This guide describes a process for exposing ports on StartOS v0.3.5.x or earlier. When StartOS v0.3.6 is released, this guide should become obsolete, so proceed only if you're impatient and understand the risks you're taking. I plan to create more guides that will describe how to install and connect to Tailscale so that you can use the exposed ports from any other device in your tailnet, and how to use that Tailscale connection to expose services on the Internet using a VPS.
-
Create a backup: https://docs.start9.com/0.3.5.x/user-manual/backups/backup-create
-
SSH to your Start9: https://docs.start9.com/0.3.5.x/user-manual/ssh
-
Enable the chroot-and-upgrade context
sudo /usr/lib/startos/scripts/chroot-and-upgradeStart9 warning:
THIS IS NOT A STANDARD DEBIAN SYSTEM
USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR START9 SERVER
PLEASE TURN BACK NOW!!!If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:
sudo rm /usr/local/bin/aptOtherwise, what you probably want to do is run:
sudo /usr/lib/startos/scripts/chroot-and-upgrade
You can run apt in this context to add packages to your system.
When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.
This is still NOT RECOMMENDED if you don't know what you are doing, but at least isn't guaranteed to break things. -
Become root user
sudo -i -
Install socat
apt install socat -
Exit and allow your Start9 to reboot
exit -
SSH to your Start9 again, become root user and create a socat systemd service
sudo -i cat << 'EOF' > /lib/systemd/system/[email protected] [Unit] Description=socat %i forward Wants=podman.service After=podman.service [Service] Type=simple Restart=always RestartSec=3 EnvironmentFile=/etc/embassy.socat/%i.conf ExecStart=/usr/bin/socat tcp-listen:${EXPOSED_PORT},fork,reuseaddr tcp:${SERVICE_ADDR}:${SERIVCE_PORT} [Install] WantedBy=multi-user.target EOF -
Create a directory for socat service environment files
mkdir -p /etc/embassy.socat/ -
Create a socat environment file
cat << 'EOF' > /etc/embassy.socat/btcpayserver.conf EXPOSED_PORT=8081 SERVICE_PORT=80 SERVICE_ADDR=btcpayserver.embassy EOFNote: This example exposes BTCPayServer's web interface
-
Start the socat service
systemctl start [email protected]Note: This example uses the filename,
btcpayserver(.confextension omitted), to start the service
This works using the%ivariable in[email protected]to load the environment file:EnvironmentFile=/etc/embassy.socat/%i.conf -
Make sure the socat service is running
systemctl status [email protected]Example output
Note: Look for
Active: active (running)and verify the service,btcpayserver.embassy, and ports,8081and80are listed in theCGroup:entry● [email protected] - socat btcpayserver forward Loaded: loaded (/lib/systemd/system/[email protected]; disabled; preset: enabled) Active: active (running) since Mon 2024-05-27 17:06:03 UTC; 2s ago Main PID: 2795077 (socat) Tasks: 1 (limit: 19004) Memory: 888.0K CPU: 3ms CGroup: /system.slice/system-socat.slice/[email protected] └─2795077 /usr/bin/socat tcp-listen:8081,fork,reuseaddr tcp:btcpayserver.embassy:80 May 27 17:06:03 yawning-jingle systemd[1]: Started [email protected] - socat btcpayserver forward. -
Make sure your Start9 is now listening on the specified port
netstat -plant | grep socatExample output
Note:
0.0.0.0:8081shows that Start9 is listening on port 8081 usingsocatprocess ID2795077tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 2795077/socat -
Enable the socat service to start automatically
systemctl enable [email protected] -
Verify the service is now available at your Start9's IP address and the exposed port: http://10.0.0.2:8081
-
Get your Start9's IP address
ip route | grep default | awk '{print $9}'
-
-
Create more services by repeating the previous steps, starting from 9