Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(proxy): add SSH safety net documentation

Browse Source
This commit is contained in:
Damien Arnodo
2025-12-26 11:24:51 +00:00
parent 625dc5ada7
commit 2bc5e3a273
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
proxy/README.md
View File

@@ -31,13 +31,29 @@ PROXY_HOSTNAME=myproxy TZ=America/New_York curl -fsSL https://gitea.arnodo.fr/Da
## What it does ## What it does
1. Sets hostname 1. Sets hostname
2. Installs base packages (vim, fail2ban, unattended-upgrades) 2. Installs base packages (vim, fail2ban, unattended-upgrades, at)
3. Installs and connects Tailscale (will prompt for authentication) 3. Installs and connects Tailscale (will prompt for authentication)
4. Configures sysctl for exit-node capability 4. Configures sysctl for exit-node capability
5. Installs Docker 5. Installs Docker
6. Configures UFW (80/443 public, everything else via Tailscale only) 6. Configures UFW (80/443 public, everything else via Tailscale only)
7. Deploys Nginx Proxy Manager 7. Deploys Nginx Proxy Manager
8. Exposes NPM admin panel via Tailscale serve 8. Exposes NPM admin panel via Tailscale serve
9. Temporarily opens SSH port 22 for 5 minutes (safety net)
## SSH Safety Net
During installation, SSH port 22 is temporarily opened for 5 minutes to prevent lockout if you're connected via public IP. After 5 minutes, it will be automatically closed and only Tailscale SSH will work.
```bash
# List scheduled jobs
sudo atq
# Cancel the scheduled SSH closure (replace N with job number)
sudo atrm N
# Manually close SSH port 22 if needed
sudo ufw delete allow 22/tcp
```
## Post-install ## Post-install