topaLE
/
wetty
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

atoz v2 (#291) 

* atoz readme updated for version 2

* atoz tweaks
pull/299/head
userdocs 4 years ago
committed by GitHub
parent
a779979738
commit
45c2537741
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 247 additions and 234 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 481
      docs/atoz.md

481
docs/atoz.md
View File

@ -1,69 +1,67 @@
### Introduction
# Introduction
This is an A to Z guide that will help you get `wetty` up and running on Debian
Stable. It covers the key configuration areas by using copy and paste commands
to help you install this application and get it securely up and running. It
should also provide enough information to allow you to understand and extend
that configuration for your personal requirements.
This is an A to Z guide that will help you get WeTTY up and running on a Debian based system. It covers the key configuration areas by using copy and paste commands. This will help you install this application and get it securely up and running with minimal system interference and reversible changes. It should also provide enough information to allow you to understand and extend that configuration for your personal requirements.
### Required dependencies
**Note:** Some of these configurations are optional, such as self signed SSL and public key authentication. The purpose of the guide is to show you how to correctly understand, configure, install and use these options should you wish to use them but they are not required to use WeTTY in general.
You will need the package `build-essential` to be installed. We need this
specifically for `node-gyp` to build packages when using `npm` or `yarn` to
install packages.
## Required dependencies
`Node` - WeTTY requires node v14 or greater. We will install this locally for a non root user later in the guide.
`python` - This should be installed by default but we will include it in our `apt-get` command to be safe.
`build-essential` - We need this specifically for `node-gyp` to build packages when using `npm` or `yarn` to install packages.
As the `root` user run these commands:
```bash
apt update
apt install -y build-essential
apt install -y build-essential python
```
If you do not have root access and just want to check the dependency is
installed you can use this command:
If you have no root access and just want to check the dependencies are installed you can use these commands:
```bash
dpkg -s python | grep Status:
dpkg -s build-essential | grep Status:
```
If the program is installed you will see this result:
If the package is installed you will see this result:
```bash
Status: install ok installed
```
### Create a local user account
## Create a local user account
For this guide, unless specifically stated, you should not use a `root` account
to install and run `wetty`. Please use an existing local account or create one
now.
For this guide, unless specifically stated, you should not use a `root` account to install and run WeTTY. Please use an existing local account or create one now.
**Note:** Whichever user runs `wetty` should be the same user you wish to
authenticate with via `ssh` to keep this simple.
**Note:** Whichever user runs WeTTY should be the same user you wish to authenticate with via `ssh` to keep this guide simple.
If you need to create a local user account you can run this command:
**Important note:** replace `username` with a user name of your choosing and
create a password when prompted
**Important note:** replace `username` with a user name of your choosing and create a password when prompted
```bash
adduser --gecos "" username
```
Switch to your local user now and open an `ssh` session to continue with this
guide.
Switch to your local user now and open an `ssh` session to continue with this guide.
### Install node locally
## Install node locally
To install and manage `node` as a local user we are going to use
[Node Version Manager](https://github.com/nvm-sh/nvm) as an established solution
to installing and managing multiple versions of node without needing `root`
access. We are going to install the `lts` or long term support release of `node`
to use with this application.
To install and manage `node` as a local user we are going to use [Node Version Manager](https://github.com/nvm-sh/nvm). This is an established solution for installing and managing multiple versions of node without needing `root` access. This will allow you to install and use multiple versions of `node` at the same time.
This command will download and install `nvm` and reload our shell.
```bash
bash <(curl -s https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh) && source ~/.profile
nvm install --lts
```
This command will install the latest version of the v14 branch, which is the minimum required version for WeTTY.
```bash
nvm install 14
```
You can now call `node` to check it works using this command.
@ -75,29 +73,20 @@ node -v
Your result should look something like this.
