From eed4ab6ebf07a696ed13bfeb70ccd73784208748 Mon Sep 17 00:00:00 2001 From: davidovski Date: Wed, 29 Sep 2021 23:18:33 +0100 Subject: removed html --- build.py | 128 ++++++++++++++++++++++++-- const.py | 1 + git_repos.txt | 1 + html/entries/Permanent SSH Forwarding.html | 84 ----------------- html/entries/ssh_forwarding.html | 87 ------------------ html/entries/test.html | 11 --- html/entries/welcome.html | 45 ---------- html/images/bg.png | Bin 2416724 -> 0 bytes html/images/remotecontrol.png | Bin 20363 -> 0 bytes html/index.html | 75 ---------------- html/mononoki.woff | Bin 42208 -> 0 bytes html/rss.xml | 71 --------------- html/src/ssh_forwarding.md | 74 --------------- html/src/welcome.md | 7 -- html/style.css | 139 ---------------------------- images/bg.gif | Bin 0 -> 554478 bytes images/remotecontrol.png | Bin 20363 -> 1591562 bytes resources/mononoki.woff | Bin 0 -> 42208 bytes resources/style.css | 140 +++++++++++++++++++++++++++++ sync.sh | 2 - templates/file.html | 7 ++ 21 files changed, 272 insertions(+), 600 deletions(-) create mode 100644 git_repos.txt delete mode 100644 html/entries/Permanent SSH Forwarding.html delete mode 100644 html/entries/ssh_forwarding.html delete mode 100644 html/entries/test.html delete mode 100644 html/entries/welcome.html delete mode 100644 html/images/bg.png delete mode 100644 html/images/remotecontrol.png delete mode 100644 html/index.html delete mode 100644 html/mononoki.woff delete mode 100644 html/rss.xml delete mode 100644 html/src/ssh_forwarding.md delete mode 100644 html/src/welcome.md delete mode 100644 html/style.css create mode 100644 images/bg.gif create mode 100644 resources/mononoki.woff create mode 100644 resources/style.css create mode 100644 templates/file.html diff --git a/build.py b/build.py index 45d8982..e922ac9 100644 --- a/build.py +++ b/build.py @@ -2,6 +2,9 @@ import markdown import os import time import shutil +import subprocess +from html import escape + from const import * @@ -60,10 +63,22 @@ def make(): os.makedirs(os.path.join(dist, "entries")) except: print("Already have content") - shutil.rmtree(os.path.join(dist, "src")) - shutil.rmtree(os.path.join(dist, "images")) - shutil.copytree(source, os.path.join(dist, "src")) - shutil.copytree(images, os.path.join(dist, "images")) + try: + shutil.rmtree(os.path.join(dist, "src")) + except: + pass + try: + shutil.rmtree(os.path.join(dist, "images")) + except: + pass + try: + shutil.copytree(source, os.path.join(dist, "src")) + except: + pass + try: + shutil.copytree(images, os.path.join(dist, "images")) + except: + pass pages = listPages() @@ -117,8 +132,111 @@ def make(): rss_templ.replace("%items%", itemsXML) ) + for f in os.listdir(resources): + shutil.copy(os.path.join(resources, f), dist) + print(f"built in {len(pages)} pages") -make() + +def get_repos(): + repos = [] + if os.path.exists("git_repos.txt"): + with open("git_repos.txt", "r") as file: + repos = file.read().split("\n")[:-1] + return repos + +def list_files(path): + files = [] + dirlist = [path] + + while len(dirlist) > 0: + for (dirpath, dirnames, filenames) in os.walk(dirlist.pop()): + dirlist.extend(dirnames) + files.extend(map(lambda n: os.path.join(*n), zip([dirpath] * len(filenames), filenames))) + print(len(files)) + + return files + +def format_file(page_templ, content, v): + return page_templ.replace("%title%", v["name"])\ + .replace("%up%", v["above"])\ + .replace("%filename%", v["filename"])\ + .replace("%commit%", str(v["commit"]))\ + .replace("%content%", content) + + +def traverse_repo(path, name, commit): + page_templ = getTemplateHTML("page.html") + page_templ = page_templ.replace("%content%", getTemplateHTML("file.html")) + + for root, dirs, files in os.walk(path): + index_content = "" + + index_content = format_file(page_templ, index_content, { + "name": name, + "commit": commit, + "filename": "/".join(root.split("/")[1:]), + "above": "/".join(root.split("/")[1:-1]), + }) + + with open(os.path.join(root,"index.html"), "w") as file: + file.write(index_content) + +def create_repos(): + try: + shutil.rmtree(os.path.join(dist, "git")) + except: + pass + + git_path = os.path.join(dist, "git") + try: + os.makedirs(git_path) + except: + print("Already have git path") + + for repo in get_repos(): + print(repo) + + os.system(f"cd {dist}/git; git clone {repo}") + name = ".".join(repo.split("/")[-1].split(".")[:-1]) + + command = subprocess.run(f"cd {dist}/git/{name} && git log --pretty=format:'%h%x09%an%x09%ad%x09%s' --no-decorate -1", stdout=subprocess.PIPE, shell=True) + + commit = command.stdout.decode() + + traverse_repo(os.path.join(git_path, name), name, commit) +make() +create_repos() diff --git a/const.py b/const.py index 07eeef6..d858374 100644 --- a/const.py +++ b/const.py @@ -3,5 +3,6 @@ images = "images" date_format = "%a, %d %b %Y %H:%M:%S" source = "src" templates = "templates" +resources = "resources" dist = "html" summary_max = 10 diff --git a/git_repos.txt b/git_repos.txt new file mode 100644 index 0000000..04c0368 --- /dev/null +++ b/git_repos.txt @@ -0,0 +1 @@ +https://git.davidovski.xyz/davidovski.git diff --git a/html/entries/Permanent SSH Forwarding.html b/html/entries/Permanent SSH Forwarding.html deleted file mode 100644 index 3df3af7..0000000 --- a/html/entries/Permanent SSH Forwarding.html +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - davidovski.xyz - - -
-
- davidovski.xyz -
- -
- -
-

