From 2587a61d065bf3225002310fd175206148a0efc6 Mon Sep 17 00:00:00 2001 From: Dominic Reich Date: Mon, 29 Jan 2024 09:41:11 +0100 Subject: [PATCH] update draft post --- .../index.md | 54 +++++++++++++++++-- .../setup_console.jpg | 0 2 files changed, 50 insertions(+), 4 deletions(-) rename content/posts/2024/{mmdvm-hotspot-on-archlinux => 62-mmdvm-hotspot-on-archlinux}/index.md (86%) rename content/posts/2024/{mmdvm-hotspot-on-archlinux => 62-mmdvm-hotspot-on-archlinux}/setup_console.jpg (100%) diff --git a/content/posts/2024/mmdvm-hotspot-on-archlinux/index.md b/content/posts/2024/62-mmdvm-hotspot-on-archlinux/index.md similarity index 86% rename from content/posts/2024/mmdvm-hotspot-on-archlinux/index.md rename to content/posts/2024/62-mmdvm-hotspot-on-archlinux/index.md index 376695f..1eedf97 100644 --- a/content/posts/2024/mmdvm-hotspot-on-archlinux/index.md +++ b/content/posts/2024/62-mmdvm-hotspot-on-archlinux/index.md @@ -2,7 +2,7 @@ title: MMDVM hotspot on Archlinux summary: I wrote down the installation of a forked DStarGateway with a slim dashboard based on Javascript on a Raspberry Pi 2. -date: 2024-01-28T23:12:00+0100 +date: 2024-01-29T09:41:00+0100 #lastmod: categories: - amateur-radio @@ -298,6 +298,35 @@ to have the possibility to only serve the pages via plain old HTTP (without SSL/TLS) because I run most of my pages through a reverse-proxy that takes care of all the certification. +If you don't need to use HTTPS you may find this patch interesting: + +~~~patch +diff --git a/index.js b/index.js +index 0c71092..502933e 100644 +--- a/index.js ++++ b/index.js +@@ -1,4 +1,4 @@ +-const https = require("https"); ++const http = require("http"); + const fs = require("fs"); + const ini = require("ini"); + const lineReader = require('line-reader'); +@@ -32,12 +32,8 @@ updatelinks(); + + let serverPort = inifile.config.port; + +-const server = https ++const server = http + .createServer( +- { +- key: fs.readFileSync("key.pem"), +- cert: fs.readFileSync("cert.pem"), +- }, + app + ) + .listen(serverPort, ()=>{ +~~~ + Next we will modify the `dashboard.ini` file because we will change the port from 443 to 8443. Why? Because[^1]! @@ -313,11 +342,28 @@ This might be confusing now, the host above does not listen to port 8443 because there is a reverse-proxy in-between (and actually a firewall/router too). {{< /alert >}} +This configuration is now as slim as I could make, removing encryption on the dashboard +made it even better in terms of performance and maintainability as we don't have to +worry about our certificates on this host and no direct port-forwarding to this host +has been made -- but our dashboard can still be accesses from the internet in encrypted +form. + The actual path of this host and how it will be routed: -~~~plain -User (internet) ⇒ router:443 (hotspot.oe7drt.net) ⇒ reverse-proxy:443 (internal-server.lan) ⇒ hotspot:8443 (internal-raspi.lan) -~~~ +{{< mermaid >}} +%%{init: {"flowchart": {"htmlLabels": false}} }%% +graph LR; +A([Internet user]):::usr -- "`**HTTPS**`" -->B["`router/firewall +_hotspot.oe7drt.net_`"]:::fw; +B-- "`**HTTPS**`" -->C["`reverse-proxy +_proxy.lan_`"]:::rev; +C-- "`**HTTP**`" -->D["`hotspot dashboard +_hotspot.lan_`"]:::dash; +classDef usr stroke:#faa +classDef fw stroke:#f55 +classDef rev stroke:#9f9 +classDef dash stroke:#0f0 +{{< /mermaid >}} We will disable the shell for the _dashboard_ user because we normally won't have to login as _dashboard_ user again. diff --git a/content/posts/2024/mmdvm-hotspot-on-archlinux/setup_console.jpg b/content/posts/2024/62-mmdvm-hotspot-on-archlinux/setup_console.jpg similarity index 100% rename from content/posts/2024/mmdvm-hotspot-on-archlinux/setup_console.jpg rename to content/posts/2024/62-mmdvm-hotspot-on-archlinux/setup_console.jpg