```bash
v12.16.2
v14.14.0
```
**Note:** There is consideration with this method. `node` is only in the local
user's path through sourcing of the `~/.nvm/nvm.sh` via the users `.bashrc`
file. Unless this is done `node` will not be usable unless directly linked to
and `nvm` commands will be unavailable.
The way we overcome this issue for the needs of this guide is by using this
command where applicable:
**Note:** There is an important consideration with the `nvm` method. `node` is only in the local user's path through sourcing of the `~/.nvm/nvm.sh` which is done when the user logs in and the shell sources the user's `.bashrc` file. So for some applications who are not aware of this local shell environment `node` will not be usable unless we provide a full path and `nvm` commands will also be unavailable. The way we over come this issue for the needs of this guide is by using this command substitution to provide the full path, where applicable:
```bash
source ~/.nvm/nvm.sh && nvm which 14
$(source ~/.nvm/nvm.sh && nvm which 14)
```
**Why?** This command will always provide us with the path to the most current
version of `node 12` installed via `nvm` regardless of other versions of `node`
installed.
**Why?** This command will always provide us with the path to the most current version of `node 14` installed via `nvm` regardless of other versions of `node` installed with `nvm`.
### Generate openssl certificates.
## Generate OpenSSL certificates
**Why?** So that later we can configure `wetty` to work with `https` and make
sure we interact with `wetty` over a secure connection at all times.
**Why?** So that later we can configure WeTTY to work with `https` and make sure we interact with WeTTY over a secure connection at all times.
Make the required directory using this command:
@ -105,13 +94,12 @@ Make the required directory using this command:
mkdir -p ~/.ssl
```
Generate the self-signed `openssl` certificates we will use to encrypt our web
traffic when using `wetty` using this command:
Generate the self signed `openssl` certificates we will use to encrypt our web traffic when using WeTTY using this command:
**Note:** we are using`ecdsa` using the `secp521r1` curve.
**Note:** we are using `ecdsa` using the `secp384r1` curve. Tested to be compatible with Chrome and Firefox browsers.
```bash
openssl req -x509 -nodes -days 1095 -newkey ec:<(openssl ecparam -name secp521r1) -subj "/C=GB/ST=None/L=None/O=None/OU=None/CN=None" -out ~/.ssl/wetty.crt -keyout ~/.ssl/wetty.key
openssl req -x509 -nodes -days 1095 -newkey ec:<(openssl ecparam -name secp384r1) -subj "/C=GB/ST=None/L=None/O=None/OU=None/CN=None" -out ~/.ssl/wetty.crt -keyout ~/.ssl/wetty.key
```
Now give these file and folders the correct permissions using these commands:
@ -124,10 +112,9 @@ chmod 600 ~/.ssl/wetty.key
This is all we need to do for now in regards to https.
### Generate the ssh key file
## Generate the ssh key file
**Why?** So that later we can set up automatic login via `ssh`. Our instance
will authorise using this key file stored locally.
**Why?** So that later we can set up automatic login via `ssh`. Our instance will authorise using this key file stored locally.
Make the required directory, if it does not exist, using this command:
@ -135,16 +122,13 @@ Make the required directory, if it does not exist, using this command:
mkdir -p ~/.ssh
```
Create the `ssh` private key using `ed25519` that we need to authorise our local
connection, using this command:
Create the `ssh` private key using `ed25519` that we need to authorise our local connection, using this command:
```bash
ssh-keygen -q -C "wetty-keyfile" -t ed25519 -N '' -f ~/.ssh/wetty 2>/dev/null <<< y >/dev/null
```
**Important Note:** You must add the public key to your `authorized_keys` file
in order to be able to log in using your `ssh` key file when accessing `wetty`
via a web browser.
**Important Note:** You must add the public key to your `authorized_keys` file in order to be able to log in using your `ssh` key file when accessing WeTTY via a web browser.
Copy the key to our `~/.ssh/authorized_keys` file, using this command:
@ -160,215 +144,202 @@ chmod 644 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/wetty
```
**Optional:** A housekeeping command. If you need to remove all entries of the
`wetty` public key with the comment `wetty-keyfile` from the
`~/.ssh/authorized_keys` file use this command. Otherwise ignore this.
