feat: add ssh-proxy imag

- default-configured to set expose tls port through pinggy
legobeat · Aug 16, 2024 · 442627d · 442627d
1 parent 59e3bce
commit 442627d
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/compose/vnc.compose.yml b/compose/vnc.compose.yml
@@ -79,6 +79,22 @@ services:
     ports:
       - '6080:6080'
 
+  ssh-proxy:
+    depends_on:
+      - novnc
+    profiles:
+      - vnc
+      - remote
+    build:
+      context: ../imags/ssh-proxy
+      dockerfile: Containerfile
+    image: 'localhost/l7/ssh-proxy:latest'
+    command: '-p443 -R0:10.7.9.51:6080 -o ServerAliveInterval=30 tls@a.pinggy.io'
+    hostname: localhost
+    networks:
+      public:
+      vnc:
+
 ########
 
 networks:

diff --git a/imags/ssh-proxy/Containerfile b/imags/ssh-proxy/Containerfile
@@ -0,0 +1,14 @@
+ARG ALPINE_VERSION=3.20
+FROM docker.io/alpine:${ALPINE_VERSION}
+RUN apk add --no-cache \
+  autossh \
+  grep \
+  openssh \
+  sed
+COPY entrypoint.sh /
+#ARG SSH_KNOWN_HOSTS="serveo.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxYGqSKVwJpQD1F0YIhz+bd5lpl7YesKjtrn1QD1RjQcSj724lJdCwlv4J8PcLuFFtlAA8AbGQju7qWdMN9ihdHvRcWf0tSjZ+bzwYkxaCydq4JnCrbvLJPwLFaqV1NdcOzY2NVLuX5CfY8VTHrps49LnO0QpGaavqrbk+wTWDD9MHklNfJ1zSFpQAkSQnSNSYi/M2J3hX7P0G2R7dsUvNov+UgNKpc4n9+Lq5Vmcqjqo2KhFyHP0NseDLpgjaqGJq2Kvit3QowhqZkK4K77AA65CxZjdDfpjwZSuX075F9vNi0IFpFkGJW9KlrXzI4lIzSAjPZBURhUb8nZSiPuzj"
+ARG SSH_KNOWN_HOSTS="[a.pinggy.io]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF0YJigZJU62vn4rsKGRjIRTtMe/suc3d4YDe0iIvFzLMuaN78oxhWn9Uqefe1gN++dYVssspsgsvTXTTBcxxo3WoFeNr1z/+osJ45+Yxoa0pbaJdAwbr8CqjDa96r9/AhAXHoKncAByEOSiXfdWCXf84YC+Hu48/gZOqSZ3VqPz+nNGFByJcqYJ+jSELSqCNWVLWFxx7vH270Kymw2XkdOW47zzDNO7X4uByxHfaZMgI6phoaNglGizM0VNMQPL5GbspVGejFQE85QJbX3oF8vuCYnM+OMkwopHG+muh6Tro8+fm6G/fcmu34YJNbU3oaTdW1YPqvcKFX1AuIY9CA5lLZR9A1rOJ+fd4JEYaoTxwUN2ZPcrf7JEnvHmcV9hmupTSllJzLk4smDpl5PSknDm68/h/z/ZmaDlunGsHnn397fwCwS7sO9Q1yIuZ+Bri0td7+N2EK1mvM/qsnrSauOymcmqYVy6TLiejHdoVl8+lKqatkTxyFf/3MP8ylCKSoP0SJZratcU1n+0EciG+IjEzdPZ/1tuJZhBWqOUbYfUl+WgovH+J+AQKtoNzPP+fLtLNcmLEhx99N2y5l7A8IOlyy41Minq4N7V5X8Q7QHhEoocatNNn5JRYe/25P9aQelF0ItMD0PEmf8rIHWMqbwnwQ8pVVdDhE6mwhDskBIw=="
+RUN echo "${SSH_KNOWN_HOSTS}" >> /etc/ssh/ssh_known_hosts
+# polling time in seconds; default 600
+ENV AUTOSSH_POLL=58
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/imags/ssh-proxy/entrypoint.sh b/imags/ssh-proxy/entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+autossh \
+  -M 0\
+  -oExitOnForwardFailure=yes \
+  "${@}" \
+   | grep -o '^[a-z0-9]*://[^\s]*\.link$' \
+   | sed -e 's#^[a-z0-9]*#\n  *** VNC VIEWER EXPOSED ***\nYou can now share access by sharing:\nhttps#' \
+    -e 's#$#/vnc.html\n#'
+
+
+
+#   | grep -o '^[a-z0-9]*://[^\s]*' | sed -e 's#^[a-z0-9]*#\n  You can now share a remote view or control (depending on server authentication) via sharing:\nhttps#' -e 's#$#/vnc.html\n#'
+# TODO: something with ssh tty to make capturing output work