90 lines
2.1 KiB
Markdown
90 lines
2.1 KiB
Markdown
## Webserver
|
|
|
|
Webserver is published to the web trough ssh remote forward. In /etc/ssh/sshd_config set `GatewayPorts yes`.
|
|
|
|
Then start `autossh` to maintain the connection:
|
|
|
|
```bash
|
|
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 8127:localhost:8888 here.rubenvandeven.com
|
|
```
|
|
|
|
|
|
To resolve the country the (imprecise) GeoLite2 Free Country dataset is used. Download it [from MaxMind](https://dev.maxmind.com/geoip/geoip2/geolite2/) and store it in the project root folder.
|
|
|
|
|
|
|
|
## Scanning
|
|
|
|
For scanning run visudo and add to the sudoers file:
|
|
|
|
```
|
|
mt ALL=(ALL) NOPASSWD: /usr/bin/scanimage
|
|
```
|
|
|
|
|
|
# Installation
|
|
|
|
Software dependencies:
|
|
|
|
- python3
|
|
- pipenv
|
|
- usbrelay
|
|
- autossh
|
|
|
|
Python deps:
|
|
|
|
```bash
|
|
pipenv install
|
|
```
|
|
|
|
## Usbrelay
|
|
|
|
When installing usbrelay
|
|
|
|
```
|
|
apt install usbrelay
|
|
```
|
|
|
|
And set udev rules to access the device by anyone, according to usbrelay docs:
|
|
|
|
```
|
|
SUBSYSTEM=="usb", ATTR{idVendor}=="16c0",ATTR{idProduct}=="05df", MODE="0666"
|
|
KERNEL=="hidraw*", ATTRS{busnum}=="1", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", MODE="0666"
|
|
```
|
|
|
|
into `/etc/udev/rules.d/50-dct-tech-usb-relay-2.rules` and then reload rules:
|
|
|
|
```bash
|
|
sudo udevadm control --reload-rules && sudo udevadm trigger
|
|
```
|
|
|
|
|
|
|
|
## Apache on here.rubenvandeven.com
|
|
|
|
Unfortunately an SSH remote port-forward does change the ip of the requester into ::1/127.0.0.1. One solution would be to run a proxy on the server itself, which forwards a port to our server port, while adding a X-Forwarded-For header.
|
|
|
|
Example of apache host setup to forward remote port 8888 to local port 8127, to which we connect our (auto)ssh remote tunnel (see above).
|
|
|
|
```
|
|
Listen 8888
|
|
|
|
<VirtualHost *:8888>
|
|
Servername here.rubenvandeven.com
|
|
|
|
RewriteEngine On
|
|
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
RewriteRule /(.*) ws://localhost:8127/$1 [P,L]
|
|
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
|
|
RewriteRule /(.*) http://localhost:8127/$1 [P,L]
|
|
|
|
ProxyPass / http://localhost:8127/
|
|
ProxyPassReverse / http://localhost:8127/
|
|
ProxyPreserveHost On
|
|
</VirtualHost>
|
|
|
|
```
|
|
|
|
requires `a2enmod rewrite proxy proxy_http proxy_wstunnel`
|
|
|
|
|