**Optional:** A housekeeping command. If you need to remove all entries of the WeTTY public key with the comment `wetty-keyfile` from the `~/.ssh/authorized_keys` file use this command. Otherwise ignore this.
```bash
sed -r '/^ssh-ed25519(.*)wetty-keyfile$/d' -i ~/.ssh/authorized_keys
```
### Install wetty
## Install WeTTY
**Note:** we are using `-g` for `npm` or `global` for `yarn` along with
`--prefix ~/` so that the application symbolic link is installed to our `~/bin`
directory and available in our local user's `PATH`.
**Note:** we are using `-g` for `npm` or `global` for `yarn` along with `--prefix ~/` so that the application's symbolic link is installed to our `~/bin` directory and available in our local user's `PATH`.
As your local user run these commands to install `wetty` and `forever`. We will
need `forever` later to run wetty in the background.
As your local user run these commands:
First, we need to make sure the local user's `~/bin` folder exists and is in the
`PATH` for the following commands to work.
To make sure the local user's `~/bin` directory exists and is in the `PATH` please run the following command.
```bash
mkdir -p ~/bin && source ~/.profile
```
Please use either the `npm` or `yarn` method and not both. The `yarn` method is
recommended but I provide both as you may have a personal preference. The
outcome is effectively the same.
`npm ` - optional - use `npm` to install wetty
Now use `npm` to install the `yarn` packet manager.
```bash
npm install -g wetty forever --prefix ~/
npm install -g yarn --prefix ~/
```
`yarn` - recommended - use `yarn` to install wetty
Then use `yarn` to install `wetty`.
```bash
npm install -g yarn --prefix ~/
yarn global add wetty forever --prefix ~/
yarn global add wetty --prefix ~/
```
Once successfully installed the application should be available in your local
user's `PATH`. To test the installation was successful please use this command:
Once successfully installed the application should be available in your local user's `PATH`. To test the installation was successful please use this command:
```bash
wetty -h
```
### Accessing the web interface.
## Accessing the web interface via our external IP
This needs to be done here because it is not easy to do in the next steps if
`wetty` is running in the terminal.
If you are using your external IP and not a domain to access WeTTY this step needs to be done here because it is not easy to do in the next steps if WeTTY is running in the terminal.
This command will generate the correct URL you need to visit after using the
start up commands in the following section.
This command will generate the correct URL you need to visit after using the start up commands in the following section.
```bash
echo https://$(curl -s4 icanhazip.com):3000
```
_Please make make a note of this URL now._
*Please make make a note of this URL now.*
### Running wetty
## Running WeTTY
Now we have all the ground work done we can focus on our `wetty` server
configuration settings.
Now we have all the ground work done we can focus on our WeTTY server configuration settings.
For example, the below command would provide a `https` instance with automatic
`ssh` authorisation using our `wetty` private key on port `3000` accessible at
`https://IP:3000` . Refer to the previous URL generation command.
For example, the below command would provide a `https` instance with automatic `ssh` authorisation using our `wetty` private key on port `3000` accessible at `https://IP:3000` .
**Important note:** This command will run in your current terminal session and
not in the background.
**Important note:** This command will run in your current terminal session and not in the background. The key combination of `CTRL` + `c` will exit the application.
```bash
wetty --host 0.0.0.0 -p 3000 --title wetty --base / --sshkey ~/.ssh/wetty --sshhost localhost --sshuser $(whoami) --sshport 22 --sshauth publickey --sslkey ~/.ssl/wetty.key --sslcert ~/.ssl/wetty.crt
wetty --host 0.0.0.0 -port 3000 --title wetty -base / --ssh-key ~/.ssh/wetty --ssh-host localhost --ssh-user $(whoami) --ssh-port 22 --ssh-auth publickey --ssl-key ~/.ssl/wetty.key --ssl-cert ~/.ssl/wetty.crt
```
#### forever to manage wetty
Since you may not need all these settings we will look through what each one does below so that you can decide how to best configure your instance.
