgrade_uifile new file mode 100644 index 00000000000..d27b6ff313e --- /dev/null +++ b/spk/sslh/src/wizard/upgrade_uifile @@ -0,0 +1,20 @@ +[{ + "step_title": "sslh service variant", + "items": [{ + "type": "singleselect", + "desc": "Select what sslh variant to use:", + "subitems": [{ + "key": "wizard_sslh_fork", + "desc": "sslh-fork forks a new process for each incoming connection. It is well-tested and very reliable, but incurs the overhead of many processes. If you are going to use sslh for a 'small' setup (less than a dozen ssh connections and a low-traffic https server) then sslh-fork is probably more suited for you.", + "defaultValue": true + },{ + "key": "wizard_sslh_select", + "desc": "sslh-select uses only one thread, which monitors all connections at once. It only incurs a 16 byte overhead per connection. Also, if it stops, you'll lose all connections, which means you can't upgrade it remotely. If you are going to use sslh on a 'medium' setup (a few hundreds of connections), or if you are on a system where forking is expensive (e.g. Windows), sslh-select will be better.", + "defaultValue": false + },{ + "key": "wizard_sslh_ev", + "desc": "sslh-ev is similar to sslh-select, but uses libev as a backend. This allows using specific kernel APIs that allow to manage thousands of connections concurrently.", + "defaultValue": false + }] + }] +}]