1) Подскажите какую лучше поставить операционную систему? Если Linux, то в сторону каких дистрибутивов смотреть. Хотелось бы удалённо подключаться к этому ПК для мониторинга или обновления файлов с github.
2) Актуален ли для подобного Docker или слишком много ресурсов будет отнимать?
3) Правильно ли запускать различные сайты просто на разных портах роутера?
5) Раз выполняется проброс порта, то как это обезопасить?
[internal]
same => _XXX.,Dial(SIP/${EXTEN},60,WwtTrU(sub-mixmonitor,${CALLERID(num)},${EXTEN},${UNIQUEID}))
same => n,HangUp()
[sub-mixmonitor]
exten => s,1,Noop(------------MixMonitor---------------)
; same => n,DumpChan()
; same => n,NoCDR()
same => n,Noop(DIALEDPEERNUMBER ${DIALEDPEERNUMBER} )
same => n,Set(FILE_UNIQUEID=${ARG3})
same => n,Noop(UNIQUEID = ${FILE_UNIQUEID})
same => n,GotoIf($[${DB_EXISTS(RECORD/${ARG1})}]?go-record)
same => n,GotoIf($[${DB_EXISTS(RECORD/${ARG2})}]?go-record)
same => n,Goto(end_sub)
same => n(go-record),Set(WAV=/var/spool/asterisk/monitor/${FILE_UNIQUEID})
same => n,Set(filedate=${STRFTIME(${EPOCH},,%Y%m%d_%H-%M-%S)})
same => n,Set(foldername=${STRFTIME(${EPOCH},,%Y/%m)})
same => n,Set(filename=${filedate}_${ARG1:-10}_${ARG2:-10}_${FILE_UNIQUEID})
same => n,Set(MP3=/var/spool/asterisk/monitor/mp3/${foldername}/${filename})
same => n,System(mkdir -p /var/spool/asterisk/monitor/mp3/${foldername})
same => n,Set(monopt=nice -n 19 /usr/bin/lame -b 32 --silent "${WAV}.wav" "${MP3}.mp3" && rm -rf "${WAV}.wav" && chmod o+r "${MP3}.mp3")
same => n,Noop(${CDR(record)})
same => n,Noop(CHANNEL ${CHANNEL(exten)})
same => n,Set(CDR(realdst)=${ARG2});
same => n,Set(CDR(record)=${FILE_UNIQUEID})
same => n,Set(CDR(recordingfile)=${filename}.mp3)
same => n,MixMonitor(${WAV}.wav,b,${monopt})
same => n(end_sub),returncurl_setopt( $ch, CURLOPT_SSLCERT, 'https://interotkos.ru/admin/SSL/certificate_fbb854...' );
certificate_fbb85415-7416-4a5d-aa54-93321dc2306d.p12
sudo ip tuntap add tap0 mode tap
sudo ip link set tap0 up
sudo ip addr add 192.168.2.2/24 dev tap0
sudo ip route add default via 192.168.2.1[NetDev]
Name=tap0
Kind=tap[Match]
Name=tap0
[Network]
Address=192.168.2.2/24
Gateway=192.168.2.1
DNS=8.8.8.8
DNS=8.8.4.4/ip firewall mangle
add chain=prerouting comment="NAT Loopback detect" dst-address=192.168.0.1 dst-port=3389 protocol=tcp in-interface-list=LAN connection-state=new action=mark-packet new-packet-mark=nat-loopback passthrough=yes
/ip firewall nat
add chain=srcnat packet-mark=nat-loopback action=masquerade comment="NAT Loopback replace address"
/ip firewall nat
add chain=dstnat dst-address=192.168.0.1 protocol=tcp dst-port=3389 action=dst-nat to-addresses=192.168.0.10 to-port=3389exten => _0[1-3]XXX,1,Noop(---- call to AST A1 ----)
same => n,Set(CALLEID(num)=02${CALLRID(num)}) ;; Подменяем номер звонящего, что бы работал обратный звонок
same => n,Dial(SIP/trunkA1/${EXTEN:3},15,Tt)
same => n,HangUp() ;; Обрываем звонок по окончании или если произошла ошибка что бы не звонить в пожарную службуversion: "3"
services:
traefik:
image: "traefik:v2.10"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=MYEMAIL@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
# - "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
private_network:
ipv4_address: 10.2.0.120
unbound:
image: "mvance/unbound:1.17.0"
container_name: unbound
restart: unless-stopped
hostname: "unbound"
volumes:
- "./unbound:/opt/unbound/etc/unbound/"
networks:
private_network:
ipv4_address: 10.2.0.200
wg-easy:
depends_on: [unbound, adguardhome]
environment:
- WG_HOST=MYHOST_IP
- PASSWORD=openode
- WG_PORT=51820
- WG_DEFAULT_ADDRESS=10.10.10.x
- WG_DEFAULT_DNS=10.2.0.100
- WG_ALLOWED_IPS=10.2.0.0/24, 0.0.0.0/0, ::/0
- WG_PERSISTENT_KEEPALIVE=25
- WG_MTU=1280
#image: ditek/wg-easy
image: weejewel/wg-easy
container_name: wg-easy
volumes:
- .:/etc/wireguard
ports:
- "51820:51820/udp"
# - "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
dns:
- 10.2.0.100
- 10.2.0.200
networks:
private_network:
ipv4_address: 10.2.0.3
labels:
- "traefik.enable=true"
- "traefik.http.routers.vpn.rule=Host(`vpn.site.com`)"
- "traefik.http.routers.vpn.entrypoints=websecure"
- 'traefik.http.routers.vpn.tls=true'
- "traefik.http.routers.vpn.tls.certresolver=myresolver"
- "traefik.http.services.vpn.loadbalancer.server.port=51821"
adguardhome:
depends_on: [unbound]
image: adguard/adguardhome
container_name: adguardhome
restart: unless-stopped
environment:
- TZ=America/Los_Angeles
volumes:
- ./work:/opt/adguardhome/work
- ./conf:/opt/adguardhome/conf
networks:
private_network:
ipv4_address: 10.2.0.100
networks:
private_network:
ipam:
driver: default
config:
- subnet: 10.2.0.0/24