initial working ssh entry #4

Merged
finn merged 3 commits from ssh_in into master 2024-08-10 02:18:07 +00:00
6 changed files with 75 additions and 9 deletions

7
.gitignore vendored
View File

@ -1,7 +1,8 @@
gitea/ gitea
.env .env
pmb-pf/ pmb-pf
venv venv
zapp.db zapp.db
db/bu db/bu
tor/hidden_service/ tor/hidden_service
sshtun/oilykey

View File

@ -100,8 +100,8 @@ services:
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
ports: ports:
- 80:80 - "80:80"
- 443:443 - "443:443"
depends_on: depends_on:
- backend - backend
networks: networks:
@ -135,6 +135,19 @@ services:
networks: networks:
- backnet - backnet
sshtun:
build:
context: sshtun
dockerfile: Dockerfile
restart: always
ports:
- "22222:22"
expose:
- "11111"
- "11112"
networks:
- frontnet
volumes: volumes:
db-data: db-data:
pmb-root: pmb-root:

View File

@ -100,8 +100,8 @@ services:
# - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro # - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
# - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro # - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
ports: ports:
- 80:80 - "80:80"
- 443:443 - "443:443"
depends_on: depends_on:
- backend - backend
networks: networks:
@ -135,6 +135,19 @@ services:
networks: networks:
- backnet - backnet
sshtun:
build:
context: sshtun
dockerfile: Dockerfile
restart: always
ports:
- "22222:22"
expose:
- "11111"
- "11112"
networks:
- frontnet
volumes: volumes:
db-data: db-data:
pmb-root: pmb-root:

View File

@ -100,8 +100,8 @@ services:
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
ports: ports:
- 80:80 - "80:80"
- 443:443 - "443:443"
depends_on: depends_on:
- backend - backend
networks: networks:
@ -135,6 +135,19 @@ services:
networks: networks:
- backnet - backnet
sshtun:
build:
context: sshtun
dockerfile: Dockerfile
restart: always
ports:
- "22222:22"
expose:
- "11111"
- "11112"
networks:
- frontnet
volumes: volumes:
db-data: db-data:
pmb-root: pmb-root:

18
sshtun/Dockerfile Normal file
View File

@ -0,0 +1,18 @@
FROM debian:12-slim
RUN apt update && apt install -y openssh-server socat
RUN adduser --disabled-password --gecos "" finn
RUN mkdir /home/finn/.ssh
# only one pubkey -- wildcard to conceal filename
COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
RUN mkdir /var/run/sshd
RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
COPY ./entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

8
sshtun/entrypoint.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# Container goal:
# autossh -N -R 11111:localhost:11434 -i sshtun/oilykey/<SOMEKEY> -p 22222 <SOMEURL>
# forwards rem_c_port:(operator_pc:op_pc_port) ...some args... rem_host_p rem_host_url
nohup socat TCP-LISTEN:11112,fork TCP:localhost:11111 &
/usr/sbin/sshd -D