SatNOGS Monitor Proxy HOWTO sorta
parent
c809208d7b
commit
036153592a
|
@ -0,0 +1,116 @@
|
|||
# Just some notes for now... INCOMPLETE
|
||||
# See apache configs too
|
||||
|
||||
Buster install
|
||||
apt install apache2 python3-certbot-apache
|
||||
a2enmod proxy proxy_http ssl
|
||||
# open ports 80, 443 in firewall
|
||||
certbot
|
||||
|
||||
# add users for satnogs-clients
|
||||
adduser cruftpi1
|
||||
adduser cruftpi3
|
||||
|
||||
|
||||
#################################
|
||||
# On raspberry pi satnogs-client machine:
|
||||
#git clone https://github.com/yudai/gotty
|
||||
# Get binary release here XXX from 2017:
|
||||
# https://github.com/yudai/gotty/releases
|
||||
# wget https://github.com/yudai/gotty/releases/download/v2.0.0-alpha.3/gotty_2.0.0-alpha.3_linux_amd64.tar.gz
|
||||
# meh.
|
||||
#
|
||||
# Do this instead ?
|
||||
# on cruftpi1
|
||||
sudo apt install golang cargo cmake libglib2.0-dev
|
||||
# install lm-snsors? howto get temp on Pi?
|
||||
go get github.com/yudai/gotty
|
||||
|
||||
mkdir ~/devel
|
||||
cd ~/devel
|
||||
|
||||
git clone https://github.com/cubehub/libgpredict.git
|
||||
mkdir libgpredict/build
|
||||
cd libgpredict/build
|
||||
cmake ../ && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
|
||||
|
||||
# MEH, skip this, no need to build it, use package!
|
||||
######################################
|
||||
cd ~/devel
|
||||
git clone https://github.com/wose/satnogs-monitor
|
||||
cd satnogs-monitor/monitor
|
||||
mkdir ~/.config/satnogs-monitor
|
||||
cp examples/config.toml ~/.config/satnogs-monitor/
|
||||
edit ~/.config/satnogs-monitor/config.toml
|
||||
# Run it manually to make sure it is good to run.
|
||||
# The first time takes XXX forever to download and run
|
||||
#cargo run --release -- --orbits 3 --local 1152 --station 1152
|
||||
cargo run --release
|
||||
# If you want to refresh:
|
||||
cargo clean
|
||||
######################################
|
||||
|
||||
# see https://github.com/wose/satnogs-monitor/releases
|
||||
cd ~/devel
|
||||
wget https://github.com/wose/satnogs-monitor/releases/download/0.3.1/satnogs-monitor_0.3.1_armhf.deb
|
||||
sudo dpkg -i satnogs-monitor_0.3.1_armhf.deb
|
||||
# If any deps are now needed, this will fix:
|
||||
sudo apt -f install
|
||||
|
||||
# Test if it minimally works
|
||||
satnogs-monitor --station 1152
|
||||
# moar
|
||||
satnogs-monitor --spectrum --waterfall --orbits 3 --local 1152
|
||||
|
||||
# Make script:
|
||||
cat > ~/satnogs-monitor-run <<EOF
|
||||
#!/bin/bash
|
||||
satnogs-monitor --spectrum --waterfall --orbits 3 --local 1152
|
||||
EOF
|
||||
|
||||
chmod +x ~/satnogs-monitor-run
|
||||
|
||||
# now run it in gotty..
|
||||
~/go/bin/gotty ~/satnogs-monitor-run
|
||||
# woo
|
||||
~/go/bin/gotty --address 127.0.0.1 --port 9091 --width 0 --height 0 ~/satnogs-monitor-run