Now you can use `forever` we installed to run `wetty` in the background instead
of directly in your terminal
### Environment settings explained
```bash
forever start ~/bin/wetty --host 0.0.0.0 -p 3000 --title wetty --base / --sshkey ~/.ssh/wetty --sshhost localhost --sshuser $(whoami) --sshport 22 --sshauth publickey --sslkey ~/.ssl/wetty.key --sslcert ~/.ssl/wetty.crt
```
To stop `wetty` from running you can use this command
Let's break it down so that we can understand what's being done and why.
```bash
forever stop ~/bin/wetty
--host 0.0.0.0 -p 3000 --title wetty --base /
```
#### Optional - config file.
`--host 0.0.0.0` - defines the interface we want to bind to. Using `0.0.0.0` means that we bind to all available interfaces so using this setting just works. When we use nginx we can change this to `--host 127.0.0.1` in order to prevent generic port access to the application and force traffic through our nginx reverse proxy URL.
Create a directory to store our configuration data using this command:
`-p 3000` - defines the local listening port. You will use this port to connect via the remotely accessible web server or when configuring a reverse proxy through nginx.
```bash
mkdir -p ~/.config/wetty
```
`--title wetty` - an optional setting to set the window title for this `wetty` session.
Now populate our `config` file with some settings. This example is the same
command as above.
`--base /` - changes the default base URL setting from `/wetty/` to define the remote URL. We use `--base /` to make `wetty` accessible on the URL format `https://IP:3000` instead of `https://IP:3000/wetty` but we would change this back if we use nginx to reverse proxy the application.
```bash
echo -n '{ "server": { "host": "0.0.0.0", "port": 3000, "title": "WeTTy", "base": "/" }, "ssh": {"key": "~/.ssh/wetty", "host": "localhost", "user": "$(whoami)", "port": 22, "auth": "publickey"}, "ssl": { "key": "~/.ssl/wetty.key", "cert": "~/.ssl/wetty.crt"}}' > ~/.config/wetty/config.json
```
### SSH settings explained
This configuration file is now available here for you to manage your settings.
These settings are all specific to `ssh` and will enable you to automatically log into you `ssh` session for the selected user.
```bash
~/.config/wetty/config.json
--ssh-key ~/.ssh/wetty --ssh-host localhost --ssh-user $(whoami) --ssh-port 22 --ssh-auth publickey
```
Now we can load this file as part of the command we pass to `wetty` with shell
expansion and command substitution.
`--ssh-key ~/.ssh/wetty` - we are telling WeTTY to load our `ssh` key file that we generated earlier.
```bash
wetty --conf ~/.config/wetty/config.json
```
`--ssh-host localhost` - optional setting telling WeTTY to connect the host `localhost`
#### forever using a config file
`--ssh-user $(whomai)` - defines our `ssh` username. In this case via the command substitution of `whoami` which will not require your input of a username.
Now you can use `forever` to run it in the background instead of directly in
your terminal
`--ssh-port 22` - optional setting to set the `ssh` port we need to connect to.
```bash
forever start ~/bin/wetty --conf ~/.config/wetty/config.json
```
`--ssh-auth publickey` defines the accepted authentication types. You do not have to use the key file and you can instead require a password but setting this to `--sshauth password`. You can specify both `--sshauth publickey,password`
To stop `wetty` from running you can use this command:
`--ssh-config configfile` - (not used for this guide) alternative ssh configuration file. From ssh(1):
```bash
forever stop ~/bin/wetty
```
> If a configuration file is given on the command line, the system-wide
> configuration file (/etc/ssh/ssh_config) will be ignored. The default for the
> per-user configuration file is ~/.ssh/config.
#### Environment settings explained
### SSL settings explained
Let's break it down so that we can understand what's being done and why.
