0

I'm trying to setup an FTP subdomain, such that all incoming SFTP requests to (say) ftp.myname.com, get routed to a particular internal server, (say) 10.123.456 via port 22.

How do I use nginx to route this traffic?

I've already setup the SFTP server, and can SFTP directly to the server, say:

sftp [email protected], which works fine.

The problem is that when I setup nginx to route all traffic to ftp.myname.com, it connects, but the passwords get rejected. I have no problems routing web traffic to my other subdomains, say dev.myname.com (with passwords), but it doesn't work for the SFTP traffic:

server {
    listen 22;
    server_name ftp.myname.com;
    return .............
}

How do I define the return sting to route the traffic with the passwords?

The connection is SFTP (via port 22).

Thanks

CC BY-SA 3.0
Improve this question
1
  • 1
    just a note: sftp uses ssh-server to connect to. If you define nginx to listen to port 22, it expects a http / https connection to this port. In my personal opinion you cannot forward a sftp request send to nginx to ssh-server. check what ports your services listen to, so ssh-server (for sftp connections) might already listen on port22 to accept connections. you might restrict connections to port 22 via ufw. To get a special subdomain to listen only to port 22, someone else might help out.
    – semm0
    Commented Feb 18, 2016 at 8:41

2 Answers 2

Reset to default
1

Aswering to @peixotorms: yes, you can. nginx can proxy/load balance http as well as tcp and udp traffic, see nginx stream modules documentation (at the nginx main documentation page) , and specifically the stream core module's documentation.

CC BY-SA 4.0
Improve this answer
1
-1

You cannot do this on nginx (http only), you must use something like HaProxy and a simple dns record for your subdomain pointing to the server ip.

Some info: http://jpmorris-iso.blogspot.pt/2013/01/load-balancing-openssh-sftp-with-haproxy.html

Edit:

Since nginx version 1.15.2 it's now possible to do that using the variable $ssl_preread_protocol. The official blog added post about how to use this variable for multiplexing HTTPS and SSH on the same port. https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/

Example of configuring SSH on an upstream block:

stream {
    upstream ssh {
        server 192.0.2.1:22;
    }

    upstream sslweb {
        server 192.0.2.2:443;
    }

    map $ssl_preread_protocol $upstream {
        default ssh;
        "TLSv1.2" sslweb;
    }

    # SSH and SSL on the same port
    server {
        listen 443;
        proxy_pass $upstream;
        ssl_preread on;
    }
}
CC BY-SA 4.0
Improve this answer
1

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.