From 8d3710d0cb8a72325190cb7d20448300bc486851 Mon Sep 17 00:00:00 2001 From: Alexey Skobkin Date: Thu, 25 Jul 2024 21:11:09 +0300 Subject: [PATCH] sish. stack draft. --- README.md | 1 + sish/.env.dist | 16 ++++++++++++++++ sish/docker-compose.yml | 28 ++++++++++++++++++++++++++++ sish/nginx/sish.conf | 36 ++++++++++++++++++++++++++++++++++++ sish/pubkeys/.gitkeep | 0 5 files changed, 81 insertions(+) create mode 100644 sish/.env.dist create mode 100644 sish/docker-compose.yml create mode 100644 sish/nginx/sish.conf create mode 100644 sish/pubkeys/.gitkeep diff --git a/README.md b/README.md index acad4de..ea8c9b1 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ Not every stack is tested to fully work. | Radarr | ✅ | `linuxserver/radarr` | Movie downloader and manager. | [Website](https://radarr.video), [Github](https://github.com/Radarr/Radarr), [Wiki](https://wiki.servarr.com/radarr) | | Redis | ✅ | `redis` | Redis storage server. | [Website](https://redis.io), [Github](https://github.com/redis/redis-io) | | Shadowsocks Client | ✅ | `ghcr.io/shadowsocks/sslocal-rust:latest` | Shadowsocks client (and SOCKS/HTTP/tunnel server). | [Website](https://shadowsocks.org), [Github](https://github.com/shadowsocks/shadowsocks-rust), [Configuration](https://github.com/shadowsocks/shadowsocks-rust#getting-started) | +| Sish | ✅ | `antoniomika/sish` | Localhost tunneling solution over SSH | [Docs](https://docs.ssi.sh/getting-started), [Github](https://github.com/antoniomika/sish) | | Shinobi | ✅ | `shinobisystems/shinobi` | Shinobi surveillance system | [Website](https://shinobi.video), [Github](https://github.com/ShinobiCCTV/Shinobi) | | Sonarr | ✅ | `linuxserver/sonarr` | TV Shows, series and anime downloader and manager. | [Website](https://sonarr.tv), [Github](https://github.com/Sonarr/Sonarr), [Wiki](https://wiki.servarr.com/sonarr) | | Speedtest | ✅ | `adolfintel/speedtest` | Libre speed test implementation. | [Website](https://librespeed.org), [Github](https://github.com/librespeed/speedtest) | diff --git a/sish/.env.dist b/sish/.env.dist new file mode 100644 index 0000000..e4651ed --- /dev/null +++ b/sish/.env.dist @@ -0,0 +1,16 @@ +# see https://hub.docker.com/r/antoniomika/sish +IMAGE_VERSION=latest + +HTTP_BIND_ADDR=127.0.0.1 +HTTP_BIND_PORT=8395 + +SSH_BIND_ADDR=0.0.0.0 +SSH_BIND_PORT=2222 + +PUBKEYS_PATH=./pubkeys + +BASE_DOMAIN=si.sh + +# Service settings +LOG_MAX_SIZE=5m +LOG_MAX_FILE=5 diff --git a/sish/docker-compose.yml b/sish/docker-compose.yml new file mode 100644 index 0000000..0da601e --- /dev/null +++ b/sish/docker-compose.yml @@ -0,0 +1,28 @@ +# https://hub.docker.com/r/antoniomika/sish + +services: + sish: + image: 'antoniomika/sish:${IMAGE_VERSION:-latest}' + container_name: sish + depends_on: + volumes: + - '${PUBKEYS_PATH:-./pubkeys}:/pubkeys' + # see https://docs.ssi.sh/getting-started#docker + command: | + --ssh-address=${SSH_BIND_ADDR:-0.0.0.0}:${SSH_BIND_PORT:-2222} + --http-address=:${HTTP_BIND_PORT:-8395} + --authentication=true + --authentication-keys-directory=/pubkeys + --bind-random-ports=false + --bind-random-subdomains=false + --domain=${BASE_DOMAIN:-si.sh} + #network_mode: host + ports: + - '${SSH_BIND_ADDR:-0.0.0.0}:${SSH_BIND_PORT:-2222}:${SSH_BIND_PORT:-2222}' + - '${HTTP_BIND_ADDR:-127.0.0.1}:${HTTP_BIND_PORT:-8395}:${HTTP_BIND_PORT:-8395}' + restart: unless-stopped + logging: + driver: "json-file" + options: + max-size: "${LOG_MAX_SIZE:-5m}" + max-file: "${LOG_MAX_FILE:-5}" diff --git a/sish/nginx/sish.conf b/sish/nginx/sish.conf new file mode 100644 index 0000000..f82c383 --- /dev/null +++ b/sish/nginx/sish.conf @@ -0,0 +1,36 @@ +upstream sish { + server 127.0.0.1:8395; +} + +server { + server_name *.sish.domain.tld; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port $server_port; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + proxy_read_timeout 60s; + proxy_send_timeout 60s; + + client_max_body_size 512M; + + proxy_pass http://sish; + } + + #listen [::]:443 ssl http2 ipv6only=on; + listen 443 ssl http2; + + include /etc/nginx/ssl/sish.domain.tld.conf; + + error_log /var/log/nginx/sish.domain.tld_error.log; + access_log /var/log/nginx/sish.domain.tld.in_access.log; +} diff --git a/sish/pubkeys/.gitkeep b/sish/pubkeys/.gitkeep new file mode 100644 index 0000000..e69de29