These settings are specific to `openssl` to make WeTTY load https webserver so that all data is transmitted over a secure connection.
```bash
--host 0.0.0.0 -p 3000 --title wetty --base /
--ssl-key ~/.ssl/wetty.key --ssl-cert ~/.ssl/wetty.crt
```
`--host 0.0.0.0` - defines the interface we want to bind to. Using `0.0.0.0`
means that we bind to all available interfaces so using this setting just works.
When we use nginx we can change this to `--host 127.0.0.1` in order to prevent
generic port access to the application and force traffic through our nginx
reverse proxy URL.
`--ssl-key ~/.ssl/wetty.key` - tells WeTTY to load our `openssl` generated key file.
`-p 3000` - defines the local listening port. You will use this port to connect
via the remotely accessible web server or when configuring a reverse proxy
through nginx.
`--ssl-cert ~/.ssl/wetty.crt` - tells WeTTY to load our `openssl` generates certificate file.
`--title wetty` - an optional setting to set the window title for this `wetty`
session.
### Optional - load settings via a configuration file
`--base /` - changes the default base URL setting from `/wetty/` to define the
remote URL. We use `--base /` to make `wetty` accessible on the URL format
`https://IP:3000` instead of `https://IP:3000/wetty` but we would change this
back if we use nginx to reverse proxy the application.
As of WeTTY v2 there is official support for a configuration file used with the flag `--conf` to specify the location of this file.
#### SSH settings explained
Create the directory where we will store this configuration file.
These settings are all specific to `ssh` and will enable you to automatically
log into you ssh session for the selected user.
```bash
mkdir -p ~/.config/wetty
```
Use `nano` to open a file for editing.
```bash
--sshkey ~/.ssh/wetty --sshhost localhost --sshuser $(whoami) --sshport 22 --sshauth publickey
nano ~/.config/wetty/config.json
```
`--ssh-key ~/.ssh/wetty` - we are telling `wetty` to load our `ssh` key file
that we generated earlier.
Here is the template `config.json` you need to use.
`--ssh-host localhost` - optional setting telling `wetty` to connect the host
`localhost`
**Note:** All option that you do not want to use can be commented out using `//`. For example `// title: 'Terminal', // Page title` will comment out this line and it will be ignored.
`--ssh-user $(whomai)` - defines our `ssh` username. In this case via the
command substitution of `whoami` which will not require your input of a
username.
```json
{
ssh: {
user: 'username', // default user to use when ssh-ing
host: 'localhost', // Server to ssh to
auth: 'publickey,password', // shh authentication, method. Defaults to "password", you can use "publickey,password" instead'
pass: "password", // Password to use when sshing
key: "/home/username/.ssh/wetty", // path to an optional client private key, connection will be password-less and insecure!
port: 22, // Port to ssh to
knownHosts: '/dev/null', // ssh knownHosts file to use
},
server: {
base: '/terminal/', // URL base to serve resources from
port: 3000, // Port to listen on
host: '127.0.0.1', // address to listen on
title: 'Terminal', // Page title
bypassHelmet: false, // Disable Helmet security checks
},
`--ssh-port 22` - optional setting to set the `ssh` port we need to connect to.
forceSSH: false, // Force sshing to local machine over login if running as root
command: 'login', // Command to run on server. Login will use ssh if connecting to different server
`--ssh-auth publickey` defines the accepted authentication types. You do not
have to use the key file and you can instead require a password but setting this
to `--ssh-auth password`. You can specify both `--ssh-auth publickey,password`
ssl:{
key: '/home/username/.ssl/wetty.key',
cert: '/home/username/.ssl/wetty.crt',
}
`--ssh-config configfile` - alternative ssh configuration file. From ssh(1):
}
```
> If a configuration file is given on the command line, the system-wide
> configuration file (/etc/ssh/ssh_config) will be ignored. The default for the
> per-user configuration file is ~/.ssh/config.
