Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloud bastion #2

Merged
merged 4 commits into from
Oct 16, 2018
Merged

Cloud bastion #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cd70e3e
Modified README, hw-files
Kirill-Garbar Oct 16, 2018
c18e750
Modified README, hw-files
Kirill-Garbar Oct 16, 2018
11d1366
fixed README
Kirill-Garbar Oct 16, 2018
156fd82
fixed README
Kirill-Garbar Oct 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 40 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,40 @@
# Kirill-Garbar_infra
Kirill-Garbar Infra repository
# Выполнено ДЗ №

- [X] Основное ДЗ
- [X] Задание со *

## В процессе сделано:
- Созданы две ВМ. Одна с внутренним. Одна с внешним и внутренним IP - пограничный сервер.
- Проработаны несколько вариантов подключения через proxy по SSH
- Проработан метод создания алиасов для SSH.
- Проработана подключение по SSH keys.
- Развёрнут по инструкции OpenVPN с надстройкой pritunl. Настроено использование с let's encrypt и сервисом sslip.io.

## Подключение к someinternalhost в одну команду. Три способа.
- ssh -o ProxyCommand="ssh -i ~/.ssh/appuser [email protected] nc %h %p" [email protected]
- ssh -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/appuser [email protected]" [email protected]
- ssh -tt -i ~/.ssh/appuser -A [email protected] ssh -tt 10.156.0.2

## Вариант решения для подключения командой ssh someinternalhost.
Добавить Host в файл config в директории .ssh.
```
Host someinternalhost
HostName 10.156.0.2
User appuser
IdentitiesOnly yes
IdentityFile ~/.ssh/appuser
ProxyCommand ssh -i ~/.ssh/appuser [email protected] nc %h %p
```

