Skip to content

Instantly share code, notes, and snippets.

@elisescu
Last active February 20, 2021 16:03
Show Gist options
  • Save elisescu/d945ba2460f15190b6faff757ed49d37 to your computer and use it in GitHub Desktop.
Save elisescu/d945ba2460f15190b6faff757ed49d37 to your computer and use it in GitHub Desktop.
temp-tty-server-config

Nginx config

My nginx config. I honestly don't remember the details of all parts of the config, but I do remember having to do something explicit about the websockets connections, which initially were not allowed by the proxy. I should update the documentation of the repo one day, when I will get some time :).

nginx config for the web/browser side (http+websockets connection)

http {
    upstream tty-server {
        server localhost:8010;
        keepalive 12; # number of connections to keep alive even if idle, if they are opened
    }
    
    server {
        listen 443 ssl;
        server_name go.tty-share.com;
        access_log /var/log/nginx/tty-share.access.log proxy_log_format;

        # https://stackoverflow.com/questions/19769072/nginx-times-out-exactly-after-60-seconds?rq=1
        # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
        proxy_send_timeout 1600;
        proxy_read_timeout 1600;

        ########### tty-server application
        # the /s/, /ws/ and /static/ locations - all used by the actual tty-server.
        location / {
            proxy_pass http://tty-server;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }

        ssl_certificate /etc/letsencrypt/live/go.tty-share.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/go.tty-share.com/privkey.pem;
    }
}

nginx config for the tty-share command line client (TLS connection)

stream {
    # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
    # the tty-server tcp connection ssl proxy
    server {
        listen 7654 ssl so_keepalive=30m::10;
        proxy_pass localhost:6543;
        ssl_certificate /etc/letsencrypt/live/go.tty-share.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/go.tty-share.com/privkey.pem;
    }
}

It basically makes the proxy to accept encrypted TCP connections (TLS) on that 7654 port, and forward those to the localhost:6543, where my docker container runs. It terminates the TLS connection there, at the proxy, so the connection to the docker container will be plain TCP.

Docker container

It simply runs this command, and nothing else:

tty-server --sender_address :6543 --web_address :8010 -url https://go.tty-share.com

Dockerfile:

FROM ubuntu:16.04

EXPOSE 6543 8010

CMD /data/tty-server --sender_address :6543 --web_address :8010 -url https://go.tty-share.com

and I run it with:

docker build --tag tty-server .
docker run -v /data/tty-server:/data/ -p 6543:6543 -p 8010:8010 --restart unless-stopped -d --name tty-server  tty-server

Roughly, what it does, is:

  • expect the command line client (tty-share) connections on the port 6543. no TLS (server doesn't support TLS yet, as I was initially relying on the proxies TLS support anyways)
  • these connections are TLS terminated by the proxy, received on 7654 and forwarded on 6543
  • use go.tty-share.com as the URL to give the user, via the tty-share cmd line (the url printed when the command starts)
  • expect the http+websockets connections on 8010 port, these connections being forwarded by the proxy initial set of configs. Remember, the proxy has to allow websockets.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment