wmantly/vpn-p2p
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
William Mantly
2019-12-22 14:42:35 -05:00
parent e81fd45373
commit fb71dc1dea
6 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nodejs/LICENSE
View File

@ -1,9 +0,0 @@
MIT License
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

156
nodejs/README.md
View File

@ -1,156 +0,0 @@
# proxy
## API docs
[API docs](api.md)
## Server set up
The server requires:
* NodeJS 8.x
* open ssh server(any modern version will do)
* inbound Internet access
* OpenResty
* redis
* lua rocks
This has been tested on ubuntu 16.04, but should work on any modern Linux distro. It used the Linux users for its user management, so this will **ONLY** work on Linux, no macOS, BSD or Windows.
The steps below are for a new ubuntu server, they should be mostly the same for other distros, but the paths and availability of packages may vary. A dedicated server is highly recommended (since it will make ever user a system user), a VPS like Digital Ocean will do just fine.
* Install other
These packages are needed for the PAM node package
```bash
apt install libpam0g-dev build-essential
```
* Install open ssh server
```bash
apt install ssh
```
* Install openresty
[OpenResty® Linux Packages](https://openresty.org/en/linux-packages.html)
* Install redis
```bash
apt install redis-server
```
* install lua plugin
```bash
apt install luarocks
sudo luarocks install lua-resty-auto-ssl
```
* Configure sshd for tunneling
* openresty config
Set up fail back SSL certs
```bash
mkdir /etc/ssl/
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
openssl dhparam -out /etc/nginx/dhparam.pem 4096
```
change the `/etc/openresty/nginx.conf to have this config`
```
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 4g;
lua_shared_dict auto_ssl 100m;
lua_shared_dict auto_ssl_settings 64k;
resolver 8.8.4.4 8.8.8.8;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include sites-enabled/*;
}
```
add the SSL config file `/etc/openresty/autossl.conf`, contents from here https://github.com/theta42/t42-common/blob/master/templates/openresty/autossl.conf.erb
Add the proxy config `/etc/openresty/sites-enabled/000-proxy` contents from here https://github.com/theta42/t42-common/blob/master/templates/openresty/010-proxy.conf.erb
## ref
https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
https://github.com/GUI/lua-resty-auto-ssl

25
nodejs/app.js
View File

@ -2,31 +2,45 @@
const path = require('path');
const ejs = require('ejs')
const express = require('express');
const app = express();
const middleware = require('./middleware/auth');
// Set up the express app.
const app = express();
// load the JSON parser middleware. Express will parse JSON into native objects
// for any request that has JSON in its content type.
app.use(express.json());
// Set up the templating engine to build HTML for the front end.
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
// Have express server static content( images, CSS, browser JS) from the public
// local folder.
app.use('/static', express.static(path.join(__dirname, 'public')))
// Routes for front end content.
app.use('/', require('./routes/index'));
// API routes for authentication.
app.use('/api/auth', require('./routes/auth'));
// API routes for working with users. All endpoints need to be have valid user.
app.use('/api/users', middleware.auth, require('./routes/users'));
// API routes for working with hosts. All endpoints need to be have valid user.
app.use('/api/hosts', middleware.auth, require('./routes/hosts'));
// catch 404 and forward to error handler
// Catch 404 and forward to error handler. If none of the above routes are
// used, this is what will be called.
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);
});
// error handler
// Error handler. This is where `next()` will go on error
app.use(function(err, req, res, next) {
console.error(err.status || res.status, err.name, req.method, req.url);
console.error(err.message);
@ -37,4 +51,5 @@ app.use(function(err, req, res, next) {
res.json({name: err.name, message: err.message});
});
// Allow the express app to be exported into other files.
module.exports = app;

18
nodejs/models/hosts.js
View File

@ -1,7 +1,7 @@
'use strict';
const {promisify} = require('util');
const client = require('../redis');
const client = require('../utils/redis');
const {processKeys, ObjectValidateError} = require('../utils/object_validate');
const hostKeysMap = {
@ -89,21 +89,33 @@ async function add(data, edit){
async function edit(data, host){
try{
// Get the current host and trow a 404 if it doesnt exist.
let hostData = await getInfo({host});
// Check to see if host name changed
if(data.host && data.host !== host){
// Merge the current data into with the updated data
data = Object.assign({}, hostData, data);
if(await add('hosts', hostData)) await remove({host});
// Create a new record for the updated host. If that succeeds,
// delete the old recored
if(await add(hostData)) await remove({host});
}else{
// Update what ever fields that where passed.
// Validate the passed data, ignoring required fields.
data = processKeys(hostKeysMap, data, true);
// console.log('host edit data', data);
// Loop over the data fields and apply them to redis
for(let key of Object.keys(data)){
await client.HSET('host_' + host, key, data[key]);
}
}
} catch(error){
// Pass any error to the calling function
throw error;
}
}

0
nodejs/ssh-keygen
View File

0
nodejs/redis.js → nodejs/utils/redis.js
View File