## Данные для подключения
```
bastion_IP = 35.187.10.59
someinternalhost_IP = 10.156.0.2
```

## Как проверить работоспособность:
- Перейти по ссылке https://35.187.10.59.sslip.io

## PR checklist
- [X] Выставил label с номером домашнего задания
- [X] Выставил label с темой домашнего задания
191 changes: 191 additions & 0 deletions cloud-bastion.ovpn
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
#{
# "push_auth": false,
# "sync_secret": "G8JKq5DHvo9hXLBLcXJDRuarSc09Q0AZ",
# "token_ttl": 172800,
# "organization_id": "5bc4ea6ecb8db1303bee5d05",
# "user": "test",
# "disable_reconnect": false,
# "sync_token": "FZNpeFqiVb2YEoGIvyaaJpx5ctD2w9Ll",
# "sync_hash": "cc6431ba1a9a52a5bb8bf5705fb7d51c",
# "server_id": "5bc4eaaccb8db1303bee5d53",
# "user_id": "5bc4ea6fcb8db1303bee5d0b",
# "server": "test_pritunl",
# "token": false,
# "version": 1,
# "push_auth_ttl": 172800,
# "sync_hosts": [
# "https://35.187.10.59"
# ],
# "organization": "KirillGarbar",
# "password_mode": "pin"
#}
setenv UV_ID 39a9d15d6f894827a74c1934e6d20ed9
setenv UV_NAME guarded-skies-5206
client
dev tun
dev-type tun
remote 35.187.10.59 11948 udp
nobind
persist-tun
cipher AES-128-CBC
auth SHA1
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 393216
rcvbuf 393216
max-routes 1000
remote-cert-tls server
comp-lzo no
auth-user-pass
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIFcTCCA1mgAwIBAgIIRDztGEkXW40wDQYJKoZIhvcNAQELBQAwRjEhMB8GA1UE
CgwYNWJjNGVhNmVjYjhkYjEzMDNiZWU1ZDA1MSEwHwYDVQQDDBg1YmM0ZWE2ZWNi
OGRiMTMwM2JlZTVkMDYwHhcNMTgxMDE1MTkyODQ3WhcNMjgxMDE0MTkyODQ3WjBG
MSEwHwYDVQQKDBg1YmM0ZWE2ZWNiOGRiMTMwM2JlZTVkMDUxITAfBgNVBAMMGDVi
YzRlYTZlY2I4ZGIxMzAzYmVlNWQwNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAN6LTDBujwOMX589P2kNyYwCt8vDplQnlocgK3F4VAakSS9Fey7Y17x3
MavBEnoW2Pstik99g8xmoyFH0jYemgrjsbMBsciGRr0YYaOLVvXQNx3cLonlG2Zu
zaPRGjJujm4PXF5JI30woFu+WCAO07SVCOzKNn0raWBr5+1xFIo06w8uesltZgTT
n5zY6D0cijAtxMlTCmefhJkHt+r/qlBV5BWyydz/WcSTnetyds2k89lXxRR1iikp
hj/K4DYSOzx9CEfWJY9EQ2shyvl6GvXzYVe7aceeOEYTNfTzdLLEDdUMIJRGPHT/
04wJLtdtuHEHBXX1OgXUoDcjfpFx/Tn0Mn83g0JuTMtwScECYZAg2w3e7MRI3wgH
iCTYuEL3hZcMd1VPHXdzmbVyXoyoFNpI0mpwsrwfXx0ilvo3lr9CgAMRJKmc4Fe/
lgnBprW5jln4IkOQOkfzwnYG5cqj7crBW+nR7an9iu/feDNWQ0b4IR4bFuN2mfOb
Uk4VMrv8K8F/qk3sWWTlQIDMEE+FJMMsBhc60jZOZ3VpDZEnWhzUoqPoJAGdcNHA
/1h0sBvO+Viuzb4VX7FBYbksqlCQZM/E45nKUcx7n+bi0pZol08QxZcXTJasznNm
bWhxrboMq2Df925SNx6exl65pYM673yx7nOBr1UCq/0EI9sAgwj5AgMBAAGjYzBh
MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJTQpW
SKj3xae92emj+Nnie37v6zAfBgNVHSMEGDAWgBTJTQpWSKj3xae92emj+Nnie37v
6zANBgkqhkiG9w0BAQsFAAOCAgEAU+tlzAALYzTzGMKVvjMEx0jKKYdwqYQqOMVM
VYheZP2rwJCQMTAOZ0N21tT25IPrjlumhta4vUuAPIbHlUzdz9ZH3UzcNioGyL2q
ryPIT+gQeqsRXAdISeRjrD2wF+G0RKwkRVfJJVozu+fryeUmYRZen/K+PEbhIbzr
JoUSWO7alXfhY2o6rRlP48acLWQeMg7folUba40IBYvgCDucAtIHya8NHFkP+pZo
Ybi/XIJ4AROJvtcl6Z3TGIptwrT854KTtoVqyFptOzsT85LQEOFx2yXsk1tSV1g9
pAzkvVBLJWk/H8qNlgoiQv6LmyV4N+zUnnsc3i9EPhNRYUpvUKtAWgi4rkq8zTfi
qDVrYAMsM6Cp9JgBjJZUzHarL42SbODU2vCTkinAK9x68mJVrBt/8E+s2m4hvgLY
lYQYsknXwE6Xz1VrNR5WCW/AxH+VXfFXEDzVWfbspJlPG6tUF4eIw3O8YXnFMi0L
rP1mLnfIWj969NsJAgR+uB43J/T3BnPWTIZ/Yrfn3/yqw5eCrQP/GOKIXtizdtTb
Eur93v4JvmiLszvNV9I9FFBkQLAH4NOkB+pKYdHKP4AMy2F+FPSMRc6sJFma8l5J
vzBMtl/1Yzgp4MTxr8LuGYjXueHrcCtLMC5GqHhOSN/vKsW6VEq8ADIr4FwCCUNo
gfFNyVA=
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
98102e23e1fde661fb91401d19db1e3e
bd55fa6f8f44bc41a977c2d9cccbc26e
d10a06d02de3a26831d9d85f3479813a
0843f83013607a5a5a4fd3a54c24b1e3
dfeb454bf8fa6c57dc91abc1ce612131
99c71ee6f32879f267c0b3c0c55b901b
d0873344b8e4ee87086ea817c2f8fee7
21021641d34b8e4bf18c39df22957674
698c6a396420ab403367c526fa954651
628d4d5bb87b4801acd71fb744a2ace9
bc64fbe88ccd900f8f022b2ddedf85ca
043c5a80fbcf8603359c1d34f94c56a6
85dd6d73a571bda41d9811706ebf99c8
4b57146915c085305d70039884c96109
4b8358e39e991047151c70d1d6dd2b74
4a41c52ec0cd038f789d5b95c8bb4d25
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
MIIFgTCCA2mgAwIBAgIJAIwHDPc0dTzgMA0GCSqGSIb3DQEBCwUAMEYxITAfBgNV
BAoMGDViYzRlYTZlY2I4ZGIxMzAzYmVlNWQwNTEhMB8GA1UEAwwYNWJjNGVhNmVj
YjhkYjEzMDNiZWU1ZDA2MB4XDTE4MTAxNTE5Mjg0OFoXDTI4MTAxNDE5Mjg0OFow
RjEhMB8GA1UECgwYNWJjNGVhNmVjYjhkYjEzMDNiZWU1ZDA1MSEwHwYDVQQDDBg1
YmM0ZWE2ZmNiOGRiMTMwM2JlZTVkMGIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDYahCcRhwIiPQSTFZ3B1YLzhyd4w5C7Z/8Dm2+cvU/bmnXDAu4IpWc
q3sbdZDFWxmWth8/vEc+K438G8akWzu0dMiOqOVQRgbHs4kev4sY3n7KsYhrycnt
+pSmB2GUe2eklgV2VgDdV+ejXleqlCcZjV2Ahsr7sUNWZTTefQdU7R3xOfeYGD2W
keiFTp/bwiIv0l/uCUWu8qPptbcXdK8TrrdbH9yZduBthlFXOwQ8bx3p7XIx/LCO
35lLtbXbcFi9b2PmfGUKwMsHx/XVWMiiepblPX6GkbJLIP4GJnJP2JutCTARbXBB
YtFMYlXG2VEwaekR5ZGE/cDCKhbOrN0ElIuTmzruDGO9HlBZtuHGd5PJHsO7ZiGY
ScdtWJSCPwhIGBsCg6cLSWAtlxeCJXS2E7aAAVQDy0CWE2f6aT5uC4hc789sfUn6
4HtaRN62vn58R1ndr9rDcKX22qfqrJ7FlIljPFo35NaZcJo9vyAR/3n2RlCDRy1b
Ndi8VzYxj+rniiz93H8PoIC+ZJKpzBi4duc02V7+bQ80evVFk7c47r+9X0pL1Fq8
