adminguy
/
IT_Articles
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Articles I've written for customers on IT issues.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
34 MiB
Tree: 16a67305c2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '16a67305c2'
${ noResults }
IT_Articles/2019/AutoSSH_and_Reverse_Proxy_A.../docs/3.tex

118 lines
4.3 KiB
Raw Normal View History

ugjgjsdjkl;fsjks
3 years ago
 
  1. \documentclass[11pt]{article}
  2. %Gummi|065|=)

  3. \title{\textbf{AutoSSH - a Reverse Proxy Alternative}}
  4. \usepackage{xcolor}
  5. \usepackage[vcentering,dvips]{geometry}
  6. \geometry{papersize={6in,9in},total={4.5in,6.8in}}
  7. \usepackage{graphicx}
  8. \usepackage{caption  }
  9. \author{Steak Electronics}
  10. \date{06/4/19}
  11. \begin{document}
  12. 

  13. %\maketitle

  14. \textbf{AutoSSH - a Reverse Proxy Alternative}
  15. 

  16. \vspace{0.2in}
  17. This document is best read printed out on paper.
  18. %\textbf{Todo}

  19. \textcolor{green!60!blue!70}{
  20. \section{Overview}}
  21. I recently added another apache server to an existing infrastructure, and I wanted it to be accessible under a similar IP as another server. Due to the complexity of the website, it was not possible to simply do a reverse proxy without knowing the correct settings (e.g. X-Forwarded for). Instead, AutoSSH was used.
  22. 

  23. \textcolor{green!60!blue!70}{
  24. \section{Work Log}}
  25. Ok, I'm going to get right to the configs that I used. You want the tool, you don't need to know all the details.
  26. 

  27. \textcolor{green!60!blue!70}{
  28. \subsection{Crontab}}
  29. Here is the crontab script I used. I put this in /etc/crontab, so it has root after the times. I only use /etc/crontab, as it's easier to manage.
  30. \begin{verbatim}
  31. * * * * * root  pgrep autossh > /dev/null || \
  32.  /usr/local/bin/autosshzm/autosshzm.sh
  33. \end{verbatim}
  34. A few notes about this. Pgrep will search for autossh. If it doesn't find it, then it will try the next command. (|| is an OR). Put the bash script wherever you want.
  35. 

  36. \textcolor{green!60!blue!70}{
  37. \subsection{Bash Script}}
  38. 

  39. This script is obviously what the crontab calls.
  40. \begin{verbatim}
  41. #!/bin/bash
  42. logger " /usr/local/bin/autosshzm script started."
  43. #source $HOME/.bash_profile #not needed.

  44. source $HOME/.keychain/$HOSTNAME-sh
  45. logger " /usr/local/bin/autosshzm sourced."
  46. 

  47. autossh   -L 0.0.0.0:2:localhost:80 -f user@ipaddress sleep 31536000
  48.  &> /var/log/autosshzm/autosshzm.log
  49. #autossh  -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3"
  50.  -L 0.0.0.0:2:localhost:80 user@ipaddress &>
  51.  /var/log/autosshzm/autosshzm.log
  52. logger "auto ssh ran"
  53. \end{verbatim}
  54. Note that the second autossh does not work, as it's missing the sleep and the -f command. \footnote{Figuring this kind of stuff out can take about an hour.} In order for this to work, you'll also need the following commands:
  55. 

  56. \begin{verbatim}
  57. apt-get install keychain autossh
  58. \end{verbatim}
  59. There were some more setup steps required for keychain...
  60. From stackexchange:
  61. \begin{verbatim}
  62. 25
  63. keychain
  64. solves this in a painless way. It's in the repos for Debian/Ubuntu:
  65. 

  66. sudo apt-get install keychain
  67. 

  68. and perhaps for many other distros (it looks like it originated 
  69. from Gentoo).
  70. 

  71. This program will start an ssh-agent if none is running, and
  72.  provide shell scripts that can be sourced and connect the current
  73.  shell to this particular ssh-agent.
  74. 

  75. For bash, with a private key named id_rsa, add the following to
  76.  your .profile:
  77. 

  78. keychain --nogui id_rsa
  79. 

  80. This will start an ssh-agent and add the id_rsa key on the first
  81.  login after reboot. If the key is passphrase-protected, it will
  82.  also ask for the passphrase. No need to use unprotected keys
  83.  anymore! For subsequent logins, it will recognize the agent
  84.  and not ask for a passphrase again.
  85. 

  86. Also, add the following as a last line of your .bashrc:
  87. 

  88. . ~/.keychain/$HOSTNAME-sh

  89. 

  90. This will let the shell know where to reach the SSH agent managed
  91.  by keychain. Make sure that .bashrc is sourced from .profile.
  92. 

  93. However, it seems that cron jobs still don't see this. As a
  94.  remedy, include the line above in the crontab, just before
  95.  your actual command:
  96. 

  97. * * * * * . ~/.keychain/$HOSTNAME-sh; your-actual-command

  98. 

  99. 

  100. \end{verbatim}
  101. The only thing that I needed to do here was
  102. 

  103. keychain --nogui id\_rsa
  104. 

  105. The rest of it (notes about crontab) was not required.
  106. 

  107. \textcolor{green!60!blue!70}{
  108. \section{What Did NOT Work}}
  109. Here's some things I tried that did not work.
  110. \begin{itemize}
  111. \item https://github.com/obfusk/autossh-init - This init script, didn't do much for me. Remember, I'm stuck with systemd in Ubuntu 19.04...\footnote{The scourge of deleting software history. Keep backwards compatibility at ALL COSTS, developers.}
  112. \item Reverse proxy with Apache - As I said, my website \footnote{Some people might call it a web application. I will not.} was too complex, and I didn't want to go down that rabbit hole.
  113. \item Starting AutoSSH in rc.local. Didn't work.
  114.   
  115. \end{itemize}
  116. 

  117. 

  118. \end{document}