In this tutorial, I will show how to use the same port (463) for both openvpn and https. I will start from a fresh virtual Debian 8 install. I have used several sources for this tutorial but more specifically : http://bernaerts.dyndns.org/linux/75-debian/210-debian-sslh for the sslh configuration and https://wiki.duraspace.org/display/VIVO/Localhost+Only+Webserver+Configuration for the apache2 configuration.
Install apache
sudo aptitude install apache2
Install a default https page (this is just for testing purposes)
sudo a2ensite default-ssl
sudo a2enmod ssl
Restart apache
sudo service apache2 restart
Check your ip address
ip addr
Open a browser and navigates to https://[your ip address], accept all the warnings and you should see apache’s default page.
sudo aptitude install sslh
Choose standalone
You then have to change the settings of /etc/default/sslh:
... # allow start at boot RUN=yes # wait for 2 seconds to avoid error STARTTIME=2 # options for listen & forward DAEMON_OPTS="-u sslh -p [your_ip]:443 --ssh 127.0.0.1:22 --openvpn 127.0.0.1:1194 --ssl 127.0.0.1:443 -P /var/run/sslh.pid"
Restart sslh
sudo service sslh restart
By default, apache listen to the connections comming from the interface. We are going to change it so that it only listens to the connection on localhost. Edit /etc/apache2/ports.conf and change the config of the ssl_module and the mod_gnutls.c to :
<IfModule mod_ssl.c> Listen 127.0.0.1:443 </IfModule> <IfModule mod_gnutls.c> Listen 127.0.0.1:443 </IfModule>
Restart apache
sudo service apache2 restart
If everything is setup correctly, you should be able to connect to the https page and to ssh to your host using port 443.