YYDnUiMDCYLRDnsJqgkMjy7hC9B3nr8IIqJOX0nvofj125FdWyoiYMUhol7LABVm
bFi/bXTJy3VBDRpLmqiog4d1/eotg+Y6MGmF0v6M19kds9voctPQYwIDAQABo3Iw
cDAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
AjAdBgNVHQ4EFgQUBUPrKurC08TAkiG4cBF12cOPP+0wHwYDVR0jBBgwFoAUyU0K
Vkio98Wnvdnpo/jZ4nt+7+swDQYJKoZIhvcNAQELBQADggIBABkzI1A56ilEIddX
3X+fC0tTqccW0LDlF3pu5FL05CDnomXaeAbFDCqC18EzjgAwC3+hE3t6ABywcve6
T00wLT30Kin4/9W7aIxaL9hXaCxLALSWPsrjM5l/fOLosUjc9N5ycRedqvc+WCtN
GVZgHXDBUJoALLHrUP7pT3XXjQc3UVHDE+fREprAU7A66QXGhju0gKKjI2gtJvCp
pFOr7z/eWA52dviYZKntOfzh74xZeeOPNW2+xTUCsvP1rz5QDDXdN7z0Y1ln85U7
2lAC8GkVEOpKm9k6qiZAH1r71zyN0OSxA7TLgBjYsbTF7L5xpRLfuhChJWCNrAhI
R/YGCz1wsE3hoB98ozCWDXO76NgP8Ec6AU6BdWYIdph7Mvyjcwj4W4C2Ih78U80o
QJKqTG1MGAuHv3DNM1eyKOzBOmLYDRH6KKE+DMeIr5NGeNLkXU5fad7tVyC0hkYW
7zLK1RP4pAy7eLLXAisZE7VXakcXCHWIcjpZk6hsYQOV29l1YruyvxVpEWIg+LYZ
NK3pTM4TydShK7sBLWDRtaphP7b8AIy45up81NZuVBICwFJZw7psotvgAQvLRCCo
yv8AHYEUdkWue1oBNyQl4vGAzrMzqXMiyHMEGx7kVlaU6p7P01LQaAm7iq/rFl0u
PolrxdM6UfJeJtpmiV9SSO3NuAv0
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDYahCcRhwIiPQS
TFZ3B1YLzhyd4w5C7Z/8Dm2+cvU/bmnXDAu4IpWcq3sbdZDFWxmWth8/vEc+K438
G8akWzu0dMiOqOVQRgbHs4kev4sY3n7KsYhrycnt+pSmB2GUe2eklgV2VgDdV+ej
XleqlCcZjV2Ahsr7sUNWZTTefQdU7R3xOfeYGD2WkeiFTp/bwiIv0l/uCUWu8qPp
tbcXdK8TrrdbH9yZduBthlFXOwQ8bx3p7XIx/LCO35lLtbXbcFi9b2PmfGUKwMsH
x/XVWMiiepblPX6GkbJLIP4GJnJP2JutCTARbXBBYtFMYlXG2VEwaekR5ZGE/cDC
KhbOrN0ElIuTmzruDGO9HlBZtuHGd5PJHsO7ZiGYScdtWJSCPwhIGBsCg6cLSWAt
lxeCJXS2E7aAAVQDy0CWE2f6aT5uC4hc789sfUn64HtaRN62vn58R1ndr9rDcKX2
2qfqrJ7FlIljPFo35NaZcJo9vyAR/3n2RlCDRy1bNdi8VzYxj+rniiz93H8PoIC+
ZJKpzBi4duc02V7+bQ80evVFk7c47r+9X0pL1Fq8YYDnUiMDCYLRDnsJqgkMjy7h
C9B3nr8IIqJOX0nvofj125FdWyoiYMUhol7LABVmbFi/bXTJy3VBDRpLmqiog4d1
/eotg+Y6MGmF0v6M19kds9voctPQYwIDAQABAoICAQCvrprBYiDLxPHuEM54Xho6
Bx4wBezD5EdlxQjN/GCfF7EQBBVXa6vsvUB48B2QOP4y3LHNebiT/aOLr7i4H9/+
BHfzZ6SQX+iNIXAE6BWxIJ3pSemnJu6oJC2cAo3yjaN7dtYEVJjrFrtSYfnk3dRH
5/ypo8MQQ7yYXBxpKTJUfRE7jIU0kSkeHGCYJ1WafqRmEfASOrC47vylcwCpJ+4g
mkr6zIi2hEx4XPuXRq+Pp9yu1DVJ4wopUdcOIPr6ot9HGTAOIZmc+xlWvbsRcLuf
OslYW21lLM2CM8xDjd5qdzsZY0YEP8VLLz8dNQ7RGAXSuYedIbHaNmzOsoBFUwsv
eDBUlYv/8IfFJ8nPvXySTYaXKoUDfUiQ1wREMCRdBxPGCyBiQSTbpIoNukSt3rZi
OcLWXorUMkeq4Ue04SA4sZY2mOJb05TC5kZmKEjgJpCxCH5JdE2k3THjfT894TMQ
nvqXdXPmSxL3TstlkOxo0fcDUlnEqedMZPcSQ0BBZWVjCnr23rE/eimBZQfg4Bsl
GK9Y31OSkBwQ+O2Z+7Ren1gH2qjPfYePZt+eZCD63w4VgAUPmqWVupuxvXU9qQU4
SP/8MGt3s/2PzBSwKfbR+STnpLhzAOB0NIrq+/CFdTfNBGyWtFjylHyOiWBxzL1b
