TLS proxy in im.deuxfleurs.fr for Android 7 #17
12 changed files with 68 additions and 20 deletions
|
@ -13,7 +13,7 @@ job "core-diplonat" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "lxpz/amd64_diplonat:6"
|
image = "lxpz/amd64_diplonat:7"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
privileged = true
|
privileged = true
|
||||||
|
|
|
@ -44,7 +44,7 @@ job "garage" {
|
||||||
template {
|
template {
|
||||||
data = file("../config/garage.toml")
|
data = file("../config/garage.toml")
|
||||||
destination = "secrets/garage.toml"
|
destination = "secrets/garage.toml"
|
||||||
change_mode = "noop"
|
#change_mode = "noop"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
|
|
@ -106,6 +106,18 @@
|
||||||
baptiste = [
|
baptiste = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGkJZZrHIUp9q0DXmVLLuhCIe7Vu1J3j6dJ1z1BglqX7yOLdFQ6LhHXx65aND/KCOM1815tJSnaAyKWEj9qJ31RVUoRl42yBn54DvQumamJUaXAHqJrXhjwxfUkF9B73ZSUzHGADlQnxcBkmrjC5FkrpC/s4xr0o7/GIBkBdtZhX9YpxBfpH6wEcCruTOlm92E3HvvjpBb/wHsoxL1f2czvWe69021gqWEYRFjqtBwP36NYZnGOJZ0RrlP3wUrGCSHxOKW+2Su+tM6g07KPJn5l1wNJiOcyBQ0/Sv7ptCJ9+rTQNeVBMoXshaucYP/bKJbqH7dONrYDgz59C4+Kax"
|
||||||
];
|
];
|
||||||
|
aeddis = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
|
||||||
|
];
|
||||||
|
boris = [
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
|
||||||
|
];
|
||||||
|
vincent = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# For Garage external communication
|
# For Garage external communication
|
||||||
|
|
|
@ -22,7 +22,7 @@ job "core-diplonat" {
|
||||||
"#iptables",
|
"#iptables",
|
||||||
"#bash",
|
"#bash",
|
||||||
"#coreutils",
|
"#coreutils",
|
||||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=05872634a42bf0aef3ab0a2760e2be4590bc8b73"
|
"git+https://git.deuxfleurs.fr/Deuxfleurs/diplonat.git?ref=main&rev=843104dad73bfdebb674d3c3ec82af225c20c493"
|
||||||
]
|
]
|
||||||
command = "diplonat"
|
command = "diplonat"
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,6 +82,7 @@ EOH
|
||||||
name = "tricot-http"
|
name = "tricot-http"
|
||||||
port = "http_port"
|
port = "http_port"
|
||||||
tags = [
|
tags = [
|
||||||
|
"d53-aaaa ${attr.unique.hostname}.machine.staging.deuxfleurs.org",
|
||||||
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
|
"d53-aaaa ${meta.site}.site.staging.deuxfleurs.org",
|
||||||
"d53-aaaa staging.deuxfleurs.org",
|
"d53-aaaa staging.deuxfleurs.org",
|
||||||
"(diplonat (tcp_port 80))"
|
"(diplonat (tcp_port 80))"
|
||||||
|
|
|
@ -26,8 +26,8 @@ job "garage-staging" {
|
||||||
packages = [
|
packages = [
|
||||||
"#bash", # so that we can enter a shell inside container
|
"#bash", # so that we can enter a shell inside container
|
||||||
"#coreutils",
|
"#coreutils",
|
||||||
# garage v0.9.0
|
# garage v0.9.1-rc
|
||||||
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=952c9570c494468643353ee1ae9052b510353665",
|
"git+https://git.deuxfleurs.fr/Deuxfleurs/garage.git?ref=main&rev=9cfeea389a1274d4d3c1f4b7072b0c056af410ef",
|
||||||
]
|
]
|
||||||
command = "garage"
|
command = "garage"
|
||||||
args = [ "server" ]
|
args = [ "server" ]
|
||||||
|
|
|
@ -192,8 +192,8 @@ EOH
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 200
|
memory = 500
|
||||||
memory_max = 200
|
memory_max = 500
|
||||||
cpu = 100
|
cpu = 100
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,6 +79,18 @@
|
||||||
armael = [
|
armael = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOoPghSM72AVp1zATgQzeLkuoGuP9uUTTAtwliyWoix"
|
||||||
];
|
];
|
||||||
|
aeddis = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILoFf9fMYwLOpmiXKgn4Rs99YCj94SU1V0gwGXR5N4Md"
|
||||||
|
];
|
||||||
|
boris = [
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPts/36UvMCFcx3anSMV8bQKGel4c4wCsdhDGWHzZHgg07DxMt+Wk9uv0hWkqLojkUbCl/bI5siftiEv6En0mHw="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJaD6flgTLkKimMB1qukiLKLVqsN+gizgajETjTwbscXEP2Fajmqy+90v1eXTDcGivmTyi8wOqkJ0s4D7dWP7Ck="
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEIZKA/SIicXq7HPFJfumrMc1iARqA1TQWWuWLrguOlKgFPBVym/IVjtYGAQ/Xtv4wU9Ak0s+t9UKpQ/K38kVe0="
|
||||||
|
];
|
||||||
|
