Exposing Start9 services using socat
Exposing Start9 services using socat
This guide describes a process for exposing ports on StartOS v0.3.5.x or earlier.
When StartOS v0.3.6 is released, this guide should become obsolete, so proceed only if
you're impatient and understand the risks you're taking. I plan to create more guides
that will describe how to install and connect to Tailscale so that you can use the
exposed ports from any other device in your tailnet, and how to use that Tailscale
connection to expose services on the Internet using a VPS.
Create a backup:
https://docs.start9.com/0.3.5.x/user-manual/backups/backup-create SSH to your Start9:
https://docs.start9.com/0.3.5.x/user-manual/ssh Enable the chroot-and-upgrade context
sudo /usr/lib/startos/scripts/chroot-and-upgradeStart9 warning:
THIS IS NOT A STANDARD DEBIAN SYSTEM
USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR START9 SERVER
PLEASE TURN BACK NOW!!!If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:
sudo rm /usr/local/bin/aptOtherwise, what you probably want to do is run:
sudo /usr/lib/startos/scripts/chroot-and-upgrade
You can run apt in this context to add packages to your system.
When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.
This is still NOT RECOMMENDED if you don't know what you are doing, but at least isn't guaranteed to break things.Become root user
sudo -iInstall socat
apt install socatExit and allow your Star9 to reboot
exitCreate a socat systemd service
cat << 'EOF' > /lib/systemd/system/socat@.service [Unit] Description=socat %i forward Wants=podman.service After=podman.service [Service] Type=simple Restart=always RestartSec=3 EnvironmentFile=/etc/embassy.socat/%i.conf ExecStart=/usr/bin/socat tcp-listen:${EXPOSED_PORT},fork,reuseaddr tcp:${SERVICE_ADDR}:${SERIVCE_PORT} [Install] WantedBy=multi-user.target EOFCreate a directory for socat service environment files
mkdir -p /etc/embassy.socat/Create a socat environment file
cat << 'EOF' > /etc/embassy.socat/btcpayserver.conf EXPOSED_PORT=8081 SERVICE_PORT=80 SERVICE_ADDR=btcpayserver.embassy EOFNote: This example exposes BTCPayServer's web interface
Start the socat service
systemctl start socat@btcpayserver.serviceNote: This example uses the filename,
btcpayserver(.confextension omitted), to start the service
This works using the%ivariable insocat@.serviceto load the environment file:EnvironmentFile=/etc/embassy.socat/%i.confMake sure the socat service is running
systemctl status socat@btcpayserver.serviceExample output
Note: Look for
Active: active (running)and verify the service,btcpayserver.embassy, and ports,
8081and80are listed in theCGroup:entry● socat@btcpayserver.service - socat btcpayserver forward Loaded: loaded (/lib/systemd/system/socat@.service; disabled; preset: enabled) Active: active (running) since Mon 2024-05-27 17:06:03 UTC; 2s ago Main PID: 2795077 (socat) Tasks: 1 (limit: 19004) Memory: 888.0K CPU: 3ms CGroup: /system.slice/system-socat.slice/socat@btcpayserver.service └─2795077 /usr/bin/socat tcp-listen:8081,fork,reuseaddr tcp:btcpayserver.embassy:80 May 27 17:06:03 yawning-jingle systemd[1]: Started socat@btcpayserver.service - socat btcpayserver forward.Make sure your Start9 is now listening on the specified port
netstat -plant | grep socatExample output
Note:
0.0.0.0:8081shows that Start9 is listening on port 8081 usingsocatprocess ID2795077tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 2795077/socatEnable the service service to start automatically
systemctl enable socat@btcpayserver.serviceVerify the service is now available at your Start9's IP address and the exposed port:
http://10.0.0.2:8081 Get your Start9's IP address
ip route | grep default | awk '{print $9}'
Create more services by repeating the previous steps, starting from 9