Update 'The Lab'

Guillem Borrell Nogueras 2022-08-03 09:16:02 +02:00
parent b046c64e01
commit f5430a975e

@ -11,3 +11,77 @@ How I'm building my personal lab.
│ │ │ │
└───────────────────────────┘ └──────────────────────────┘
```
* Caddy for auto HTTPS
* Rathole for NAT traversal
* Docker and docker compose to run all services
## Configuration
### Rathole
This is the server configuration
```
[server]
bind_addr = "0.0.0.0:7000"
[server.services.ssh]
token = "REDACTED"
bind_addr = "0.0.0.0:3389"
[server.services.web]
token = "REDACTED"
bind_addr = "127.0.0.1:7001"
[server.services.git]
token = "REDACTED"
bind_addr = "127.0.0.1:3000"
[server.services.gitssh]
token = "REDACTED"
bind_addr = "0.0.0.0:222"
```
And this is the client configuration
```
[client]
remote_addr = "lab.guillemborrell.es:7000"
[client.services.ssh]
token = "!6Jutges16"
local_addr = "127.0.0.1:22"
[client.services.web]
token = "!6Jutges16"
local_addr = "127.0.0.1:8000"
[client.services.git]
token = "!6Jutges16"
local_addr = "127.0.0.1:3000"
[client.services.gitssh]
token = "!6Jutges16"
local_addr = "127.0.0.1:222"
```
### Caddy
```
lab.guillemborrell.es {
reverse_proxy localhost:7001
}
git.guillemborrell.es {
reverse_proxy localhost:3000
}
```
You probably get how to add an additional service with auto-http
## FAQ
### How small the small and cheap VM?
It can be the smallest instance. Half a virtual core and less than a GB of RAM will do. Caddy and Rathole are very efficient, and within normal operation, the VM has a CPU load of less than 1%
### Why Caddy on the cloud VM?
Certificate authorities require that the service that requests the cert runs in an IP related to a `A` or `AAAA` entry in an accessible DNS service. This is the way you prove that you "own" the service