From 4890681be6f8fa0dd6a76efd0fa45f2935811526 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Wed, 3 Jul 2024 12:05:39 +0000
Subject: [PATCH] Readme

---
 Readme.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Readme.md

diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..111797c
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,42 @@
+This service is a reverse proxy to send requests to a ssh tunnel
+
+Say that you have a server A that is not reachable from outside the network and a server B that is reachable.
+
+On server B, start this service, then on server A, launch a ssh-tunnel to this service.
+
+## Installation on the proxy server (B)
+
+```
+cp .env .env.sample
+```
+
+Then edit the following variables:
+
++ `SSH_PUB_KEY` : the public key of server A that will be used to log in the ssh server to create a tunnel
++ `HOSTS` a comma separated list of FQDN with backticks, i.e
+```
+`a.example.org`,`b.example.org`
+```
++ `SSHPORT` : port to bind the conteners ssh server should be free on the host B
++ `SSHPORT_INT` : Port for making server A accessible via ssh on server B
++ `HTTPS_PORT` : Port that will be bind to HTTPS port of server A
++ `NAME` a unique name for traefik
+
+Finally `docker-compose up -d`
+
+## On the proxified server (A)
+
+On the server A, put the following script in `/root/ssh-tunnel.sh` then run it after starting the services on `B`, adapt the constants to your needs
+
+```bash
+#!/bin/bash
+HTTPS_PORT=8080
+SSHPORT_INT=2223
+SSHPORT=2222
+PROXY_HOST=aquila.tetras-libre.fr
+while true; do
+    /usr/bin/ssh -i /root/.ssh/id_rsa -N -R ${HTTPS_PORT}:localhost:443 -R ${SSHPORT_INT}:localhost:22 -o "ExitOnForwardFailure yes" -o "StrictHostKeyChecking no" -o "ServerAliveInterval 60" sshuser@${PROXY_HOST} -p ${SSHPORT}
+    echo "Ssh failed $?"
+    sleep 5
+done
+```
\ No newline at end of file
-- 
GitLab