From 2a29436e0f7171401dd7d2cc7b283c59a5253715 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Sun, 28 Apr 2024 13:46:22 +0000 Subject: readme update --- README.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index cedb144..eb2927d 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,17 @@ # sms-webhook +### What is it + A simple sms webhook with plain authentication to get the SMS you receive on your android phone on IRC.
I have a made blogpost about it [here](https://blog.terminaldweller.com/posts/how_to_get_your_sms_on_irc).
-The IRC bot supports SASL plain authentication.
-The webhook endpoint itself supports HTTP basic authentication.
-The webhook has [pocketbase](https://github.com/pocketbase/pocketbase) integrated so you can use that to create new users.
+### Features + +* The IRC bot supports SASL plain authentication.
+* The webhook endpoint itself supports HTTP basic authentication.
+* The webhook has [pocketbase](https://github.com/pocketbase/pocketbase) integrated so you can use that to create new users.
-Last but not least, you will need a forwarding agent that actually sends the SMS you get on your android device to the webhook endpoint.
+**_Note_**: Last but not least, you will need a forwarding agent that actually sends the SMS you get on your android device to the webhook endpoint.
Currently [this](https://github.com/bogkonstantin/android_income_sms_gateway_webhook) is what I'm using to forward my SMS to the webhook. Also make sure the app settings on android are changed accordingly because the forwarder needs to run in the background so make sure android does not battery-optimize it out of existence.
### Config @@ -26,7 +30,7 @@ IrcChannel = "1337p17" ### Deployment A docker compose file is available for a quick setup: -``` +```yaml version: "3.9" services: sms-webhook: @@ -94,4 +98,42 @@ volumes: pb-vault: ``` +```nginx +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + server_tokens off; + limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m; + server { + listen 443 ssl; + keepalive_timeout 60; + charset utf-8; + ssl_certificate /etc/letsencrypt/live/sms.terminaldweller.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/sms.terminaldweller.com/privkey.pem; + ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + ssl_prefer_server_ciphers on; + sendfile on; + tcp_nopush on; + add_header X-Content-Type-Options "nosniff" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + # add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer"; + fastcgi_hide_header X-Powered-By; + + error_page 401 403 404 /404.html; + location / { + proxy_pass http://sms-webhook:8090; + } + } +} +``` + The setup uses nginx as a reverse proxy for TLS termination. The nginx config for that is also provided in the repo.
-- cgit v1.2.3