neale/stacks
neale
/
stacks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Switch to http over ssh -R

This commit is contained in:
Neale Pickett 2022-11-10 21:22:15 -07:00
parent 1b7c4ed06c
commit 49b77b0479
5 changed files with 58 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
homelab/Caddyfile
View File

@ -9,11 +9,11 @@
} }
} }
git.woozle.org { http://git.woozle.org {
reverse_proxy gitea:3000 reverse_proxy gitea:3000
} }
drive.woozle.org { http://drive.woozle.org {
import restricted-access import restricted-access
# XXX: browsing says method not allowed # XXX: browsing says method not allowed
@ -31,7 +31,7 @@ drive.woozle.org {
} }
# XXX: have this use caddy auth # XXX: have this use caddy auth
ancestry.woozle.org { http://ancestry.woozle.org {
reverse_proxy geneweb:2317 reverse_proxy geneweb:2317
} }
@ -40,7 +40,7 @@ ancestry.woozle.org {
## handle_path truncates path ## handle_path truncates path
## ##
deergrove.woozle.org, sweetums.woozle.org { http://deergrove.woozle.org, http://sweetums.lan {
handle /transmission/* { handle /transmission/* {
import restricted-access import restricted-access
reverse_proxy host.docker.internal:9091 reverse_proxy host.docker.internal:9091

12
homelab/README.md
View File

@ -3,3 +3,15 @@
This is the stuff I run on my little Raspberry Pi. This is the stuff I run on my little Raspberry Pi.
I guess I fiddle around with it pretty frequently. I guess I fiddle around with it pretty frequently.
## Routing
My ISP uses Carrier-Grade NAT,
which I would have called IP Masquerading.
This means I can't bind ports on a routeable IP.
So instead what I do is run this SSH connection off to my cloud server,
listens for incoming connections on port 5800,
and then have my cloud server proxy stuff to port 5800.
It's a gross kludge but it works well :)

28
homelab/docker-compose.yaml
View File

@ -1,5 +1,25 @@
version: "3.8" version: "3.8"
services: services:
tunnel:
image: lscr.io/linuxserver/openssh-server
user: abc
entrypoint:
- /usr/bin/ssh
- -N
- -R :5800:caddy:80
- core@melville.woozle.org
secrets:
- source: tunnel
target: /config/.ssh/id_rsa
uid: "911"
gid: "911"
mode: 0600
- source: known_hosts
target: /config/.ssh/known_hosts
uid: "911"
gid: "911"
mode: 0600
caddy: caddy:
image: caddy:2-alpine image: caddy:2-alpine
ports: ports:
@ -225,7 +245,7 @@ configs:
name: dave.yaml-v3 name: dave.yaml-v3
Caddyfile: Caddyfile:
file: Caddyfile file: Caddyfile
name: Caddyfile-v67 name: Caddyfile-v69
index.html: index.html:
file: www/index.html file: www/index.html
name: index.html-v32 name: index.html-v32
@ -243,6 +263,12 @@ secrets:
simpleauth.key: simpleauth.key:
file: secrets/simpleauth.key file: secrets/simpleauth.key
name: simpleauth.key-v1 name: simpleauth.key-v1
tunnel:
file: secrets/tunnel
name: tunnel-v1
known_hosts:
file: secrets/known_hosts
name: known_hosts-v1
networks: networks:
hostnet: hostnet:

12
melville/Caddyfile
View File

@ -2,10 +2,21 @@
email neale@woozle.org email neale@woozle.org
} }
(restricted-access) {
forward_auth simpleauth:8080 {
uri /
copy_headers X-Simpleauth-Token
}
}
vail.woozle.org { vail.woozle.org {
reverse_proxy vail:8080 reverse_proxy vail:8080
} }
deergrove.woozle.org, git.woozle.org, ancestry.woozle.org, drive.woozle.org {
reverse_proxy host.docker.internal:5800
}
www.woozle.org, woozle.org { www.woozle.org, woozle.org {
root * /srv/www/woozle.org root * /srv/www/woozle.org
file_server file_server
@ -19,3 +30,4 @@ www.woozle.org, woozle.org {
} }
} }

4
melville/docker-compose.yaml
View File

@ -17,6 +17,8 @@ services:
source: /srv/www source: /srv/www
target: /srv/www target: /srv/www
read_only: true read_only: true
extra_hosts:
- host.docker.internal:host-gateway
configs: configs:
- source: Caddyfile - source: Caddyfile
target: /etc/caddy/Caddyfile target: /etc/caddy/Caddyfile
@ -27,4 +29,4 @@ services:
configs: configs:
Caddyfile: Caddyfile:
file: Caddyfile file: Caddyfile
name: Caddyfile-v5 name: Caddyfile-v6