Bastion
El bastió d’Isard és una funcionalitat que permet accedir als escriptoris virtuals a través del mateix servidor on s’executa al web d’Isard, en comptes de dependre exclusivament d’una connexió Wireguard.
És especialment útil en entorns on es necessiten servidors públics, ja que permet que aquests escriptoris siguin accessibles sense necessitat d’una VPN.
Quan s’activa el bastió, el servidor d’Isard fa de porta d’enllaç per a les connexions externes:
%22%20/%3E%3C/g%3E%3Cg%20class=%22architecture-services%22%3E%3Cg%20id=%22service-bastion%22%20class=%22architecture-service%22%20transform=%22translate(52.000,56.000)%22%3E%3Crect%20width=%2264%22%20height=%2264%22%20fill=%22%23087ebf%22%20stroke=%22none%22%20/%3E%3Ccircle%20cx=%2232.0%22%20cy=%2232.0%22%20r=%2222.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cellipse%20cx=%2232.0%22%20cy=%2232.0%22%20rx=%2211.2%22%20ry=%2222.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cline%20x1=%229.6%22%20y1=%2232.0%22%20x2=%2254.4%22%20y2=%2232.0%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cline%20x1=%2232.0%22%20y1=%229.6%22%20x2=%2232.0%22%20y2=%2254.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ctext%20x=%2232.000%22%20y=%2286.000%22%20text-anchor=%22middle%22%20font-family=%22Inter,ui-sans-serif,system-ui,-apple-system,Segoe%20UI,sans-serif%22%20font-size=%2214%22%20fill=%22%230F172A%22%3EBastion%3C/text%3E%3C/g%3E%3Cg%20id=%22service-server%22%20class=%22architecture-service%22%20transform=%22translate(188.000,56.000)%22%3E%3Crect%20width=%2264%22%20height=%2264%22%20fill=%22%23087ebf%22%20stroke=%22none%22%20/%3E%3Crect%20x=%229.6%22%20y=%229.6%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2217.1%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Crect%20x=%229.6%22%20y=%2224.5%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2232.0%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Crect%20x=%229.6%22%20y=%2239.5%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2246.9%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Ctext%20x=%2232.000%22%20y=%2286.000%22%20text-anchor=%22middle%22%20font-family=%22Inter,ui-sans-serif,system-ui,-apple-system,Segoe%20UI,sans-serif%22%20font-size=%2214%22%20fill=%22%230F172A%22%3EVM%3C/text%3E%3C/g%3E%3C/g%3E%3Cg%20class=%22architecture-groups%22%3E%3C/g%3E%3C/svg%3E)
%22%20/%3E%3C/g%3E%3Cg%20class=%22architecture-services%22%3E%3Cg%20id=%22service-bastion%22%20class=%22architecture-service%22%20transform=%22translate(52.000,56.000)%22%3E%3Crect%20width=%2264%22%20height=%2264%22%20fill=%22%23087ebf%22%20stroke=%22none%22%20/%3E%3Ccircle%20cx=%2232.0%22%20cy=%2232.0%22%20r=%2222.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cellipse%20cx=%2232.0%22%20cy=%2232.0%22%20rx=%2211.2%22%20ry=%2222.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cline%20x1=%229.6%22%20y1=%2232.0%22%20x2=%2254.4%22%20y2=%2232.0%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Cline%20x1=%2232.0%22%20y1=%229.6%22%20x2=%2232.0%22%20y2=%2254.4%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ctext%20x=%2232.000%22%20y=%2286.000%22%20text-anchor=%22middle%22%20font-family=%22Inter,ui-sans-serif,system-ui,-apple-system,Segoe%20UI,sans-serif%22%20font-size=%2214%22%20fill=%22%23f1f5f9%22%3EBastion%3C/text%3E%3C/g%3E%3Cg%20id=%22service-server%22%20class=%22architecture-service%22%20transform=%22translate(188.000,56.000)%22%3E%3Crect%20width=%2264%22%20height=%2264%22%20fill=%22%23087ebf%22%20stroke=%22none%22%20/%3E%3Crect%20x=%229.6%22%20y=%229.6%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2217.1%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Crect%20x=%229.6%22%20y=%2224.5%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2232.0%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Crect%20x=%229.6%22%20y=%2239.5%22%20width=%2244.8%22%20height=%2214.9%22%20rx=%222%22%20fill=%22none%22%20stroke=%22%23ffffff%22%20stroke-width=%221.5%22%20stroke-linecap=%22round%22%20stroke-linejoin=%22round%22/%3E%3Ccircle%20cx=%2249.2%22%20cy=%2246.9%22%20r=%221.8%22%20fill=%22%23ffffff%22%20stroke=%22none%22/%3E%3Ctext%20x=%2232.000%22%20y=%2286.000%22%20text-anchor=%22middle%22%20font-family=%22Inter,ui-sans-serif,system-ui,-apple-system,Segoe%20UI,sans-serif%22%20font-size=%2214%22%20fill=%22%23f1f5f9%22%3EVM%3C/text%3E%3C/g%3E%3C/g%3E%3Cg%20class=%22architecture-groups%22%3E%3C/g%3E%3C/svg%3E)
Els ports per defecte que són accessibles dels escriptoris són:
22/TCP | Servei SSH |
80/TCP | Web |
443/TCP | Web TLS |
A l’apartat d’edició de qualsevol escriptori es troba l’apartat de bastió (l’has d’habilitar):
Obre una sessió de Powershell per obtenir la teva clau pública SSH:
PS C:\Users\david> gc .\.ssh\id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJgYeQKuRlSp6BOSaVriPqJ5IKakDpHLfP4csIN8Ft/ david@eliteI que faig amb aquest ID e6a0307a-f48f-46e2-9fed-87e34a2d4f61? 😒
En l’apartat principal d’escriptoris, pots accedir al botó de bastion per veure el UUID juntament amb els URL per als protocols activats:
Amb aquest UUID es generaran les diferents connexions a aquesta màquina virtual:
Si has creat una màquina d’escriptori, has d’habilitar el servidor ssh en la màquina virtual:
Ja et pots connectar per ssh a través de bastion amb la màquina virtual:
Instal.la una servidor nginx en la màquina virtual i verifica que et post connectar amb el navegador amb la URL HTTP:
Show solution
A la màquina virtual:
Obre el navegador del Windows a http://e6a0307a-f48f-46e2-9fed.87e34a2d4f61.bastion.elmeuescriptori.cat/
Fedora
Open ports 80 and 443 on the firewall as explained in Firewalld.
Start containers with: