finn/site
2
1
Fork 1
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

initial working ssh entry #4

Merged
finn merged 3 commits from ssh_in into master 2024-08-10 02:18:07 +00:00
Conversation 1 Commits 3 Files Changed 6 +59 -59
5 changed files with 59 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 979adc3b13 - Show all commits

7
.gitignore vendored
View File

@@ -1,7 +1,8 @@
gitea/
gitea
.env
pmb-pf/
pmb-pf
venv
zapp.db
db/bu
tor/hidden_service/
tor/hidden_service
sshtun/oilykey

25
compose.yaml
View File

@@ -31,7 +31,7 @@ services:
#tty: true
restart: always
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
container_name: backend
environment:
- MYSQL_USER=flasku
@@ -96,12 +96,12 @@ services:
proxy:
build: proxy
restart: always
volumes:
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
#volumes:
# - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
# - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
ports:
- 80:80
- 443:443
- "80:80"
- "443:443"
depends_on:
- backend
networks:
@@ -135,6 +135,19 @@ services:
networks:
- backnet
sshtun:
build:
context: sshtun
dockerfile: Dockerfile
restart: always
ports:
- "22222:22"
expose:
- "11111"
- "11112"
networks:
- frontnet
volumes:
db-data:
pmb-root:

54
proxy/conf
View File

@@ -1,52 +1,12 @@
#server {
# listen 80;
# server_name localhost;
# location / {
# proxy_pass http://backend:8000;
# }
# always redirect to https
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name oily.dad www.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
listen 80;
server_name localhost;
location / {
proxy_pass http://backend:8000/;
proxy_pass http://backend:8000;
}
}
server {
listen 443 ssl http2;
# use the certificates
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
server_name gut.oily.dad;
root /var/www/html;
index index.php index.html index.htm;
location / {
client_max_body_size 512M;
#proxy_pass http://localhost:3000;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea:3000/;
location /gutty{
proxy_pass http://gitea:3000;
}
}
}

18
sshtun/Dockerfile Normal file
View File

@@ -0,0 +1,18 @@
FROM debian:12-slim
RUN apt update && apt install -y openssh-server socat
RUN adduser --disabled-password --gecos "" finn
RUN mkdir /home/finn/.ssh
# only one pubkey -- wildcard to conceal filename
COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
RUN mkdir /var/run/sshd
RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
COPY ./entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

8
sshtun/entrypoint.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
# Container goal:
# autossh -N -R 11111:localhost:11434 -i sshtun/oilykey/<SOMEKEY> -p 22222 <SOMEURL>
# forwards rem_c_port:(operator_pc:op_pc_port) ...some args... rem_host_p rem_host_url
nohup socat TCP-LISTEN:11112,fork TCP:localhost:11111 &
/usr/sbin/sshd -D