|
||||
|
||||
|
||||
# If that is all working, set up tunnel.
|
||||
# create key on cruftpi1
|
||||
ssh-keygen -t ed25519
|
||||
# This gets copied over to apache server location:
|
||||
# /home/cruftpi1/.ssh/authorized_keys
|
||||
cat .ssh/id_ed25519.pub
|
||||
|
||||
# Set up ssh config:
|
||||
vim .ssh/config
|
||||
# ala:
|
||||
Host spacecruft-monitor
|
||||
Hostname 185.165.171.165
|
||||
User cruftpi1
|
||||
Port 22
|
||||
|
||||
|
||||
# On apache server machine as root (crufty way to do this):
|
||||
sudo su -
|
||||
mkdir /home/cruftpi1/.ssh
|
||||
# copy over that key:
|
||||
echo "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA pi@cruftpi1" >> /home/cruftpi1/.ssh/authorized_keys
|
||||
chown -R cruftpi1:cruftpi1 /home/cruftpi1/.ssh/
|
||||
|
||||
# On cruftpi1
|
||||
# Run a ssh tunnel to server:
|
||||
ssh -N -C -R 9091:localhost:9091 spacecruft-monitor
|
||||
|
||||
# You can test in on spacecruft-monitor server:
|
||||
telnet localhost 9091
|
||||
GET /
|
||||
|
||||
# Configure apache proxy on spacecruft-monitor:
|
||||
a2enmod headers
|
||||
a2enmod proxy_wstunnel
|
||||
vim /etc/apache2/sites-enabled/000-default-le-ssl.conf
|
|
@ -0,0 +1,60 @@
|
|||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:443>
|
||||
# The ServerName directive sets the request scheme, hostname and port that
|
||||
# the server uses to identify itself. This is used when creating
|
||||
# redirection URLs. In the context of virtual hosts, the ServerName
|
||||
# specifies what hostname must appear in the request's Host: header to
|
||||
# match this virtual host. For the default virtual host (this file) this
|
||||
# value is not decisive as it is used as a last resort host regardless.
|
||||
# However, you must set it for any further virtual host explicitly.
|
||||
#ServerName www.example.com
|
||||
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
|
||||
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||||
# error, crit, alert, emerg.
|
||||
# It is also possible to configure the loglevel for particular
|
||||
# modules, e.g.
|
||||
#LogLevel info ssl:warn
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
# For most configuration files from conf-available/, which are
|
||||
# enabled or disabled at a global level, it is possible to
|
||||
# include a line for only one particular virtual host. For example the
|
||||
# following line enables the CGI configuration for this host only
|
||||
# after it has been globally disabled with "a2disconf".
|
||||
#Include conf-available/serve-cgi-bin.conf
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
|
||||
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
|
||||
RewriteRule /(.*) ws://127.0.0.1:9091/$1 [P]
|
||||
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
|
||||
<Location />
|
||||
ProxyPass http://127.0.0.1:9091/
|
||||
</Location>
|
||||
ProxyVia On
|
||||
ProxyPreserveHost On
|
||||
RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
|
||||
|
||||
SSLProtocol -All TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLHonorCipherOrder On
|
||||
SSLCompression off
|
||||
SSLVerifyClient None
|
||||
SSLCipherSuite AES256+EECDH
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||
SSLSessionTickets Off
|
||||
|
||||
|
||||
ServerName monitor.spacecruft.org
|
||||
SSLCertificateFile /etc/letsencrypt/live/monitor.spacecruft.org/fullchain.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/monitor.spacecruft.org/privkey.pem
|
||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||
</VirtualHost>
|
||||
</IfModule>
|
|
@ -0,0 +1,34 @@
|
|||
<VirtualHost *:80>
|
||||
# The ServerName directive sets the request scheme, hostname and port that
|
||||
# the server uses to identify itself. This is used when creating
|
||||
# redirection URLs. In the context of virtual hosts, the ServerName
|
||||
# specifies what hostname must appear in the request's Host: header to
|
||||
# match this virtual host. For the default virtual host (this file) this
|
||||
# value is not decisive as it is used as a last resort host regardless.
|
||||
# However, you must set it for any further virtual host explicitly.
|
||||
#ServerName www.example.com
|
||||
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
|
||||
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||||
# error, crit, alert, emerg.
|
||||
# It is also possible to configure the loglevel for particular
|
||||
# modules, e.g.
|
||||
#LogLevel info ssl:warn
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
# For most configuration files from conf-available/, which are
|
||||
# enabled or disabled at a global level, it is possible to
|
||||
# include a line for only one particular virtual host. For example the
|
||||
# following line enables the CGI configuration for this host only
|
||||
# after it has been globally disabled with "a2disconf".
|
||||
#Include conf-available/serve-cgi-bin.conf
|
||||
RewriteEngine on
|
||||
RewriteCond %{SERVER_NAME} =monitor.spacecruft.org
|
||||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
||||
</VirtualHost>
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
Loading…
Reference in New Issue