Public | Automated Build

Last pushed: 9 months ago
Short Description
Proxy giving acces to some of your local services from the outside world.
Full Description

Home Proxy Docker Image

This image configures a Nginx instance to play the role of a web gateway for your home LAN.

It also creates a SSH tunnel through a given server so that we can give an access to our LAN through the internet without the need to configure any port in your NAT.

Configuration

SSH server

On your server, you have to configure the SSH server so that reverse ssh tunnel are possible.

You have to add this setting in your /etc/ssh/sshd_config:

GatewayPorts yes

It's also preferable to disable TCPKeepAlive and keep the connection with ClientAlive* options:

TCPKeepAlive no
ClientAliveInterval 600
ClientAliveCountMax 3

SSH tunnel user

On the server, create a user tha will create the tunnel. For that we will create a user that can only login using SSH keys.

$ adduser --sytem --no-create-home --disabled-password --shell /bin/false sshtunnel

Docker Image volumes

The image will share two volumes with the host to share some files.

The first one is "/config" and contains the keys to connect to the sshtunnel account, the domain name of the server and other configuration files concerning the local websites behind this gateway.

  • key.private: the file containing the private key for the sshtunnel user (should be readable only by the owner or the sshtunnel will complain)

  • key.public: the file containing the public key for th sshtunnel user (should be copied on the authorized_keys file on the server) (should be readable only by the owner or the sshtunnel will complain)

  • known_hosts: server ssh key fingerprint, if you don't give that, the tunnel will block waiting for the user to accept the fingerprint, which will never happen...

  • nginx_variables: a file that is included in the Nginx configuration to set variables

  • sites : a directory containing configuration files for your local websites

    • remote : sites visible from the outside world

    • local: sites visible only from the insided (useful if you use a local DNS)

How to launch this image

docker run -d --restart=always -v /path/to/config:/config -v /path/to/www:/var/www -p 80:80 haelty/homeproxy

Docker Pull Command
Owner
haelty
Source Repository

Comments (0)