autosish

autossh powering sish.

Setup

First, find your SSH keys, or if possible, create a new pair (assuming you'll choose the name id_ed25519_sish):

mkdir ssh_secret
ssh-keygen -t ed25519 -f ssh_secret/id_ed25519_sish -C "Your Name <your_email@example.com>"

You'll need to share your public key (ssh_secret/id_ed25519_sish.pub) with the sish instance's admin. DO NOT SEND ANYONE YOUR PRIVATE KEY, EVER!

Then, install Docker Engine and create (or pull) the badmanners/autosish:latest image:

docker build -t badmanners/autosish:latest .

Running under sish's subdomain

Example Docker Compose file: compose.example-basic.yaml

The configuration can be run as is, to expose a barebones NGINX webserver on the test subdomain of the sish proxy.

Configuring a custom domain webserver with HTTPS

Example Docker Compose file: compose.example-custom-domain.yaml

This guide will assume that you own the example.com domain, and that your service will run on foo.example.com by proxying through sish.top.

1. Add the following DNS entries:

Required	DNS entry	Description
✅	CNAME foo.example.com. sish.top.	Redirects all requests from your host to the proxy.
✅	TXT _sish.foo.example.com. SHA256:A...z	Fingerprint of your public SSH key for authentication. You can obtain your fingerprint by running ssh-keygen -lf ./ssh_secret/id_ed25519_sish
❌	CNAME _acme-challenge.foo.example.com. _acme-challenge.foo.example.com.sish.top.	Allows for the proxy admin to use ACME-DNS challenges instead of HTTP.

2. If you haven't already, contact the proxy's admin and share with them your public SSH key (ssh_secret/id_ed25519_sish.pub). If you're using the optional ACME-DNS challenge, also share your domain name with the admin.

3. Once your credentials have been added, run your service through the Docker Compose.

4. Your service should be available on your custom subdomain, for both HTTP and HTTPS. If you're not using the DNS challenge option, it may take a moment to generate/renew any certificates for the first time.