Permanent SSH Forwarding

-

Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. However, what if you don't want to, or can't, directly open ports onto your home network, or you if you simply want to keep all of your site on one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet.

-

ssh remote port forwarding

-

SSH remote port forwarding is built right into ssh itself, and is quite simple:

-

ssh -R 5505:localhost:4404 user@remote.host

-

When this command is run on the local server, it will create an ssh connection to the remote server, as per usual. Additionally, it will open the port 5505 on the remote server, which will forward all traffic to port 4404 on the local server. This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable.

-

However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. You can fix this by setting GatewayPorts yes in /etc/ssh/sshd_config on the remote server. (don't forget to restart sshd after editing the config)

-

Persistent ssh forwarding

-

The above is all well and good, but you'd need to keep an interactive ssh connection up at all times (not impossible with a tool like screen or tmux), so it isn't the most ideal solution. To get around this, you can create a service to run on the local server to forward requested ports to the remote server.

-

To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them bridge, though any other names like tunnel or whatever would work too. I'd recommend to avoid giving these users passwords, that way they can only be signed in through key based authentication. Of course you will still be able to log into them as root using su - bridge

-

Next you should create an ssh keypair on the local server(ssh-keygen) and place the contents of your public key into .ssh/authorized_keys. This will make sure that only the local server will be able to ssh into the remote using that key.

-

Then, create a script for your ssh port forwarding. I placed mine directly in the home folder of my bridge user of my local server, though it only matters that the bridge user can execute it. In your script you must use the -nT flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read man ssh for more info)

-

Here is my example of a script that you could use:

-

```sh

-

!/bin/sh

-

PORTS="8080 25565" -DEST="bridge@remote.host" -SSH_PORT="22" -IDENTITY_FILE="~/.ssh"

-

/usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST -```

-

Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble.

-

Systemd service

-

Say that the script you made was /home/bridge/tunnel.sh, you should create a user service with systemd for the bridge user.

-

To do this create the following file in /home/bridge/.config/systemd/user/tunnel.service:

-

```service -[Unit] -Description=SSH tunnel

-

[Service] -ExecStart=/home/bridge/tunnel.sh -RestartSec=5 -Restart=always -KillMode=mixed

-

[Install] -WantedBy=default.target -```

-

Then enable and start the service with: systemd --user enable tunnel.service and system --user start tunnel.service. Ensure that it is running with systemd --user status tunnel

-

Forwarding ports smaller than 1024

-

As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. To bypass this, you can change your services to run at different ports, though this may not always be possible, for example with ports 80 and 443 for http and https respectively. One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080).

-

This can be achieved using socat.

-

Say you forwarded traffic from port 8080 on the remote to port 80 on the local, you could then, on the remote server run sudo socat TCP-LISTEN:80,fork TCP:localhost:8080 to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443:

-

/usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443"

-

However this command assumes that the remote user has access to sudo with NO PASSWORD. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands.

-
- - - diff --git a/html/entries/ssh_forwarding.html b/html/entries/ssh_forwarding.html deleted file mode 100644 index 265d023..0000000 --- a/html/entries/ssh_forwarding.html +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - - davidovski.xyz - - -
-
- davidovski.xyz -
- -
- -
-

Permanent SSH Forwarding (Tutorial)

-

Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. However, what if you don't want to, or can't, directly open ports onto your home network, or you if you simply want to keep all of your site on one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet.

-

SSH Remote Port Forwarding

-

SSH remote port forwarding is built right into ssh itself, and is quite simple:

-

ssh -R 5505:localhost:4404 user@remote.host

-

When this command is run on the local server, it will create an ssh connection to the remote server, as per usual. Additionally, it will open the port 5505 on the remote server, which will forward all traffic to port 4404 on the local server. This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable.

-

However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. You can fix this by setting GatewayPorts yes in /etc/ssh/sshd_config on the remote server. (don't forget to restart sshd after editing the config)

-

Persistent ssh forwarding

-

The above is all well and good, but you'd need to keep an interactive ssh connection up at all times (not impossible with a tool like screen or tmux), so it isn't the most ideal solution. To get around this, you can create a service to run on the local server to forward requested ports to the remote server.

-

To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them bridge, though any other names like tunnel or whatever would work too. I'd recommend to avoid giving these users passwords, that way they can only be signed in through key based authentication. Of course you will still be able to log into them as root using su - bridge

-

Next you should create an ssh keypair on the local server(ssh-keygen) and place the contents of your public key into .ssh/authorized_keys. This will make sure that only the local server will be able to ssh into the remote using that key.

-

Then, create a script for your ssh port forwarding. I placed mine directly in the home folder of my bridge user of my local server, though it only matters that the bridge user can execute it. In your script you must use the -nT flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read man ssh for more info)

-

Here is my example of a script that you could use:

-
#!/bin/sh
-
-PORTS="8080 25565"
-DEST="bridge@remote.host"
-SSH_PORT="22"
-IDENTITY_FILE="~/.ssh"
-
-/usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST
-
-

Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble.

-

Systemd service

-

Say that the script you made was /home/bridge/tunnel.sh, you should create a user service with systemd for the bridge user.

-

To do this create the following file in /home/bridge/.config/systemd/user/tunnel.service:

-
[Unit]
-Description=SSH tunnel
-
-[Service]
-ExecStart=/home/bridge/tunnel.sh
-RestartSec=5
-Restart=always
-KillMode=mixed
-
-[Install]
-WantedBy=default.target
-
-

Then enable and start the service with: systemd --user enable tunnel.service and system --user start tunnel.service. Ensure that it is running with systemd --user status tunnel

-

Forwarding ports smaller than 1024

-

As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. To bypass this, you can change your services to run at different ports, though this may not always be possible, for example with ports 80 and 443 for http and https respectively. One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080).

-

This can be achieved using socat.

