|
|
|
|
@ -2,7 +2,7 @@
|
|
|
|
|
title: MMDVM hotspot on Archlinux
|
|
|
|
|
summary: I wrote down the installation of a forked DStarGateway with a slim
|
|
|
|
|
dashboard based on Javascript on a Raspberry Pi 2.
|
|
|
|
|
date: 2024-01-28T23:12:00+0100
|
|
|
|
|
date: 2024-01-29T09:41:00+0100
|
|
|
|
|
#lastmod:
|
|
|
|
|
categories:
|
|
|
|
|
- amateur-radio
|
|
|
|
|
@ -298,6 +298,35 @@ to have the possibility to only serve the pages via plain old HTTP
|
|
|
|
|
(without SSL/TLS) because I run most of my pages through a reverse-proxy
|
|
|
|
|
that takes care of all the certification.
|
|
|
|
|
|
|
|
|
|
If you don't need to use HTTPS you may find this patch interesting:
|
|
|
|
|
|
|
|
|
|
~~~patch
|
|
|
|
|
diff --git a/index.js b/index.js
|
|
|
|
|
index 0c71092..502933e 100644
|
|
|
|
|
--- a/index.js
|
|
|
|
|
+++ b/index.js
|
|
|
|
|
@@ -1,4 +1,4 @@
|
|
|
|
|
-const https = require("https");
|
|
|
|
|
+const http = require("http");
|
|
|
|
|
const fs = require("fs");
|
|
|
|
|
const ini = require("ini");
|
|
|
|
|
const lineReader = require('line-reader');
|
|
|
|
|
@@ -32,12 +32,8 @@ updatelinks();
|
|
|
|
|
|
|
|
|
|
let serverPort = inifile.config.port;
|
|
|
|
|
|
|
|
|
|
-const server = https
|
|
|
|
|
+const server = http
|
|
|
|
|
.createServer(
|
|
|
|
|
- {
|
|
|
|
|
- key: fs.readFileSync("key.pem"),
|
|
|
|
|
- cert: fs.readFileSync("cert.pem"),
|
|
|
|
|
- },
|
|
|
|
|
app
|
|
|
|
|
)
|
|
|
|
|
.listen(serverPort, ()=>{
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
|
Next we will modify the `dashboard.ini` file because we will change the
|
|
|
|
|
port from 443 to 8443. Why? Because[^1]!
|
|
|
|
|
|
|
|
|
|
@ -313,11 +342,28 @@ This might be confusing now, the host above does not listen to port 8443 because
|
|
|
|
|
there is a reverse-proxy in-between (and actually a firewall/router too).
|
|
|
|
|
{{< /alert >}}
|
|
|
|
|
|
|
|
|
|
This configuration is now as slim as I could make, removing encryption on the dashboard
|
|
|
|
|
made it even better in terms of performance and maintainability as we don't have to
|
|
|
|
|
worry about our certificates on this host and no direct port-forwarding to this host
|
|
|
|
|
has been made -- but our dashboard can still be accesses from the internet in encrypted
|
|
|
|
|
form.
|
|
|
|
|
|
|
|
|
|
The actual path of this host and how it will be routed:
|
|
|
|
|
|
|
|
|
|
~~~plain
|
|
|
|
|
User (internet) ⇒ router:443 (hotspot.oe7drt.net) ⇒ reverse-proxy:443 (internal-server.lan) ⇒ hotspot:8443 (internal-raspi.lan)
|
|
|
|
|
~~~
|
|
|
|
|
{{< mermaid >}}
|
|
|
|
|
%%{init: {"flowchart": {"htmlLabels": false}} }%%
|
|
|
|
|
graph LR;
|
|
|
|
|
A([Internet user]):::usr -- "`**HTTPS**`" -->B["`router/firewall
|
|
|
|
|
_hotspot.oe7drt.net_`"]:::fw;
|
|
|
|
|
B-- "`**HTTPS**`" -->C["`reverse-proxy
|
|
|
|
|
_proxy.lan_`"]:::rev;
|
|
|
|
|
C-- "`**HTTP**`" -->D["`hotspot dashboard
|
|
|
|
|
_hotspot.lan_`"]:::dash;
|
|
|
|
|
classDef usr stroke:#faa
|
|
|
|
|
classDef fw stroke:#f55
|
|
|
|
|
classDef rev stroke:#9f9
|
|
|
|
|
classDef dash stroke:#0f0
|
|
|
|
|
{{< /mermaid >}}
|
|
|
|
|
|
|
|
|
|
We will disable the shell for the _dashboard_ user because we normally
|
|
|
|
|
won't have to login as _dashboard_ user again.
|
