finn/site
2
1
Fork 1
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

initial working ssh entry

Browse Source
This commit is contained in:
finn 2024-08-09 18:47:22 -07:00
parent 619ce9b0bd
commit 979adc3b13
5 changed files with 59 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -1,7 +1,8 @@
gitea/ gitea
.env .env
pmb-pf/ pmb-pf
venv venv
zapp.db zapp.db
db/bu db/bu
tor/hidden_service/ tor/hidden_service
sshtun/oilykey

25
compose.yaml
View File

@ -31,7 +31,7 @@ services:
#tty: true #tty: true
restart: always restart: always
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi) # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"] #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
container_name: backend container_name: backend
environment: environment:
- MYSQL_USER=flasku - MYSQL_USER=flasku
@ -96,12 +96,12 @@ services:
proxy: proxy:
build: proxy build: proxy
restart: always restart: always
volumes: #volumes:
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro # - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro # - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
ports: ports:
- 80:80 - "80:80"
- 443:443 - "443:443"
depends_on: depends_on:
- backend - backend
networks: networks:
@ -135,6 +135,19 @@ services:
networks: networks:
- backnet - backnet
sshtun:
build:
context: sshtun
dockerfile: Dockerfile
restart: always
ports:
- "22222:22"
expose:
- "11111"
- "11112"
networks:
- frontnet
volumes: volumes:
db-data: db-data:
pmb-root: pmb-root:

50
proxy/conf
View File

@ -1,52 +1,12 @@
#server {
# listen 80;
# server_name localhost;
# location / {
# proxy_pass http://backend:8000;
# }
# always redirect to https
server { server {
listen 80 default_server; listen 80;
server_name _; server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name oily.dad www.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
location / { location / {
proxy_pass http://backend:8000/; proxy_pass http://backend:8000;
} }
location /gutty{
proxy_pass http://gitea:3000;
} }
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name gut.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
location / {
client_max_body_size 512M;
#proxy_pass http://localhost:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000/;
} }
}

18
sshtun/Dockerfile Normal file
View File

@ -0,0 +1,18 @@
FROM debian:12-slim
RUN apt update && apt install -y openssh-server socat
RUN adduser --disabled-password --gecos "" finn
RUN mkdir /home/finn/.ssh
# only one pubkey -- wildcard to conceal filename
COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
RUN mkdir /var/run/sshd
RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
COPY ./entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

8
sshtun/entrypoint.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# Container goal:
# autossh -N -R 11111:localhost:11434 -i sshtun/oilykey/<SOMEKEY> -p 22222 <SOMEURL>
# forwards rem_c_port:(operator_pc:op_pc_port) ...some args... rem_host_p rem_host_url
nohup socat TCP-LISTEN:11112,fork TCP:localhost:11111 &
/usr/sbin/sshd -D