Expose our local AirTime instance to `director.border.radio.it` with an HTTP basic auth in front of it for security reasons.
The problem of the Border Radio regia is that is a super-legacy computer under a NAT and with very broken repositories with impossibility to use `apt` to install `autossh` or setup whatever thing. So, actually I've setup an infinite-loop acting like `autossh`, to keep an SSH tunnel from Border Radio Regia to #reyboz server. The script runs from a `screen` session.
We have setup this only thanks to Antonio from Comala that was receiving my instructions while he was in the Border Radio room while I was blocked because of COVID-19. That's why this solution works but it's so shitty. Do not fight about this please.
```
name=/root/start-ssh/tunnel
while :; do date; ssh border-radio-regia@reyboz.it -p 8080 -N -o ExitOnForwardFailure=yes -o "ServerAliveInterval 45" -o "ServerAliveCountMax 1" -R 2223:localhost:80 -R 8083:localhost:80; sleep 5; done
```
See [[ border_radio_reference/ ]] and [[ reyboz/ports/ ]].
== Frontend webserver ==
In #reyboz server:
```
name=/etc/apache2/sites-available/border-radio.director.conf
#
# Border Radio Director
#
# An AirTime proxy (AirTime is actually in a LAN)
#
# See https://gitpull.it/T378
#
<virtualhost *:80>
ServerName director.border-radio.it
DocumentRoot /home/www-data/border-radio.it/director
# do not proxy Let's Encrypt certificates to allow renew
ProxyPass .well-known !
<Location />
#
# Basic Auth
#
# To change the password:
#
# htpasswd -c /etc/apache2/border_radio_secrets/border-director_.passswdwd border-director
#
# Note that we do not protect the homepage because there we renew certificates.
#
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/border_radio_secrets/border-director_pas.passwd
Require valid-user
</Location>
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</virtualhost>
```
The problem of the Border Radio regia is that is a super-legacy computer under a NAT and with very broken repositories with impossibility to use `apt` to install `autossh` or setup whatever thing. So, actually I've setup an infinite-loop acting like `autossh`, to keep an SSH tunnel from Border Radio Regia to #reyboz server. The script runs from a `screen` sessionActually the user is `border-director` and the password was shared only to Mariangela C.
We have setup this only thanks to Antonio from Comala that was receiving my instructions while he was in the Border Radio room while I was blocked because of COVID-19. That's why this solution works but it's so shitty. Do not fight about this please.== Let's Encrypt ==
The certificate was deployed with Let's Encrypt:
```
name=/root/start-ssh/tunnel
while :; do date; ssh border-radio-regia@reyboz.it -p 8080 -N -o ExitOnForwardFailure=yes -o "ServerAliveInterval 45" -o "ServerAliveCountMax 1" -R 2223:localhost:80 -R 8083:localhost:80; sleep 5; donecertbot certonly --webroot --webroot-path=/home/www-data/border-radio.it/director/ -d director.border-radio.it
```
See [[ border_radio_reference/ ]] and [[ reyboz/ports/ ]].