-

Say you forwarded traffic from port 8080 on the remote to port 80 on the local, you could then, on the remote server run sudo socat TCP-LISTEN:80,fork TCP:localhost:8080 to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443:

-
/usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443"
-
-

However this command assumes that the remote user has access to sudo with NO PASSWORD. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands.

-
- - - diff --git a/html/entries/test.html b/html/entries/test.html deleted file mode 100644 index cf4cbac..0000000 --- a/html/entries/test.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - - test - - -

test

-

hi test haha

- - diff --git a/html/entries/welcome.html b/html/entries/welcome.html deleted file mode 100644 index 0a9caeb..0000000 --- a/html/entries/welcome.html +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - davidovski.xyz - - -
-
- davidovski.xyz -
- -
- -
-

welcome. i decided to turn this wepage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things.

-

originally i was going to make this blog on b.davidovski.xyz using nanoblogger (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: kblg. Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?)

-

anyway thats all for now, cya

-

~davidovski

-
- - - diff --git a/html/images/bg.png b/html/images/bg.png deleted file mode 100644 index d08f9ed..0000000 Binary files a/html/images/bg.png and /dev/null differ diff --git a/html/images/remotecontrol.png b/html/images/remotecontrol.png deleted file mode 100644 index 5d34db5..0000000 Binary files a/html/images/remotecontrol.png and /dev/null differ diff --git a/html/index.html b/html/index.html deleted file mode 100644 index 13b7128..0000000 --- a/html/index.html +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - - davidovski.xyz - - -
-
- davidovski.xyz -
- -
- -
-
-
- -

Hi, I'm david and this is my place on the net where I dump various files, write blogs and whatever I feel like.

-

Feel free to explore the above links, or scroll through below. This site is still under contruction... permanently. So expect it to look better (or worse) in the future.

- -

if you want to contact me, you can message me on matrix @davidovski:matrix.org (i will make my own homeserver soon ok?) or discord iksvo#6239. I'll be also happy to reply to any emails, linked at the top of the page

-
-
- -
-
-
-
- -

blog posts

- - -
-
-
Fri, 27 Aug 2021 03:01:02 🔗
-

Permanent SSH Forwarding (Tutorial)

-

Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. However, what if you don't want to, or can't, directly open ports onto your home network, or you if you simply want to keep all of your site on one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet.

read more... -
- -
-
-
Sun, 08 Aug 2021 04:23:07 🔗
-

welcome. i decided to turn this wepage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things.

-

originally i was going to make this blog on b.davidovski.xyz using nanoblogger (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: kblg. Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?)

-

anyway thats all for now, cya

-

~davidovski

-
- -
- - - diff --git a/html/mononoki.woff b/html/mononoki.woff deleted file mode 100644 index 939ec2a..0000000 Binary files a/html/mononoki.woff and /dev/null differ diff --git a/html/rss.xml b/html/rss.xml deleted file mode 100644 index 5b576e1..0000000 --- a/html/rss.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - - davidovski - https://davidovski.xyz - davidovski's site - - ssh_forwarding - https://davidovski.xyz/https://davidovski.xyz/entries/ssh_forwarding.html - Fri, 27 Aug 2021 03:01:02 - Permanent SSH Forwarding (Tutorial) -

Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. However, what if you don't want to, or can't, directly open ports onto your home network, or you if you simply want to keep all of your site on one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet.

-

SSH Remote Port Forwarding

-

SSH remote port forwarding is built right into ssh itself, and is quite simple:

-

ssh -R 5505:localhost:4404 user@remote.host

-

When this command is run on the local server, it will create an ssh connection to the remote server, as per usual. Additionally, it will open the port 5505 on the remote server, which will forward all traffic to port 4404 on the local server. This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable.

-

However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. You can fix this by setting GatewayPorts yes in /etc/ssh/sshd_config on the remote server. (don't forget to restart sshd after editing the config)

-

Persistent ssh forwarding

-

The above is all well and good, but you'd need to keep an interactive ssh connection up at all times (not impossible with a tool like screen or tmux), so it isn't the most ideal solution. To get around this, you can create a service to run on the local server to forward requested ports to the remote server.

