Not an issue, but I wasn’t sure where to post this tip: And, yes, I am aware that you may then want to protect your ZeroNet install(!)
Here is a typical configuration:
- Host machine runs haproxy
- ZeroNet in a Docker or OpenVZ container
1-Make the main UI available to the world:
In the container:
python zeronet.py --ui_ip 0.0.0.0
On the host, you need to configure this container’s IP in haproxy – for instance, edit haproxy.conf:
frontend http_in
acl host_zeronet hdr(host) -i zeronet.example.com
use_backend be_zeronet if host_zeronet
backend be_zeronet
balance lastconn
option httpclose
server pub_zeronet :43110 cookie pub_zeronet check
Restart haproxy.
2-Make the file server available: I would recommend using NAT to avoid any surprise. In /etc/../iptables:
nat:
# we will nat incoming packets on port 15441
-A PREROUTING -i eth0 -p tcp -m tcp --dport 15441 -j DNAT --to-destination <container ip>:15441
-A PREROUTING -i eth0 -p udp -m udp --dport 15441 -j DNAT --to-destination <container ip>:15441
filter:
# host forwards incoming container packets
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s <container network>/24 -i <bridge interface> -j ACCEPT
# host
accepts incoming container packets to its own services
-A INPUT -s <container network>/24 -i <bridge interface> -j ACCEPT
Cleanup your iptables configuration then
iptable-restore < etc/../iptable
And you’re good to go! (in theory)
Comments powered by Talkyard.