SatNOGS Monitor Proxy HOWTO sorta
parent
c809208d7b
commit
036153592a
|
@ -0,0 +1,116 @@
|
||||||
|
# Just some notes for now... INCOMPLETE
|
||||||
|
# See apache configs too
|
||||||
|
|
||||||
|
Buster install
|
||||||
|
apt install apache2 python3-certbot-apache
|
||||||
|
a2enmod proxy proxy_http ssl
|
||||||
|
# open ports 80, 443 in firewall
|
||||||
|
certbot
|
||||||
|
|
||||||
|
# add users for satnogs-clients
|
||||||
|
adduser cruftpi1
|
||||||
|
adduser cruftpi3
|
||||||
|
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# On raspberry pi satnogs-client machine:
|
||||||
|
#git clone https://github.com/yudai/gotty
|
||||||
|
# Get binary release here XXX from 2017:
|
||||||
|
# https://github.com/yudai/gotty/releases
|
||||||
|
# wget https://github.com/yudai/gotty/releases/download/v2.0.0-alpha.3/gotty_2.0.0-alpha.3_linux_amd64.tar.gz
|
||||||
|
# meh.
|
||||||
|
#
|
||||||
|
# Do this instead ?
|
||||||
|
# on cruftpi1
|
||||||
|
sudo apt install golang cargo cmake libglib2.0-dev
|
||||||
|
# install lm-snsors? howto get temp on Pi?
|
||||||
|
go get github.com/yudai/gotty
|
||||||
|
|
||||||
|
mkdir ~/devel
|
||||||
|
cd ~/devel
|
||||||
|
|
||||||
|
git clone https://github.com/cubehub/libgpredict.git
|
||||||
|
mkdir libgpredict/build
|
||||||
|
cd libgpredict/build
|
||||||
|
cmake ../ && make
|
||||||
|
sudo make install
|
||||||
|
sudo ldconfig
|
||||||
|
|
||||||
|
|
||||||
|
# MEH, skip this, no need to build it, use package!
|
||||||
|
######################################
|
||||||
|
cd ~/devel
|
||||||
|
git clone https://github.com/wose/satnogs-monitor
|
||||||
|
cd satnogs-monitor/monitor
|
||||||
|
mkdir ~/.config/satnogs-monitor
|
||||||
|
cp examples/config.toml ~/.config/satnogs-monitor/
|
||||||
|
edit ~/.config/satnogs-monitor/config.toml
|
||||||
|
# Run it manually to make sure it is good to run.
|
||||||
|
# The first time takes XXX forever to download and run
|
||||||
|
#cargo run --release -- --orbits 3 --local 1152 --station 1152
|
||||||
|
cargo run --release
|
||||||
|
# If you want to refresh:
|
||||||
|
cargo clean
|
||||||
|
######################################
|
||||||
|
|
||||||
|
# see https://github.com/wose/satnogs-monitor/releases
|
||||||
|
cd ~/devel
|
||||||
|
wget https://github.com/wose/satnogs-monitor/releases/download/0.3.1/satnogs-monitor_0.3.1_armhf.deb
|
||||||
|
sudo dpkg -i satnogs-monitor_0.3.1_armhf.deb
|
||||||
|
# If any deps are now needed, this will fix:
|
||||||
|
sudo apt -f install
|
||||||
|
|
||||||
|
# Test if it minimally works
|
||||||
|
satnogs-monitor --station 1152
|
||||||
|
# moar
|
||||||
|
satnogs-monitor --spectrum --waterfall --orbits 3 --local 1152
|
||||||
|
|
||||||
|
# Make script:
|
||||||
|
cat > ~/satnogs-monitor-run <<EOF
|
||||||
|
#!/bin/bash
|
||||||
|
satnogs-monitor --spectrum --waterfall --orbits 3 --local 1152
|
||||||
|
EOF
|
||||||
|
|
||||||
|
chmod +x ~/satnogs-monitor-run
|
||||||
|
|
||||||
|
# now run it in gotty..
|
||||||
|
~/go/bin/gotty ~/satnogs-monitor-run
|
||||||
|
# woo
|
||||||
|
~/go/bin/gotty --address 127.0.0.1 --port 9091 --width 0 --height 0 ~/satnogs-monitor-run
