Expose the new LibreTime virtual machine via Reyboz reyboz to director.border-radio.it via an SSH reverse tunnel.
Configured the LibreTime virtual machine as follow:
```
name=Installation
apt install autossh
```
```
name=First connection
ssh-copy-id border-radio-regia@reyboz.it -p 2222
```
```
name=/etc/systemd/system/autossh.service
[Unit]
Description=Expose some Border Radio services to Reyboz infrastructure
After=network.target
Documentation=https://gitpull.it/T594
[Service]
ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 45" -o "ServerAliveCountMax 1" -o "ExitOnForwardFailure=yes" -R 2225:localhost:22 -R 8083:localhost:80 -p 2222 border-radio-regia@reyboz.it
# If AUTOSSH_GATETIME is set to 0 autossh will restart even if ssh fails on the first run with an exit status of 1
Environment="AUTOSSH_GATETIME=0"
# restart autossh if something goes wrong
Restart=on-failure
# wait some seconds before retrying
RestartSec=3
# disable any kind of restart rate limiting
# not supported in our version
StartLimitIntervalSec=0
[Install]
WantedBy=multi-user.target
```
On #reyboz :
```
name=/etc/apache2/sites-available/border-radio.director.conf
#
# Border Radio Director
#
# An AirTime proxy (AirTime is actually in a LAN)
#
# See https://gitpull.it/594
# -- Valerio B. -- sab 23 mag 2020, 19:37:17, CEST
#
<VirtualHost *:443>
ServerName director.border-radio.it
# basic document root just used for Let's Encrypt temporary files
DocumentRoot /home/www-data/border-radio.it/director
# The AirTime application on Border Regia host is protected
# by a basic HTTP Auth for security reasons:
# Note that Border Radio Regia is an Ubuntu 12.04 iper-legacy.
#
<Location "/">
# To change the password:
#
# htpasswd -c /etc/apache2/secrets/border-director.passwd border
#
# Note that we do not protect the homepage because there we renew certificates.
#
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/secrets/border-director.passwd
Require valid-user
# pass all requests to the Border Regia apache, via an SSH reverse tunnel
ProxyPass http://localhost:8083/
ProxyPassReverse http://localhost:8083/
</Location>
# Allow everyone to see LibreTime widgets
<Location "/embed/">
AuthType None
Require all granted
</Location>
# allow Let's Encrypt to receive its certificates
<Location "/.well-known">
# do not proxy Let's Encrypt certificates to allow renew
ProxyPass !
AuthType none
Require all granted
Satisfy any
</Location>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/director.border-radio.it/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/director.border-radio.it/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/director.border-radio.it/chain.pem
</VirtualHost>
# redirect insecure traffic
<VirtualHost *:80>
ServerName director.border-radio.it
Redirect permanent / https://director.border-radio.it/
</VirtualHost>
```