vincent = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEve02acr522psrPxeElkwIPw2pc6QWtsUVZoaigqwZZ"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/h+rxR2o+vN0hUWQPdpO7YY9aaKxO3ZRnUh9QiKBE7"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# For Garage ipv6 communication
|
# For Garage ipv6 communication
|
||||||
|
|
|
@ -11,3 +11,5 @@ df-pw5.machine.deuxfleurs.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/dJIxioCkfeeh
|
||||||
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
10.14.3.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||||
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
192.168.1.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||||
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
2a01:cb05:911e:ec00:223:24ff:feb0:ea82 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnpO6zpLWsyyugOoOj+2bUow9TUrcWgURFGGaoyu+co
|
||||||
|
carcajou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
|
||||||
|
caribou.machine.staging.deuxfleurs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtsVFIoIu6tnYrzlcCbBiQXxNkFSWVMhMznUuSxGZ22
|
||||||
|
|
|
@ -1,18 +1,24 @@
|
||||||
UserKnownHostsFile ./cluster/staging/known_hosts
|
UserKnownHostsFile ./cluster/staging/known_hosts
|
||||||
|
|
||||||
Host caribou
|
Host caribou
|
||||||
HostName caribou.machine.deuxfleurs.fr
|
#HostName caribou.machine.deuxfleurs.fr
|
||||||
|
HostName caribou.machine.staging.deuxfleurs.org
|
||||||
|
|
||||||
Host carcajou
|
Host carcajou
|
||||||
HostName carcajou.machine.deuxfleurs.fr
|
#HostName carcajou.machine.deuxfleurs.fr
|
||||||
|
HostName carcajou.machine.staging.deuxfleurs.org
|
||||||
|
|
||||||
Host origan
|
Host origan
|
||||||
HostName origan.df.trinity.fr.eu.org
|
#HostName origan.df.trinity.fr.eu.org
|
||||||
|
HostName origan.machine.staging.deuxfleurs.org
|
||||||
|
|
||||||
Host piranha
|
Host piranha
|
||||||
ProxyJump carcajou.machine.deuxfleurs.fr
|
|
||||||
HostName 10.14.3.1
|
|
||||||
#HostName piranha.polyno.me
|
#HostName piranha.polyno.me
|
||||||
|
#OR
|
||||||
|
#ProxyJump carcajou.machine.deuxfleurs.fr
|
||||||
|
#HostName 10.14.3.1
|
||||||
|
HostName piranha.machine.staging.deuxfleurs.org
|
||||||
|
|
||||||
Host df-pw5
|
Host df-pw5
|
||||||
HostName df-pw5.machine.deuxfleurs.fr
|
#HostName df-pw5.machine.deuxfleurs.fr
|
||||||
|
HostName df-pw5.machine.staging.deuxfleurs.org
|
||||||
|
|
|
@ -17,12 +17,26 @@ Basically:
|
||||||
Edit your `~/.ssh/config` file with content such as the following:
|
Edit your `~/.ssh/config` file with content such as the following:
|
||||||
|
|
||||||
```
|
```
|
||||||
Host dahlia
|
# Deuxfleurs prod
|
||||||
HostName dahlia.machine.deuxfleurs.fr
|
Host abricot ananas concombre celeri courgette df-ykl df-ymf df-ymk
|
||||||
|
HostName %h.machine.deuxfleurs.fr
|
||||||
|
IdentityFile ~/.ssh/deuxfleurs_ed25519
|
||||||
|
User adrien
|
||||||
LocalForward 14646 127.0.0.1:4646
|
LocalForward 14646 127.0.0.1:4646
|
||||||
LocalForward 8501 127.0.0.1:8501
|
LocalForward 8501 127.0.0.1:8501
|
||||||
LocalForward 1389 bottin.service.prod.consul:389
|
LocalForward 1389 bottin.service.prod.consul:389
|
||||||
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
||||||
|
|
||||||
|
# Deuxfleurs staging
|
||||||
|
Host piranha df-pw5 # et autres
|
||||||
|
HostName %h.machine.deuxfleurs.fr
|
||||||
|
IdentityFile ~/.ssh/deuxfleurs_ed25519
|
||||||
|
User adrien
|
||||||
|
LocalForward 14646 127.0.0.1:4646
|
||||||
|
LocalForward 8501 127.0.0.1:8501
|
||||||
|
LocalForward 1389 bottin.service.prod.consul:389
|
||||||
|
LocalForward 5432 psql-proxy.service.prod.consul:5432
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Then run the TLS proxy and leave it running:
|
Then run the TLS proxy and leave it running:
|
||||||
|
|
3
tlsproxy
3
tlsproxy
|
@ -17,7 +17,8 @@ PREFIX="deuxfleurs/cluster/$CLUSTER"
|
||||||
|
|
||||||
# Do actual stuff
|
# Do actual stuff
|
||||||
|
|
||||||
YEAR=$(date +%Y)
|
#YEAR=$(date +%Y)
|
||||||
|
YEAR=2023
|
||||||
|
|
||||||
CERTDIR=$(mktemp -d)
|
CERTDIR=$(mktemp -d)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue