update draft post
This commit is contained in:
parent
6b7df50ec9
commit
2587a61d06
GPG key ID:
BC9D6AE1A3BE169A
2 changed files with 50 additions and 4 deletions
|
|
@ -2,7 +2,7 @@
|
|||
title: MMDVM hotspot on Archlinux
|
||||
summary: I wrote down the installation of a forked DStarGateway with a slim
|
||||
dashboard based on Javascript on a Raspberry Pi 2.
|
||||
date: 2024-01-28T23:12:00+0100
|
||||
date: 2024-01-29T09:41:00+0100
|
||||
#lastmod:
|
||||
categories:
|
||||
- amateur-radio
|
||||
|
|
@ -298,6 +298,35 @@ to have the possibility to only serve the pages via plain old HTTP
|
|||
(without SSL/TLS) because I run most of my pages through a reverse-proxy
|
||||
that takes care of all the certification.
|
||||
|
||||
If you don't need to use HTTPS you may find this patch interesting:
|
||||
|
||||
~~~patch
|
||||
diff --git a/index.js b/index.js
|
||||
index 0c71092..502933e 100644
|
||||
--- a/index.js
|
||||
+++ b/index.js
|
||||
@@ -1,4 +1,4 @@
|
||||
-const https = require("https");
|
||||
+const http = require("http");
|
||||
const fs = require("fs");
|
||||
const ini = require("ini");
|
||||
const lineReader = require('line-reader');
|
||||
@@ -32,12 +32,8 @@ updatelinks();
|
||||
|
||||
let serverPort = inifile.config.port;
|
||||
|
||||
-const server = https
|
||||
+const server = http
|
||||
.createServer(
|
||||
- {
|
||||
- key: fs.readFileSync("key.pem"),
|
||||
- cert: fs.readFileSync("cert.pem"),
|
||||
- },
|
||||
app
|
||||
)
|
||||
.listen(serverPort, ()=>{
|
||||
~~~
|
||||
|
||||
Next we will modify the `dashboard.ini` file because we will change the
|
||||
port from 443 to 8443. Why? Because[^1]!
|
||||
|
||||
|
|
@ -313,11 +342,28 @@ This might be confusing now, the host above does not listen to port 8443 because
|
|||
there is a reverse-proxy in-between (and actually a firewall/router too).
|
||||
{{< /alert >}}
|
||||
|
||||
This configuration is now as slim as I could make, removing encryption on the dashboard
|
||||
made it even better in terms of performance and maintainability as we don't have to
|
||||
worry about our certificates on this host and no direct port-forwarding to this host
|
||||
has been made -- but our dashboard can still be accesses from the internet in encrypted
|
||||
form.
|
||||
|
||||
The actual path of this host and how it will be routed:
|
||||
|
||||
~~~plain
|
||||
User (internet) ⇒ router:443 (hotspot.oe7drt.net) ⇒ reverse-proxy:443 (internal-server.lan) ⇒ hotspot:8443 (internal-raspi.lan)
|
||||
~~~
|
||||
{{< mermaid >}}
|
||||
%%{init: {"flowchart": {"htmlLabels": false}} }%%
|
||||
graph LR;
|
||||
A([Internet user]):::usr -- "`**HTTPS**`" -->B["`router/firewall
|
||||
_hotspot.oe7drt.net_`"]:::fw;
|
||||
B-- "`**HTTPS**`" -->C["`reverse-proxy
|
||||
_proxy.lan_`"]:::rev;
|
||||
C-- "`**HTTP**`" -->D["`hotspot dashboard
|
||||
_hotspot.lan_`"]:::dash;
|
||||
classDef usr stroke:#faa
|
||||
classDef fw stroke:#f55
|
||||
classDef rev stroke:#9f9
|
||||
classDef dash stroke:#0f0
|
||||
{{< /mermaid >}}
|
||||
|
||||
We will disable the shell for the _dashboard_ user because we normally
|
||||
won't have to login as _dashboard_ user again.
|
||||
Loading…
Reference in a new issue