From f5430a975e2e622dd643755f72d07e1207e941b1 Mon Sep 17 00:00:00 2001 From: Guillem Borrell Nogueras Date: Wed, 3 Aug 2022 09:16:02 +0200 Subject: [PATCH] Update 'The Lab' --- The-Lab.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/The-Lab.md b/The-Lab.md index 933ae06..96aeb39 100644 --- a/The-Lab.md +++ b/The-Lab.md @@ -11,3 +11,77 @@ How I'm building my personal lab. │ │ │ │ └───────────────────────────┘ └──────────────────────────┘ ``` + +* Caddy for auto HTTPS +* Rathole for NAT traversal +* Docker and docker compose to run all services + + +## Configuration +### Rathole +This is the server configuration + +``` +[server] +bind_addr = "0.0.0.0:7000" + +[server.services.ssh] +token = "REDACTED" +bind_addr = "0.0.0.0:3389" + +[server.services.web] +token = "REDACTED" +bind_addr = "127.0.0.1:7001" + +[server.services.git] +token = "REDACTED" +bind_addr = "127.0.0.1:3000" + +[server.services.gitssh] +token = "REDACTED" +bind_addr = "0.0.0.0:222" +``` + +And this is the client configuration + +``` +[client] +remote_addr = "lab.guillemborrell.es:7000" + +[client.services.ssh] +token = "!6Jutges16" +local_addr = "127.0.0.1:22" + +[client.services.web] +token = "!6Jutges16" +local_addr = "127.0.0.1:8000" + +[client.services.git] +token = "!6Jutges16" +local_addr = "127.0.0.1:3000" + +[client.services.gitssh] +token = "!6Jutges16" +local_addr = "127.0.0.1:222" +``` + +### Caddy + +``` +lab.guillemborrell.es { + reverse_proxy localhost:7001 +} + +git.guillemborrell.es { + reverse_proxy localhost:3000 +} +``` +You probably get how to add an additional service with auto-http + +## FAQ + +### How small the small and cheap VM? +It can be the smallest instance. Half a virtual core and less than a GB of RAM will do. Caddy and Rathole are very efficient, and within normal operation, the VM has a CPU load of less than 1% + +### Why Caddy on the cloud VM? +Certificate authorities require that the service that requests the cert runs in an IP related to a `A` or `AAAA` entry in an accessible DNS service. This is the way you prove that you "own" the service \ No newline at end of file