Scribd
Upload
22 views4 pages

Github Hosting

The document outlines two GitHub Actions workflows: one for running a Node.js application with a Cloudflare tunnel and another for configuring a secure Remote Desktop Protocol (RDP) setup on a Windows machine. The Node.js workflow includes steps for setting up the environment, extracting files, installing dependencies, and maintaining the workflow alive. The RDP workflow focuses on configuring RDP settings, creating a user, installing Tailscale, and verifying RDP accessibility with a focus on security and connection management.

Uploaded by

nickystore304
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
22 views4 pages

Github Hosting

The document outlines two GitHub Actions workflows: one for running a Node.js application with a Cloudflare tunnel and another for configuring a secure Remote Desktop Protocol (RDP) setup on a Windows machine. The Node.js workflow includes steps for setting up the environment, extracting files, installing dependencies, and maintaining the workflow alive. The RDP workflow focuses on configuring RDP settings, creating a user, installing Tailscale, and verifying RDP accessibility with a focus on security and connection management.

Uploaded by

nickystore304
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

name: MS WEB

on:
workflow_dispatch:
schedule:
- cron: "0 */6 * * *" # restart tiap 6 jam otomatis

jobs:
run-node-tunnel:
runs-on: ubuntu-latest
timeout-minutes: 360 # max 6 jam per job

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Setup Node.js v22


uses: actions/setup-node@v3
with:
node-version: 22

- name: Extract api.zip


run: |
unzip -o api.zip -d ./api

- name: Install dependencies


working-directory: ./api
run: npm install

- name: Start Node.js app (show logs)


working-directory: ./api
run: |
npm start 2>&1 | tee node.log &
echo "Node.js app started"

- name: Install cloudflared


run: |
wget https://github.com/cloudflare/cloudflared/releases/latest/download/
cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb || sudo apt-get -f install -y

- name: Run Cloudflare Tunnel


run: |
cloudflared tunnel run --token ${{ secrets.CLOUDFLARE_TUNNEL_TOKEN }}
2>&1 | tee tunnel.log &
echo "Tunnel started"

- name: Run sshx.io session


run: |
echo "Starting sshx.io session..."
(curl -sSf https://sshx.io/get | sh -s run) 2>&1 | tee sshx.log &
sleep 8
echo "=== sshx.io log preview ==="
head -n 20 sshx.log || true
echo "==========================="

- name: Keep workflow alive


run: |
while true; do
echo "[$(date)] Workflow alive"
sleep 300
done

==========rdp sistem

name: RDP on: workflow_dispatch:

jobs: secure-rdp: runs-on: windows-latest timeout-minutes: 3600

steps:
- name: Configure Core RDP Settings (safer defaults)
shell: powershell
run: |
# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal
Server' -Name 'fDenyTSConnections' -Value 0 -Force

# Keep NLA enabled for better security (recommended)


Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp' -Name 'UserAuthentication' -Value 1 -Force

# Use SecurityLayer = 1 (Negotiate) which allows TLS if available


Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp' -Name 'SecurityLayer' -Value 1 -Force

# Remove any existing rule with the same name to avoid duplication
netsh advfirewall firewall delete rule name="RDP-Tailscale" || Write-Host "No
existing rule to delete"

# Restrict firewall rule to Tailscale address range (100.64.0.0/10)


netsh advfirewall firewall add rule name="RDP-Tailscale" dir=in action=allow
protocol=TCP localport=3389 remoteip=100.64.0.0/10

Restart-Service -Name TermService -Force

- name: Create RDP User with Fixed Password


shell: powershell
run: |
$password = "NICKY070709"

# Mask password in GitHub Actions logs


Write-Host "::add-mask::$password"

$securePass = ConvertTo-SecureString $password -AsPlainText -Force

# Idempotent: remove existing user (optional)


if (Get-LocalUser -Name "RDP" -ErrorAction SilentlyContinue) {
Remove-LocalUser -Name "RDP" -ErrorAction SilentlyContinue
}

New-LocalUser -Name "RDP" -Password $securePass -AccountNeverExpires

# Only add to Remote Desktop Users group (avoid adding to Administrators)


Add-LocalGroupMember -Group "Remote Desktop Users" -Member "RDP"

# Export credentials for subsequent steps (note: GITHUB_ENV is accessible to


subsequent steps)
Add-Content -Path $env:GITHUB_ENV -Value "RDP_CREDS=User: RDP | Password:
$password"

if (-not (Get-LocalUser -Name "RDP")) {


Write-Error "User creation failed"
exit 1
}

- name: Install Tailscale


shell: powershell
run: |
$tsUrl = "https://pkgs.tailscale.com/stable/tailscale-setup-1.82.0-amd64.msi"
$installerPath = "$env:TEMP\tailscale.msi"

Invoke-WebRequest -Uri $tsUrl -OutFile $installerPath


Start-Process msiexec.exe -ArgumentList "/i", "`"$installerPath`"", "/quiet",
"/norestart" -Wait
Remove-Item $installerPath -Force

- name: Establish Tailscale Connection


shell: powershell
env:
TAILSCALE_AUTH_KEY: ${{ secrets.TAILSCALE_AUTH_KEY }}
run: |
if (-not $env:TAILSCALE_AUTH_KEY) {
Write-Error "TAILSCALE_AUTH_KEY secret is not set"
exit 1
}

$hostname = "gh-runner-$env:GITHUB_RUN_ID"
& "$env:ProgramFiles\Tailscale\tailscale.exe" up --
authkey=$env:TAILSCALE_AUTH_KEY --hostname=$hostname

# Wait for Tailscale to assign an IPv4 address


$tsIP = $null
$retries = 0
while (-not $tsIP -and $retries -lt 12) {
Start-Sleep -Seconds 5
$tsIP = (& "$env:ProgramFiles\Tailscale\tailscale.exe" ip -4) -join ''
$retries++
}

if (-not $tsIP) {
Write-Error "Tailscale IP not assigned. Exiting."
exit 1
}

Add-Content -Path $env:GITHUB_ENV -Value "TAILSCALE_IP=$tsIP"

- name: Verify RDP Accessibility


shell: powershell
run: |
Write-Host "Tailscale IP: $env:TAILSCALE_IP"

# Test connectivity using Test-NetConnection against the Tailscale IP on port


3389
$testResult = Test-NetConnection -ComputerName $env:TAILSCALE_IP -Port 3389
if (-not $testResult.TcpTestSucceeded) {
Write-Error "TCP connection to RDP port 3389 failed"
exit 1
}
Write-Host "TCP connectivity successful!"

- name: Show Connection Info (masked)


shell: powershell
run: |
# Output connection details (password already masked earlier)
Write-Host "`n=== RDP ACCESS ==="
Write-Host "Address: $env:TAILSCALE_IP"
Write-Host "Username: RDP"
# Do NOT print the password in plaintext; show masked placeholder
Write-Host "Password: (masked)"
Write-Host "==================`n"

- name: Maintain Connection (limited duration)


shell: powershell
run: |
# Keep runner active for up to ~55 minutes (adjust if needed), matching
workflow timeout
$totalSeconds = 3300
$interval = 60
$elapsed = 0
while ($elapsed -lt $totalSeconds) {
Write-Host "[$(Get-Date)] RDP Active - remaining $
([math]::Round(($totalSeconds - $elapsed)/60,2)) minutes"
Start-Sleep -Seconds $interval
$elapsed += $interval
}

Write-Host "Maintenance window ended. Workflow will exit."

You might also like