-

To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them bridge, though any other names like tunnel or whatever would work too. I'd recommend to avoid giving these users passwords, that way they can only be signed in through key based authentication. Of course you will still be able to log into them as root using su - bridge

-

Next you should create an ssh keypair on the local server(ssh-keygen) and place the contents of your public key into .ssh/authorized_keys. This will make sure that only the local server will be able to ssh into the remote using that key.

-

Then, create a script for your ssh port forwarding. I placed mine directly in the home folder of my bridge user of my local server, though it only matters that the bridge user can execute it. In your script you must use the -nT flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read man ssh for more info)

-

Here is my example of a script that you could use:

-
#!/bin/sh
-
-PORTS="8080 25565"
-DEST="bridge@remote.host"
-SSH_PORT="22"
-IDENTITY_FILE="~/.ssh"
-
-/usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST
-
-

Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble.

-

Systemd service

-

Say that the script you made was /home/bridge/tunnel.sh, you should create a user service with systemd for the bridge user.

-

To do this create the following file in /home/bridge/.config/systemd/user/tunnel.service:

-
[Unit]
-Description=SSH tunnel
-
-[Service]
-ExecStart=/home/bridge/tunnel.sh
-RestartSec=5
-Restart=always
-KillMode=mixed
-
-[Install]
-WantedBy=default.target
-
-

Then enable and start the service with: systemd --user enable tunnel.service and system --user start tunnel.service. Ensure that it is running with systemd --user status tunnel

-

Forwarding ports smaller than 1024

-

As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. To bypass this, you can change your services to run at different ports, though this may not always be possible, for example with ports 80 and 443 for http and https respectively. One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080).

-

This can be achieved using socat.

-

Say you forwarded traffic from port 8080 on the remote to port 80 on the local, you could then, on the remote server run sudo socat TCP-LISTEN:80,fork TCP:localhost:8080 to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443:

-
/usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443"
-
-

However this command assumes that the remote user has access to sudo with NO PASSWORD. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands.

]]>
-
- - - welcome - https://davidovski.xyz/https://davidovski.xyz/entries/welcome.html - Sun, 08 Aug 2021 04:23:07 - welcome. i decided to turn this wepage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things.

-

originally i was going to make this blog on b.davidovski.xyz using nanoblogger (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: kblg. Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?)