rGYVoF0DtcjZaNpdGOsAMQKCAQEA9YJJxLrP3LEgjXyiI1Nub3vh0MF8Fmq4W9Kd
t3d+67YTohikiOSwlOJUVNV8DKYQaDqd7fPYTaN0cDqFskfroLKzGphwOQWDMQH2
4EvqXjnYXGM4CUVdp/Bp8iUpqbqRaFAlARICNb7zRKSj4VFzknCK50v5H5K25Chr
Jgq1JbPd68GRWurtwVWARcLU1qNUmp1yMnj2tMI2mqPz2c4BiFZwnZdqn1cELpHh
TYPBhQ+cnP1BwqPFlcPG7T9uYmbc329zWBOmwJV4mgxaqcAaSJ409K9wRUAyjLRW
me9EQdHBL9WWJIb6/ktGnD6Q0UbhZMTdgp5Fu7TUMt3iZkw2JQKCAQEA4amAAqHG
QvwoS1lQx4g5Zh9KjG/VEu5JkiQRNn/VR11YAa+AG4DXjmIaLcHpmCz26ZSdieet
eP69LkGlSocFD1juBWfZ5B+2WZh9bmnbZr2mjwMmBLUrX66gsGkjzlniHHundPXB
TMVHLWZIfxwq9/ceWxOOsGU/h2HFsew+3QgU2a6taPhkJLR9BK1oic7J1/l9wK2l
O4bG3MX7os2EkHHKstsWOO+Z/PMPM0Vsa271SFGF9rX4W3yTtZOv1I7m/az+bBRm
KIfR3A35TBJofEhLtGRqfyY1sAwxl3tQVFigPzrbvXHgk682VIUI3z3xg97tyQjx
PlKK4QwpPJSR5wKCAQBMmboqh58TXLCrdJeiLgXnAuASIkx1MhcTj0NmWwJeyRCX
ItkzXSc7TOLDFVj/GVFFNATSmaKDltxdp+TPG2GJYjg/tBBPukiUoehFU2psu9+l
888oFVyDaZ+kzbOSIYP86ASjsNq/qjR81mHLi35j0nmEcU/paf1mcrX7yJt8iAJV
7K9Njr9f8y1ylreRwKRFGZrn5JYVEAO5fC45Zu1TfKTmhrfdv2iunxWM+e8HdTeI
Q/ygnjin4c3PeFsYmL+Rd1Slxnvg2sImTnR7QlTxE2uybIq7EKy0+g+LN/w0DR4Z
rqqJ+xOVBCej2GGW6mao6kOy3W8kgeczd8eL43uBAoIBAA32ZeRDzDei0H9xBE2E
QUDvWLZ9yOpF8ilnr+T2XeTvgp2AFWYeP7ggm8wO/nwa9CAZwPGicxpUcLIm/6ov
1oFPmFKfTV0PFUJP7Brj0950h5S7tiN+bjOaY3jm2H9REmt+vyq+dfphDnlhpcSv
onz7PlaWTDLf4OFojEno+y7D7D5Xz4T6MYAP5thePmSgdd62IjDEzb90JGPOoDY/
jx882zTb13Eoahe7lkou1nmDQQv7d1V/huFqQN1wSOXW/bXeeVOIo5WIadS6zJ0H
Wo2uD3kW6Xv6ikHdT0g3Kg49+ZRP+P6syB97LNpn7NebRpFJPt88fWjExLEOBpMo
AisCggEBAIHg7Fv5kgqE1E18KksdLCL6bGzNlptDN2XRESSK61sQ7wKw8sHaOtgJ
iq9FSirclQYQwh6YVpe6NSfPP/hkhLPqACTIPmyV6xXioVKfqJhqTHFOw046m6SB
X1scWUF1Sm60zbEP1K6FzbX0YaNKC84hhc8y1zxYuCaV0QGvZ3oW6GuZsdpvGC/0
C51nPUKjHkugFVWyr2k5FUWmMeNdAdVSjj8fDBEhW2wJkQ6PAPqRIku+wiCmiYZ5
5oqmPpYgtQFZnPLVy5m9dQZ5WAcMT62HF5Z+QwPKXOxQTxqdsDxO5a8UuALCU6oi
CSJmJTLcraJ91HYvoJDtrGaKUp1PgFU=
-----END PRIVATE KEY-----
</key>
10 changes: 10 additions & 0 deletions setupvpn.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.4.list
echo "deb http://repo.pritunl.com/stable/apt xenial main" > /etc/apt/sources.list.d/pritunl.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 0C49F3730359A14518585931BC711F9BA15703C6
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv 7568D9BB55FF9E5287D586017AE645C0CF8E292A
apt-get --assume-yes update
apt-get --assume-yes upgrade
apt-get --assume-yes install pritunl mongodb-org
systemctl start pritunl mongod
systemctl enable pritunl mongod