ralsina/personal-servers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reorg

Browse Source
This commit is contained in:
Roberto Alsina
2024-06-26 11:11:00 -03:00
parent 1fec492119
commit d85d37d757
9 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
reverse_proxy/Dockerfile Normal file
View File

@ -0,0 +1,29 @@
FROM alpine:latest as builder
WORKDIR /app
COPY . ./
# This is where one could build the application code as well.
FROM alpine:latest as tailscale
WORKDIR /app
COPY . ./
ENV TSFILE=tailscale_1.56.1_amd64.tgz
RUN wget https://pkgs.tailscale.com/stable/${TSFILE} && tar xzf ${TSFILE} --strip-components=1
COPY . ./
# https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
FROM alpine:latest
RUN apk update && apk add --no-cache ca-certificates iptables ip6tables nginx
# Copy binary to production image
COPY --from=builder /app/start.sh /app/start.sh
COPY --from=tailscale /app/tailscaled /app/tailscaled
COPY --from=tailscale /app/tailscale /app/tailscale
RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale /usr/share/nginx/html
COPY nginx.conf /etc/nginx/http.d/nginx.conf
COPY custom_50x.html /usr/share/nginx/html/
# Run on container startup.
EXPOSE 8080
CMD ["/app/start.sh"]

9
reverse_proxy/LICENSE Normal file
View File

@ -0,0 +1,9 @@
MIT License
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

17
reverse_proxy/README.md Normal file
View File

@ -0,0 +1,17 @@
# Reverse Proxy setup
How I put my very own personal servers online, for free.
This sets up a reverse proxy using nginx on a VM in fly.io using
tailscale to access the internal servers.
Details at [the blog post](http://ralsina.me/weblog/posts/the-cheapest-server.html)
When adding a new hostname, remember to create a cert for it using
`flyctl certs create hostname`
Every 90 days the tailscale auth key will expire and you need to set a new one as
a secret.
* Create the new one at https://login.tailscale.com/admin/settings/keys (MAKE IT REUSABLE)
* Configure it using flyctl secrets set TAILSCALE_AUTHKEY={{PASTEKEYHERE}}

4
reverse_proxy/custom_50x.html Normal file
View File

@ -0,0 +1,4 @@
<center>
<marquee>We seem to be having some technical difficulties. Hang tight.</marquee>
<img src="https://64.media.tumblr.com/835be7a6a0f8bd9422190520597061dc/tumblr_nqaedpjO5Z1tszwcio1_540.jpg" style"width:100%;">
</center>

39
reverse_proxy/fly.toml Normal file
View File

@ -0,0 +1,39 @@
# fly.toml app configuration file generated for white-wave-7409 on 2023-05-16T12:52:57-03:00
#
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
#
app = "white-wave-7409"
primary_region = "mia"
kill_signal = "SIGINT"
kill_timeout = "5s"
[experimental]
auto_rollback = true
[deploy]
strategy = "rolling"
[[services]]
protocol = "tcp"
internal_port = 8080
min_machines_running = 0
[[services.ports]]
port = 80
handlers = ["http"]
force_https = true
[[services.ports]]
port = 443
handlers = ["tls", "http"]
[services.concurrency]
type = "connections"
hard_limit = 25
soft_limit = 20
[[services.tcp_checks]]
interval = "15s"
timeout = "2s"
grace_period = "1s"
restart_limit = 0

179
reverse_proxy/nginx.conf Normal file
View File

@ -0,0 +1,179 @@
server {
listen 8080;
listen [::]:8080;
server_name home.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:8080;
proxy_set_header X-Forwarded-Host $http_host;
}
error_page 500 502 503 504 /custom_50x.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
server {
listen 8080;
listen [::]:8080;
server_name links.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:8086;
proxy_set_header X-Forwarded-Host $http_host;
}
error_page 500 502 503 504 /custom_50x.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
server {
listen 8080;
listen [::]:8080;
server_name git.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:3000;
proxy_set_header X-Forwarded-Host $http_host;
}
error_page 403 404 500 502 503 504 /custom_50x.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
server {
listen 8080;
listen [::]:8080;
server_name gotify.ralsina.me;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:7777;
proxy_set_header X-Forwarded-Host $http_host;
}
location /stream {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:7777;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
error_page 403 404 500 502 503 504 /custom_50x.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
server {
listen 8080;
listen [::]:8080;
server_name faas.ralsina.me;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:8082;
proxy_set_header X-Forwarded-Host $http_host;
}
error_page 403 404 500 502 503 504 /custom_50x.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
server {
listen 8080;
listen [::]:8080;
server_name hass.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:8123;
proxy_set_header X-Forwarded-Host $http_host;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 8080;
listen [::]:8080;
server_name social.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:3003;
proxy_set_header X-Forwarded-Host $http_host;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 8080;
listen [::]:8080;
server_name snips.ralsina.me;
location / {
proxy_pass http://pinky.ralsina.github.beta.tailscale.net:8091 ;
proxy_set_header X-Forwarded-Host $http_host;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 8080;
listen [::]:8080;
server_name covers.ralsina.me;
return 301 https://ralsina.me/stories/covers/;
}
server {
listen 8080;
listen [::]:8080;
server_name nombres.ralsina.me;
return 301 https://ralsina.me/stories/nombres/;
}

5
reverse_proxy/start.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
/app/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
/app/tailscale up --authkey=${TAILSCALE_AUTHKEY} --hostname=reverseproxy
/usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'