-

anyway thats all for now, cya

-

~davidovski

]]>
-
- -
-
diff --git a/html/src/ssh_forwarding.md b/html/src/ssh_forwarding.md deleted file mode 100644 index bd60668..0000000 --- a/html/src/ssh_forwarding.md +++ /dev/null @@ -1,74 +0,0 @@ -# Permanent SSH Forwarding (Tutorial) - -Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. However, what if you don't want to, *or can't*, directly open ports onto your home network, or you if you simply want to keep all of your site on one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet. - -... - -## SSH Remote Port Forwarding - -SSH remote port forwarding is built right into ssh itself, and is quite simple: - -``` -ssh -R 5505:localhost:4404 user@remote.host -``` - -When this command is run on the local server, it will create an ssh connection to the remote server, as per usual. Additionally, it will open the port 5505 on the remote server, which will forward all traffic to port 4404 on the local server. This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable. - -However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. You can fix this by setting `GatewayPorts yes` in `/etc/ssh/sshd_config` on the remote server. (don't forget to restart sshd after editing the config) - -## Persistent ssh forwarding - -The above is all well and good, but you'd need to keep an interactive ssh connection up at all times (not impossible with a tool like `screen` or `tmux`), so it isn't the most ideal solution. To get around this, you can create a service to run on the local server to forward requested ports to the remote server. - -To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them `bridge`, though any other names like `tunnel` or whatever would work too. I'd recommend to avoid giving these users passwords, that way they can only be signed in through key based authentication. Of course you will still be able to log into them as root using `su - bridge` - -Next you should create an ssh keypair on the local server(`ssh-keygen`) and place the contents of your public key into `.ssh/authorized_keys`. This will make sure that only the local server will be able to ssh into the remote using that key. - -Then, create a script for your ssh port forwarding. I placed mine directly in the home folder of my bridge user of my local server, though it only matters that the bridge user can execute it. In your script you *must* use the `-nT` flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read `man ssh` for more info) - -Here is my example of a script that you could use: - - #!/bin/sh - - PORTS="8080 25565" - DEST="bridge@remote.host" - SSH_PORT="22" - IDENTITY_FILE="~/.ssh" - - /usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST - -Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble. - -### Systemd service - -Say that the script you made was `/home/bridge/tunnel.sh`, you should create a user service with systemd for the bridge user. - -To do this create the following file in `/home/bridge/.config/systemd/user/tunnel.service`: - - [Unit] - Description=SSH tunnel - - [Service] - ExecStart=/home/bridge/tunnel.sh - RestartSec=5 - Restart=always - KillMode=mixed - - [Install] - WantedBy=default.target - -Then enable and start the service with: `systemd --user enable tunnel.service` and `system --user start tunnel.service`. Ensure that it is running with `systemd --user status tunnel` - -## Forwarding ports smaller than 1024 - -As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. To bypass this, you can change your services to run at different ports, though this may not always be possible, for example with ports 80 and 443 for http and https respectively. One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080). - -This can be achieved using `socat`. - -Say you forwarded traffic from port 8080 on the remote to port 80 on the local, you could then, on the remote server run `sudo socat TCP-LISTEN:80,fork TCP:localhost:8080` to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443: - - /usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443" - -However this command assumes that the remote user has access to sudo with **NO PASSWORD**. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands. - - diff --git a/html/src/welcome.md b/html/src/welcome.md deleted file mode 100644 index 5c8500c..0000000 --- a/html/src/welcome.md +++ /dev/null @@ -1,7 +0,0 @@ -welcome. i decided to turn this wepage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things. - -originally i was going to make this blog on [b.davidovski.xyz](https://b.davidovski.xyz) using [nanoblogger](http://nanoblogger.sourceforge.net/) (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: [kblg](https://github.com/davidovski/kblg/). Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?) - -anyway thats all for now, cya - -~davidovski diff --git a/html/style.css b/html/style.css deleted file mode 100644 index 9ecf486..0000000 --- a/html/style.css +++ /dev/null @@ -1,139 +0,0 @@ -:root { - --fg: #f58F44; - --black: #707880; - --red: #cc6666; - --green: #b5bd68; - --yellow: #f0c674; - --blue: #5f819d; - --magenta: #b294bb; - --cyan: #b4d6d1; - --white: #c5c8c6; - --bg-light: #303030; - --bg: #191919; - --line: 2px; -} - - -@font-face { - font-family: mononoki; - src: url(mononoki.woff); -} - -body { - background-color: var(--bg-light); - /*background-image: url("https://davidovski.xyz/images/bg.png");*/ - background-position: absolute; - background-repeat: no-repeat; - background-size: cover; - color: var(--fg); - font-family: mononoki; - font-size: 16px; - padding: 0; - margin: 0; -} - -a { - color: var(--blue); - text-decoration: none; -} - -h1 { - color: var(--white); -} - -h2 { - color: var(--cyan); -} - -h3 { - color: var(--blue); -} - - -.main { - background-color: var(--bg); - margin-top: 0; - margin-bottom: 0; - margin-left: auto; - margin-right: auto; - - width: 70%; - - padding: 2%; - height: 100%; - - border-left: var(--line) solid var(--fg); - border-right: var(--line) solid var(--fg); - border-bottom: var(--line) solid var(--fg); -} - -.header { - text-align: center; -} - -.links { - text-align: center justify; - text-justify: inter-word; - #white-space: nowrap; -} - -hr { - width: 100%; - border: 0; - border-bottom: var(--line) solid var(--fg); -} -.title { - font-size: 45px; - color: var(--fg); -} -.small { - font-size: 9px; - padding: 0; - color: var(--black); -} - -a.red { - color: --var(red); -} - -a.green { - color: --var(green); -} - -a.blue { - color: --var(blue); -} - -code { - background-color: var(--bg-light); - font-size: 16px; - font-family: mononoki; - word-wrap: break-word; - width: 100%; -} - -pre { - background-color: var(--bg-light); - white-space: pre-wrap; - padding: 5px; - border: var(--line) solid var(--fg); - -} - -.grid { - display: inline; -} - -.about { - width: 75%; - float: left; -} - -.image { - width: 25%; - float: right; -} - -img { - width: 100%; -} diff --git a/images/bg.gif b/images/bg.gif new file mode 100644 index 0000000..31fa140 Binary files /dev/null and b/images/bg.gif differ diff --git a/images/remotecontrol.png b/images/remotecontrol.png index 5d34db5..8a0a2da 100644 Binary files a/images/remotecontrol.png and b/images/remotecontrol.png differ diff --git a/resources/mononoki.woff b/resources/mononoki.woff new file mode 100644 index 0000000..939ec2a Binary files /dev/null and b/resources/mononoki.woff differ diff --git a/resources/style.css b/resources/style.css new file mode 100644 index 0000000..b0c66fa --- /dev/null +++ b/resources/style.css @@ -0,0 +1,140 @@ +:root { + --fg: #f58F44; + --black: #707880; + --red: #cc6666; + --green: #b5bd68; + --yellow: #f0c674; + --blue: #5f819d; + --magenta: #b294bb; + --cyan: #b4d6d1; + --white: #c5c8c6; + --bg-light: #303030; + --bg: #191919; + --line: 2px; +} + + +@font-face { + font-family: mononoki; + src: url(mononoki.woff); +} + +body { + background-color: var(--bg-light); + background-image: url("/images/bg.gif"); + background-repeat: repeat; + + /*background-image: url("https://davidovski.xyz/images/bg.png");*/ + background-position: absolute; + color: var(--fg); + font-family: mononoki; + font-size: 16px; + padding: 0; + margin: 0; +} + +a { + color: var(--blue); + text-decoration: none; +} + +h1 { + color: var(--white); +} + +h2 { + color: var(--cyan); +} + +h3 { + color: var(--blue); +} + + +.main { + background-color: var(--bg); + margin-top: 0; + margin-bottom: 0; + margin-left: auto; + margin-right: auto; + + width: 70%; + + padding: 2%; + height: 100%; + + border-left: var(--line) solid var(--fg); + border-right: var(--line) solid var(--fg); + border-bottom: var(--line) solid var(--fg); +} + +.header { + text-align: center; +} + +.links { + text-align: center justify; + text-justify: inter-word; + #white-space: nowrap; +} + +hr { + width: 100%; + border: 0; + border-bottom: var(--line) solid var(--fg); +} +.title { + font-size: 45px; + color: var(--fg); +} +.small { + font-size: 9px; + padding: 0; + color: var(--black); +} + +a.red { + color: --var(red); +} + +a.green { + color: --var(green); +} + +a.blue { + color: --var(blue); +} + +code { + background-color: var(--bg-light); + font-size: 16px; + font-family: mononoki; + word-wrap: break-word; + width: 100%; +} + +pre { + background-color: var(--bg-light); + white-space: pre-wrap; + padding: 5px; + border: var(--line) solid var(--fg); + +} + +.grid { + display: inline; +} + +.about { + width: 75%; + float: left; +} + +.image { + width: 25%; + float: right; +} + +img { + width: 100%; +} diff --git a/sync.sh b/sync.sh index 0102c33..11a9f8d 100755 --- a/sync.sh +++ b/sync.sh @@ -1,7 +1,5 @@ #!/bin/bash -#cp templates/index.html templates/page.html - python build.py rsync -Lta --no-perms --no-owner --no-group --delete --exclude=sync.sh -vz -e ssh ./html/ cheetah:/srv/www/davidovski/html diff --git a/templates/file.html b/templates/file.html new file mode 100644 index 0000000..6171875 --- /dev/null +++ b/templates/file.html @@ -0,0 +1,7 @@ +

%filename%

+ +

../

+ +

%commit%

+ +%content% -- cgit v1.2.1