From 318362cc25364eba2bc722df5f3d09d26ad889a6 Mon Sep 17 00:00:00 2001 From: Will Boyce Date: Mon, 5 Nov 2018 23:15:04 +0000 Subject: [PATCH 1/3] haproxy: Proxy port 3128 to vpn service Change-type: minor Signed-off-by: Will Boyce --- compose/services.yml | 1 + haproxy/haproxy.cfg | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/compose/services.yml b/compose/services.yml index f76b2fb..5965a28 100644 --- a/compose/services.yml +++ b/compose/services.yml @@ -144,6 +144,7 @@ services: - "80:80" - "222:222" - "443:443" + - "3128:3128" - "5432:5432" - "6379:6379" networks: diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index ff2af6a..b33137e 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -103,3 +103,8 @@ frontend redis backend backend_redis mode tcp server resin_redis_1 redis:6379 check port 6379 + +listen vpn-tunnel + mode tcp + bind *:3128 + server balena_vpn vpn:3128 check port 3128 From a50910ca83b59b2da7712ecf1803e56f377baae3 Mon Sep 17 00:00:00 2001 From: Will Boyce Date: Mon, 5 Nov 2018 23:38:14 +0000 Subject: [PATCH 2/3] api: Pass full VPN CA chain to `os-config` Change-type: patch Signed-off-by: Will Boyce --- compose/services.yml | 2 +- scripts/make-env | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/compose/services.yml b/compose/services.yml index 5965a28..e06774b 100644 --- a/compose/services.yml +++ b/compose/services.yml @@ -26,7 +26,7 @@ services: DB_USER: docker DELTA_HOST: delta.${OPENBALENA_HOST_NAME} DEVICE_CONFIG_OPENVPN_CONFIG: ${OPENBALENA_VPN_CONFIG} - DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA} + DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN} DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS} HOST: api.${OPENBALENA_HOST_NAME} IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME} diff --git a/scripts/make-env b/scripts/make-env index 53bd4a4..55cce30 100755 --- a/scripts/make-env +++ b/scripts/make-env @@ -76,6 +76,7 @@ export OPENBALENA_TOKEN_AUTH_PUB=$(b64encode "$JWT_CRT") export OPENBALENA_TOKEN_AUTH_KEY=$(b64encode "$JWT_KEY") export OPENBALENA_TOKEN_AUTH_KID=$(b64encode "$JWT_KID") export OPENBALENA_VPN_CA=$(b64encode "$VPN_CA") +export OPENBALENA_VPN_CA_CHAIN=$(b64encode "$ROOT_CA" "$VPN_CA") export OPENBALENA_VPN_CONFIG=$VPN_CONFIG export OPENBALENA_VPN_SERVER_CRT=$(b64encode "$VPN_CRT") export OPENBALENA_VPN_SERVER_KEY=$(b64encode "$VPN_KEY") From ed077b57222e978ec224fa1ad560c9f32624942c Mon Sep 17 00:00:00 2001 From: Will Boyce Date: Mon, 5 Nov 2018 23:16:25 +0000 Subject: [PATCH 3/3] vagrant: Change into open-balena directory automatically Change-type: patch Signed-off-by: Will Boyce --- Vagrantfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index d1ff12b..440d869 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -25,4 +25,7 @@ Vagrant.configure('2') do |config| config.vm.provision :shell, privileged: false, inline: "cd /home/vagrant/open-balena && ./scripts/quickstart -p -d #{ENV.fetch('OPENBALENA_DOMAIN', 'openbalena.local')}" + + config.vm.provision :shell, privileged: false, + inline: "echo 'cd ~/open-balena' >> ~/.bashrc" end