Add source code
This commit is contained in:
parent
bc5464c833
commit
b1c9f31d5a
40
collabore-tunnel.service
Normal file
40
collabore-tunnel.service
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
[Unit]
|
||||
Description=collabore tunnel Make your local services accessible to all on the public Internet
|
||||
After=network.target nginx.service
|
||||
|
||||
[Service]
|
||||
Environment=UNIX_SOCKETS_DIRECTORY=/tmp/collabore-tunnel
|
||||
Environment=SERVER_HOSTNAME=tnl.clb.re
|
||||
Environment=CONFIG_DIRECTORY=.
|
||||
Environment=SSH_SERVER_HOST=0.0.0.0
|
||||
Environment=SSH_SERVER_PORT=22
|
||||
Environment=LOG_DEPTH=2
|
||||
WorkingDirectory=/opt/collabore-tunnel
|
||||
ExecStart=/usr/bin/python3 main.py
|
||||
ExecStop=/bin/kill -9 $MAINPID
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=/opt/collabore-tunnel /tmp
|
||||
ReadOnlyPaths=/usr/bin
|
||||
InaccessiblePaths=...
|
||||
ProtectHome=true
|
||||
ProtectProc=invisible
|
||||
ProtectKernelTunables=true
|
||||
ProtectControlGroups=true
|
||||
NoNewPrivileges=true
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
RestrictNamespaces=uts ipc pid cgroup
|
||||
RestrictSUIDSGID=true
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||
RestrictRealtime=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
LockPersonality=yes
|
||||
IPAddressAllow=192.168.1.0/24
|
||||
PrivateDevices=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectClock=true
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
2
requirements.txt
Normal file
2
requirements.txt
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
asyncssh==2.12.0
|
||||
loguru==0.6.0
|
||||
15
ssh.tunnel.collabore.fr
Normal file
15
ssh.tunnel.collabore.fr
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
server_name ssh.tunnel.collabore.fr;
|
||||
listen 80;
|
||||
|
||||
#listen 443 ssl;
|
||||
|
||||
#ssl_certificate /etc/nginx/ssl/certs/ssh.tunnel.collabore.fr.pem;
|
||||
#ssl_certificate_key /etc/nginx/ssl/certs/ssh.tunnel.collabore.fr.key;
|
||||
|
||||
location / {
|
||||
return 302 https://tunnel.collabore.fr/;
|
||||
}
|
||||
|
||||
server_tokens off;
|
||||
}
|
||||
48
tnl.clb.re
Normal file
48
tnl.clb.re
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name ~^(?<app_name>.+)\.tnl.clb.re$;
|
||||
listen 80;
|
||||
|
||||
#listen 443 ssl;
|
||||
|
||||
#ssl_certificate /etc/nginx/ssl/certs/tnl.clb.re.pem;
|
||||
#ssl_certificate_key /etc/nginx/ssl/certs/tnl.clb.re.key;
|
||||
|
||||
error_page 502 /notunnel.txt;
|
||||
location = /notunnel.txt {
|
||||
return 200 "No tunnel available.";
|
||||
internal;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_read_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://unix:/tmp/collabore-tunnel/${app_name}.sock;
|
||||
}
|
||||
|
||||
server_tokens off;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name tnl.clb.re
|
||||
listen 80;
|
||||
|
||||
#listen 443 ssl;
|
||||
|
||||
#ssl_certificate /etc/nginx/ssl/certs/tnl.clb.re.pem;
|
||||
#ssl_certificate_key /etc/nginx/ssl/certs/tnl.clb.re.key;
|
||||
|
||||
location / {
|
||||
return 302 https://tunnel.collabore.fr/;
|
||||
}
|
||||
|
||||
server_tokens off;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user