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and exit `nano`.
## System Environment Variables
#### SSL settings explained
**Note:** We will not be using this section to configure WeTTY. We are simply documenting it.
These settings are specific to `openssl` to make `wetty` load https webserver so
that all data is transmitted over a secure connection.
There are some environment variables you can export that can be used by WeTTY to configure an instance.
```bash
--ssl-key ~/.ssl/wetty.key --ssl-cert ~/.ssl/wetty.crt
BASE
PORT
TITLE
SSHUSER
SSHHOST
SSHAUTH
SSHPASS
SSHKEY
SSHPORT
KNOWNHOSTS
FORCESSH
COMMAND
```
`--ssl-key ~/.ssl/wetty.key` - tells `wetty` to load our `openssl` generated key
file.
These can be used in the following way
```bash
export PORT=3000
```
`--ssl-cert ~/.ssl/wetty.crt` - tells `wetty` to load our `openssl` generates
certificate file.
There are currently no environment settings for variables not listed above.
### Systemd service settings
## Systemd service settings
We will use a local user `systemd` service file to manage the `wetty` service.
@ -378,42 +349,74 @@ First, create the required directory, if it does not exist.
mkdir -p ~/.config/systemd/user
```
#### Systemd service.
### Systemd service
Here is the example using our pseudo configuration file. All modifications to
the start up of `wetty` will be done by editing the `~/.config/Wetty/config`
file and then reloading the ` wetty.service`.
Here is an example template of how to use service file with hardcoded values you can set in the `wetty.service` file with all options enabled.
Use `nano` to open the file for editing.
Use `nano` to open a file for editing.
```bash
nano ~/.config/systemd/user/wetty.service
```
The copy and paste this code.
**Note:** This is an example service file based on all the options documented and configured so far. You may not want all these option enabled so please remove or modify the `ExecStart` command based on your needs.
```bash
[Unit]
Description=wetty
After=network-online.target
[Service]
Type=simple
ExecStart=/bin/bash -c "$$(source /home/$$(whoami)/.nvm/nvm.sh && nvm which 12) /home/$$(whoami)/bin/wetty --host 0.0.0.0 -p 3000 --title wetty --base / --ssh-key /home/$$(whoami)/.ssh/wetty --ssh-host localhost --ssh-user $$(whoami) --ssh-port 22 --ssh-auth publickey --ssl-key /home/$$(whoami)/.ssl/wetty.key --ssl-cert /home/$$(whoami)/.ssl/wetty.crt"
Restart=always
RestartSec=2
TimeoutStopSec=5
SyslogIdentifier=wetty
[Install]
WantedBy=default.target
```
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and exit `nano`.
### Optional - Systemd service with config file
Here is the example using our pseudo configuration file. All modifications to the start up of `wetty` will be done by editing the `~/.config/Wetty/config` file and then reloading the ` wetty.service`.
Use `nano` to open the file for editing.
```bash
nano ~/.config/systemd/user/wetty.service
```
The copy and paste this code.
**Note:** This `ExecStart` assumes the location of your `config.json` to be `~/.config/wetty/config.json`. Please make sure you use the correct location for this file.
```bash
[Unit]
Description=wetty
After=network.target
After=network-online.target
[Service]
Type=simple
WorkingDirectory=%h
ExecStart=/bin/bash -c "$$(source /home/$$(whoami)/.nvm/nvm.sh && nvm which 12) /home/$$(whoami)/bin/wetty --conf /home/$$(whoami)/.config/wetty/config.json"
TimeoutStopSec=20
KillMode=mixed
ExecStart=/bin/bash -c "$$(source /home/$$(whoami)/.nvm/nvm.sh && nvm which 14) /home/$$(whoami)/bin/wetty --conf /home/$$(whoami)/.config/wetty/config.json"
Restart=always
RestartSec=2
TimeoutStopSec=5
SyslogIdentifier=wetty
[Install]
WantedBy=multi-user.target
WantedBy=default.target
```
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and
exit `nano`.
