Kirpy on Nostr: I love the idea of Start9, however thought of it as "mostly" useless to average ...
I love the idea of Start9 (npub126n…e9ll), however thought of it as "mostly" useless to average individuals who aren't looking to tor everything.
While the new version is in developement to enable https external access to services using your domain, I found out a hack on how to do this in the meantime
Credit to remcoros on the Start9 (npub126n…e9ll) for the original guide. Hopefully I made it a little more understandable to dumbos like me 😉
As a prerequisite, you'll need to know Caddy reverse proxy (or use another, but Caddy simplifies cert stuff for me), and you'll need to know basic CLI, like how to navigate the filesystem, and create/save a text file.
This example uses the FreeGPT service but I've tested with nostrudel (npub1wyu…87ez), and nostr-rs-relay.
## Enable external access+HTTPS
1. pick a port and subdomain. add the entry to Caddy for automatic certificate/ssl reverse proxy:
```
https://subdomain.domain.com:443 {
header Strict-Transport-Security max-age=31536000;
reverse_proxy 192.168.1.111:50002
}
```
2. Install the service from start9 marketplace or sideload.
3. Go to the services management page and go to the Wrapper Repository URL listed there.
4. Arriving in Github, look for the file `scripts/procedures/healthChecks.ts`
1. possibly line 4? You should see a line: `"web-ui": healthUtil.checkWebUrl("http://free-gpt.embassy:8080";)`, the part you need is `free-gpt.embassy:8080` which is the service and port it's listening on.
5. Now SSH into the Start9 server and switch to the root user with `sudo -i`.
6. Switch to the "chrooted" environment with `/usr/lib/startos/scripts/chroot-and-upgrade`. You should see a bit of syncing.
7. Create and open your service file `vim /lib/systemd/system/socat.freegpt.service` and give it a sensible name.
8. Paste the below text and:
1. Modify the description
2. Modify the port number after "tcp-l" to match the port you chose in your CaddyFile.
3. Modify the text "free-gpt.embassy:8080" to match the text for your service found from Github.
```
bash
[Unit]
Description=socat electrs forward
Wants=podman.service
After=podman.service
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"
ExecStart=/usr/bin/socat tcp-l:50002,fork,reuseaddr,su=nobody,bind=${IP} tcp:free-gpt.embassy:8080
[Install]
WantedBy=multi-user.target
```
9. Save and quit.
10. Start your service with `systemctl enable socat.freegpt` or whichever service name you chose. That's the file name you created earlier.
11. exit the "chrooted" environment with `exit`.
12. That's it! if all's well you may reach your site on the clear-net with your domain.
While the new version is in developement to enable https external access to services using your domain, I found out a hack on how to do this in the meantime
Credit to remcoros on the Start9 (npub126n…e9ll) for the original guide. Hopefully I made it a little more understandable to dumbos like me 😉
As a prerequisite, you'll need to know Caddy reverse proxy (or use another, but Caddy simplifies cert stuff for me), and you'll need to know basic CLI, like how to navigate the filesystem, and create/save a text file.
This example uses the FreeGPT service but I've tested with nostrudel (npub1wyu…87ez), and nostr-rs-relay.
## Enable external access+HTTPS
1. pick a port and subdomain. add the entry to Caddy for automatic certificate/ssl reverse proxy:
```
https://subdomain.domain.com:443 {
header Strict-Transport-Security max-age=31536000;
reverse_proxy 192.168.1.111:50002
}
```
2. Install the service from start9 marketplace or sideload.
3. Go to the services management page and go to the Wrapper Repository URL listed there.
4. Arriving in Github, look for the file `scripts/procedures/healthChecks.ts`
1. possibly line 4? You should see a line: `"web-ui": healthUtil.checkWebUrl("http://free-gpt.embassy:8080";)`, the part you need is `free-gpt.embassy:8080` which is the service and port it's listening on.
5. Now SSH into the Start9 server and switch to the root user with `sudo -i`.
6. Switch to the "chrooted" environment with `/usr/lib/startos/scripts/chroot-and-upgrade`. You should see a bit of syncing.
7. Create and open your service file `vim /lib/systemd/system/socat.freegpt.service` and give it a sensible name.
8. Paste the below text and:
1. Modify the description
2. Modify the port number after "tcp-l" to match the port you chose in your CaddyFile.
3. Modify the text "free-gpt.embassy:8080" to match the text for your service found from Github.
```
bash
[Unit]
Description=socat electrs forward
Wants=podman.service
After=podman.service
[Service]
Type=simple
Restart=always
RestartSec=3
ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"
ExecStart=/usr/bin/socat tcp-l:50002,fork,reuseaddr,su=nobody,bind=${IP} tcp:free-gpt.embassy:8080
[Install]
WantedBy=multi-user.target
```
9. Save and quit.
10. Start your service with `systemctl enable socat.freegpt` or whichever service name you chose. That's the file name you created earlier.
11. exit the "chrooted" environment with `exit`.
12. That's it! if all's well you may reach your site on the clear-net with your domain.