|
||||||
|
|
||||||
|
|
||||||
|
# If that is all working, set up tunnel.
|
||||||
|
# create key on cruftpi1
|
||||||
|
ssh-keygen -t ed25519
|
||||||
|
# This gets copied over to apache server location:
|
||||||
|
# /home/cruftpi1/.ssh/authorized_keys
|
||||||
|
cat .ssh/id_ed25519.pub
|
||||||
|
|
||||||
|
# Set up ssh config:
|
||||||
|
vim .ssh/config
|
||||||
|
# ala:
|
||||||
|
Host spacecruft-monitor
|
||||||
|
Hostname 185.165.171.165
|
||||||
|
User cruftpi1
|
||||||
|
Port 22
|
||||||
|
|
||||||
|
|
||||||
|
# On apache server machine as root (crufty way to do this):
|
||||||
|
sudo su -
|
||||||
|
mkdir /home/cruftpi1/.ssh
|
||||||
|
# copy over that key:
|
||||||
|
echo "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA pi@cruftpi1" >> /home/cruftpi1/.ssh/authorized_keys
|
||||||
|
chown -R cruftpi1:cruftpi1 /home/cruftpi1/.ssh/
|
||||||
|
|
||||||
|
# On cruftpi1
|
||||||
|
# Run a ssh tunnel to server:
|
||||||
|
ssh -N -C -R 9091:localhost:9091 spacecruft-monitor
|
||||||
|
|
||||||
|
# You can test in on spacecruft-monitor server:
|
||||||
|
telnet localhost 9091
|
||||||
|
GET /
|
||||||
|
|
||||||
|
# Configure apache proxy on spacecruft-monitor:
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod proxy_wstunnel
|
||||||
|
vim /etc/apache2/sites-enabled/000-default-le-ssl.conf
|
|
@ -0,0 +1,60 @@
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
# The ServerName directive sets the request scheme, hostname and port that
|
||||||
|
# the server uses to identify itself. This is used when creating
|
||||||
|
# redirection URLs. In the context of virtual hosts, the ServerName
|
||||||
|
# specifies what hostname must appear in the request's Host: header to
|
||||||
|
# match this virtual host. For the default virtual host (this file) this
|
||||||
|
# value is not decisive as it is used as a last resort host regardless.
|
||||||
|
# However, you must set it for any further virtual host explicitly.
|
||||||
|
#ServerName www.example.com
|
||||||
|
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
|
||||||
|
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||||||
|
# error, crit, alert, emerg.
|
||||||
|
# It is also possible to configure the loglevel for particular
|
||||||
|
# modules, e.g.
|
||||||
|
#LogLevel info ssl:warn
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
|
||||||
|
# For most configuration files from conf-available/, which are
|
||||||
|
# enabled or disabled at a global level, it is possible to
|
||||||
|
# include a line for only one particular virtual host. For example the
|
||||||
|
# following line enables the CGI configuration for this host only
|
||||||
|
# after it has been globally disabled with "a2disconf".
|
||||||
|
#Include conf-available/serve-cgi-bin.conf
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
|
||||||
|
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
|
||||||
|
RewriteRule /(.*) ws://127.0.0.1:9091/$1 [P]
|
||||||
|
|
||||||
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
ProxyPass http://127.0.0.1:9091/
|
||||||
|
</Location>
|
||||||
|
ProxyVia On
|
||||||
|
ProxyPreserveHost On
|
||||||
|
RequestHeader set X-Forwarded-Proto 'https'env=HTTPS
|
||||||
|
|
||||||
|
SSLProtocol -All TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLHonorCipherOrder On
|
||||||
|
SSLCompression off
|
||||||
|
SSLVerifyClient None
|
||||||
|
SSLCipherSuite AES256+EECDH
|
||||||
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||||||
|
SSLSessionTickets Off
|
||||||
|
|
||||||
|
|
||||||
|
ServerName monitor.spacecruft.org
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/monitor.spacecruft.org/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/monitor.spacecruft.org/privkey.pem
|
||||||
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
|
@ -0,0 +1,34 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
# The ServerName directive sets the request scheme, hostname and port that
|
||||||
|
# the server uses to identify itself. This is used when creating
|
||||||
|
# redirection URLs. In the context of virtual hosts, the ServerName
|
||||||
|
# specifies what hostname must appear in the request's Host: header to
|
||||||
|
# match this virtual host. For the default virtual host (this file) this
|
||||||
|
# value is not decisive as it is used as a last resort host regardless.
|
||||||
|
# However, you must set it for any further virtual host explicitly.
|
||||||
|
#ServerName www.example.com
|
||||||
|
|
||||||
|
ServerAdmin webmaster@localhost
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
|
||||||
|
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
||||||
|
# error, crit, alert, emerg.
|
||||||
|
# It is also possible to configure the loglevel for particular
|
||||||
|
# modules, e.g.
|
||||||
|
#LogLevel info ssl:warn
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
|
||||||
|
# For most configuration files from conf-available/, which are
|
||||||
|
# enabled or disabled at a global level, it is possible to
|
||||||
|
# include a line for only one particular virtual host. For example the
|
||||||
|
# following line enables the CGI configuration for this host only
|
||||||
|
# after it has been globally disabled with "a2disconf".
|
||||||
|
#Include conf-available/serve-cgi-bin.conf
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{SERVER_NAME} =monitor.spacecruft.org
|
||||||
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
Loading…
Reference in New Issue