💾 Archived View for midnight.pub › posts › 1240 captured on 2023-01-29 at 15:52:28. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Hi all, happy new year -- hope this one is better than the last (though I doubt it).
On that cheery note, I've upgraded all of my android sets to LineageOS version 20, based on Android 13. This seems to be the first android release that is reasonably up to date with the current mainline Linux kernel (6.x.x).
I've seen a flourish of activity on the xda-developer forums from hobbyists who are releasing LOS20 builds for really old outdated handsets. I'm secretly patting myself on the back for keeping these old mobiles, and I don't know why LOS18 and LOS19 weren't so popular, but LOS20 really seems to be getting ported onto everything and anything!
On another note, I've finally been able to make my home server publically reachable with a domain name. Previously I was stuck behinda DS-Lite stack, meaning that I get Ipv6 addresses and my ISP does some IP v6 → v4 conversion to let me access the internet. The Ip6 addresses I have for my devices also aren't stable, due to privacy reasons, so they change every now and then. What this meant was that if I wanted register my homeserver with Nextcloud to some domain, then I would need to get creative because domains need IPv4 addresses.
The solution came to me from the linked post below:
https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html
You find a machine with a public IP4 address that you have control over (e.g. a work machine), and then do reverse ssh to bind your private port 80 to a public port 3333, and then on this machine you have an nginx server that redirects all public 80 and 443 (https) traffic to your 3333 port, but only on the condition that requested address matches your registered domain. This has the main benefit that your work IT dept does not know you are hosting your home web server using their machines as proxy, unless they type in your exact domain name. Otherwise, they just get a disconnect.
#!/bin/bash
## ssh access to work address
PUBLIC_HOST="workuser@123.234.345.456"
# Local homeserver ports
ssh_local=22 ## Local ssh port
http_local=80 ## Local http port, not https
## Public proxy ports
ssh_remote=3066 ## public ssh
http_remote=3080 ## same as the nginx port on remote, will be overwritten if $detect_nginx is set
detect_nginx="yes"
## autossh monitor port
monitor_port=$(( $http_remote + 1 ))
while :; do
if [ "$detect_nginx" = "yes" ]; then
find_remote=$(ssh ${PUBLIC_HOST} 'grep -P "^\s+proxy.pass\s" /etc/nginx/nginx.conf | sed -r "s|.*localhost\:([0-9]+).*|\1|"' | xargs echo)
if [ "$find_remote" != "" ]; then
echo "Changing http_remote from $http_remote to $find_remote"
http_remote=$find_remote
fi
fi
## Then setup a persistent remote connection
/usr/bin/autossh \
-M ${monitor_port} \
-o "ServerAliveInterval 30" \
-o "ServerAliveCountMax 3" \
-o "GatewayPorts=true" \
-R ${ssh_remote}:localhost:${ssh_local} \
-R ${http_remote}:localhost:${http_local} \
${PUBLIC_HOST}
sleep 60
done
Then you can Let's Encrypt via certbot on your proxy machine, to register your domain to the proxy machine's address. If you don't want to do let'S encrypt on the proxy machine, then you can add "-R 443:localhost:443" to the above script to forward your HTTPS to your home machine where you can run certbot there.
It's been a fun few days!
I'm looking forward to updating my phone to LOS 20, probably this weekend.