foster/forgejo-docs
0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2024-11-24 18:09:26 -05:00
Code Issues Activity

contributor: infrastructure: forward ssh with nginx instead of nft

Browse source 
It simplifies the setup instructions and the skill requirements for
devops to use nginx to forward all ports instead of a mix of nftables
& nginx.

Also supports IPv6 and not just IPv4.
This commit is contained in:
Earl Warren 2024-09-10 10:28:24 +02:00 committed by Otto
parent 10dff2ee1a
commit 8fdbb80b11
1 changed files with 28 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
docs/contributor/infrastructure.md
View file

@ -100,6 +100,12 @@ When removing a configuration, the certificate can also be removed with:
sudo certbot delete --cert-name example.com sudo certbot delete --cert-name example.com
``` ```
Forwarding TCP streams (useful for ssh) requires installing the module:
```sh
sudo apt-get install libnginx-mod-stream
```
## Host wakeup-on-logs ## Host wakeup-on-logs
https://code.forgejo.org/infrastructure/wakeup-on-logs https://code.forgejo.org/infrastructure/wakeup-on-logs
@ -272,7 +278,7 @@ firefox http://private.forgejo.org
### Containers ### Containers
- `fogejo-host` - `forgejo-host`
Dedicated to http://private.forgejo.org Dedicated to http://private.forgejo.org
@ -287,7 +293,7 @@ firefox http://private.forgejo.org
docker logs -n 200 -f forgejo docker logs -n 200 -f forgejo
``` ```
- `fogejo-runner-host` - `forgejo-runner-host`
Has runners installed to run against private.forgejo.org Has runners installed to run against private.forgejo.org
@ -449,19 +455,26 @@ lxc-helpers.sh lxc_install_lxc_inside 10.41.13 fc29
- K8S enabled - K8S enabled
- K8S wakeup-on-logs script /etc/wakeup-on-logs/forgejo-v8 - K8S wakeup-on-logs script /etc/wakeup-on-logs/forgejo-v8
- [Values file](https://code.forgejo.org/infrastructure/k8s/src/branch/main/forgejo-v8/values.yml) - [Values file](https://code.forgejo.org/infrastructure/k8s/src/branch/main/forgejo-v8/values.yml)
- `/home/debian/v8.nftables` - nginx forwarding of SSH streams in `/etc/nginx/modules-enabled/next.forgejo.org.conf`
``` ```
add table ip v8; stream {
flush table ip v8;
add chain ip v8 prerouting { # v8 ip's
type nat hook prerouting priority 0; upstream v8 {
policy accept; least_conn;
dnat ip addr . port to tcp dport map { 2080 : 10.41.13.27 . 2222 }; server 10.41.13.27:2222;
}; }
```
- Add to `iface enp4s0 inet static` in `/etc/network/interfaces` # v8 definition
``` server {
up nft -f /home/debian/v8.nftables listen 2080; # the port to listen on this server
listen [::]:2080;
proxy_pass v8; # forward traffic to this upstream group
proxy_timeout 3s;
proxy_connect_timeout 3s;
}
}
``` ```
- `forgefriends-forum` (hetzner04) - `forgefriends-forum` (hetzner04)
@ -576,7 +589,7 @@ with `nft -f /root/code.nftables`.
#### Containers #### Containers
- `fogejo-code` on hetzner02 - `forgejo-code` on hetzner02
Dedicated to https://code.forgejo.org Dedicated to https://code.forgejo.org