Switch to http over ssh -R

This commit is contained in:
Neale Pickett 2022-11-10 21:22:15 -07:00
parent 1b7c4ed06c
commit 49b77b0479
5 changed files with 58 additions and 6 deletions

View File

@ -9,11 +9,11 @@
}
}
git.woozle.org {
http://git.woozle.org {
reverse_proxy gitea:3000
}
drive.woozle.org {
http://drive.woozle.org {
import restricted-access
# XXX: browsing says method not allowed
@ -31,7 +31,7 @@ drive.woozle.org {
}
# XXX: have this use caddy auth
ancestry.woozle.org {
http://ancestry.woozle.org {
reverse_proxy geneweb:2317
}
@ -40,7 +40,7 @@ ancestry.woozle.org {
## handle_path truncates path
##
deergrove.woozle.org, sweetums.woozle.org {
http://deergrove.woozle.org, http://sweetums.lan {
handle /transmission/* {
import restricted-access
reverse_proxy host.docker.internal:9091

View File

@ -3,3 +3,15 @@
This is the stuff I run on my little Raspberry Pi.
I guess I fiddle around with it pretty frequently.
## Routing
My ISP uses Carrier-Grade NAT,
which I would have called IP Masquerading.
This means I can't bind ports on a routeable IP.
So instead what I do is run this SSH connection off to my cloud server,
listens for incoming connections on port 5800,
and then have my cloud server proxy stuff to port 5800.
It's a gross kludge but it works well :)

View File

@ -1,5 +1,25 @@
version: "3.8"
services:
tunnel:
image: lscr.io/linuxserver/openssh-server
user: abc
entrypoint:
- /usr/bin/ssh
- -N
- -R :5800:caddy:80
- core@melville.woozle.org
secrets:
- source: tunnel
target: /config/.ssh/id_rsa
uid: "911"
gid: "911"
mode: 0600
- source: known_hosts
target: /config/.ssh/known_hosts
uid: "911"
gid: "911"
mode: 0600
caddy:
image: caddy:2-alpine
ports:
@ -225,7 +245,7 @@ configs:
name: dave.yaml-v3
Caddyfile:
file: Caddyfile
name: Caddyfile-v67
name: Caddyfile-v69
index.html:
file: www/index.html
name: index.html-v32
@ -243,6 +263,12 @@ secrets:
simpleauth.key:
file: secrets/simpleauth.key
name: simpleauth.key-v1
tunnel:
file: secrets/tunnel
name: tunnel-v1
known_hosts:
file: secrets/known_hosts
name: known_hosts-v1
networks:
hostnet:

View File

@ -2,10 +2,21 @@
email neale@woozle.org
}
(restricted-access) {
forward_auth simpleauth:8080 {
uri /
copy_headers X-Simpleauth-Token
}
}
vail.woozle.org {
reverse_proxy vail:8080
}
deergrove.woozle.org, git.woozle.org, ancestry.woozle.org, drive.woozle.org {
reverse_proxy host.docker.internal:5800
}
www.woozle.org, woozle.org {
root * /srv/www/woozle.org
file_server
@ -19,3 +30,4 @@ www.woozle.org, woozle.org {
}
}

View File

@ -17,6 +17,8 @@ services:
source: /srv/www
target: /srv/www
read_only: true
extra_hosts:
- host.docker.internal:host-gateway
configs:
- source: Caddyfile
target: /etc/caddy/Caddyfile
@ -27,4 +29,4 @@ services:
configs:
Caddyfile:
file: Caddyfile
name: Caddyfile-v5
name: Caddyfile-v6