guest_worker/README.md
2019-11-01 17:02:38 +01:00

2.1 KiB

Webserver

Webserver is published to the web trough ssh remote forward. In /etc/ssh/sshd_config set GatewayPorts yes.

Then start autossh to maintain the connection:

autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 8127:localhost:8888 here.rubenvandeven.com

To resolve the country the (imprecise) GeoLite2 Free Country dataset is used. Download it from MaxMind and store it in the project root folder.

Scanning

For scanning run visudo and add to the sudoers file:

mt	ALL=(ALL) NOPASSWD: /usr/bin/scanimage

Installation

Software dependencies:

  • python3
  • pipenv
  • usbrelay
  • autossh

Python deps:

pipenv install

Usbrelay

When installing usbrelay

apt install usbrelay

And set udev rules to access the device by anyone, according to usbrelay docs:

SUBSYSTEM=="usb", ATTR{idVendor}=="16c0",ATTR{idProduct}=="05df", MODE="0666"
KERNEL=="hidraw*", ATTRS{busnum}=="1", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", MODE="0666"

into /etc/udev/rules.d/50-dct-tech-usb-relay-2.rules and then reload rules:

sudo udevadm control --reload-rules && sudo udevadm trigger

Apache on here.rubenvandeven.com

Unfortunately an SSH remote port-forward does change the ip of the requester into ::1/127.0.0.1. One solution would be to run a proxy on the server itself, which forwards a port to our server port, while adding a X-Forwarded-For header.

Example of apache host setup to forward remote port 8888 to local port 8127, to which we connect our (auto)ssh remote tunnel (see above).

Listen 8888

<VirtualHost *:8888>
        Servername here.rubenvandeven.com

		RewriteEngine On
		RewriteCond %{HTTP:Upgrade} =websocket [NC]
		RewriteRule /(.*)           ws://localhost:8127/$1 [P,L]
		RewriteCond %{HTTP:Upgrade} !=websocket [NC]
		RewriteRule /(.*)         http://localhost:8127/$1 [P,L]

        ProxyPass / http://localhost:8127/
        ProxyPassReverse / http://localhost:8127/
        ProxyPreserveHost On
</VirtualHost>

requires a2enmod rewrite proxy proxy_http proxy_wstunnel