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and exit `nano`.
#### Activating your service
### Activating your service
The you can enable and start your service.
@ -421,7 +424,7 @@ The you can enable and start your service.
systemctl --user enable --now wetty
```
#### Managing your services
### Managing your services
These commands will help you manage your service.
@ -435,22 +438,19 @@ systemctl --user disable --now wetty
systemctl --user enable --now wetty
```
### Nginx reverse proxy
## Nginx reverse proxy
If you want to use nginx as a revers proxy here is the configuration file you
can use.
If you want to use nginx as a reverse proxy here is the configuration file you can use.
Please modify these specific environment settings:
**Why?** This will disable generic port access to the application and force
traffic via the nginx reverse proxy.
**Why?** This will disable generic port access to the application and force traffic via the nginx reverse proxy.
```bash
--host 127.0.0.1
```
**Why?** This change is so that our application does not attempt to load as the
web root of `/` for nginx.
**Why?** This change is so that our application does not attempt to load as the web root of `/` for nginx.
```bash
--base /wetty/
@ -458,38 +458,38 @@ web root of `/` for nginx.
Now you can use this nginx configuration file.
**Note:** we are using `https` here `https://127.0.0.1:3000/wetty;` because we
configured `wetty` to run via `https`
**Note:** we are using `https` with `https://127.0.0.1:3000/wetty;` because we configured `wetty` to run via `https` using our self signed ssl certificates. If you chose not to run WeTTY with a self signed certificate you should changes this to `http://127.0.0.1:3000/wetty;`
The copy and paste this into the `https` server block of your enable server
configuration file.
The copy and paste this into the `https` server block of your enable server configuration file.
```nginx
location /wetty {
proxy_pass https://127.0.0.1:3000/wetty;
#
proxy_pass_request_headers on;
proxy_http_version 1.1;
#
proxy_set_header Host $host;
#
proxy_http_version 1.1;
#
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-NginX-Proxy true;
#
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 43200000;
proxy_set_header X-Forwarded-Ssl on;
#
proxy_redirect off;
proxy_buffering off;
}
```
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and
exit `nano`
Press `ctrl` + `x` and then press `y` to save then press `enter` to confirm and exit `nano`
Now you would need to reload nginx service using this command:
@ -497,40 +497,53 @@ Now you would need to reload nginx service using this command:
systemctl restart nginx
```
#### Accessing the web interface via nginx
### Accessing the web interface via nginx
Visit the URL format `https://YourIPorDomain/wetty` and you can access WeTTY.
Visit the URL format `https://YourIP/wetty` and you can access `wetty`. This
command will generate the correct URL you need to visit.
This command will generate the correct URL you need to visit it you are not using a domain.
```bash
echo https://$(curl -s4 icanhazip.com)/wetty
```
### Configuration reference
## Protecting your instance of WeTTY
**Disclaimer:** It is not recommended by this guide that you run an instance of WeTTY on your server with no access control in place.
If you chose to not use a password to login in you should protect your instance behind either:
1: [Nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
2: [Authelia](https://github.com/authelia/authelia)
## Configuration reference
`wetty -h` configuration options for reference.
```bash
--help, -h Print help message [boolean]
--version Show version number [boolean]
--conf config file to load config from [string]
--ssl-key path to SSL key [string]
--ssl-cert path to SSL certificate [string]
--ssh-host ssh server host [string] [default: "localhost"]
--ssh-port ssh server port [number] [default: 22]
--ssh-user ssh user [string] [default: ""]
--title window title [string] [default: "WeTTy - The Web Terminal Emulator"]
--ssh-auth defaults to "password", you can use "publickey,password" instead [string] [default: "password"]
--ssh-pass ssh password [string]
--help, -h Print help message [boolean]
--version Show version number [boolean]
--conf config file to load config from [string]
--ssl-key path to SSL key [string]
--ssl-cert path to SSL certificate [string]
--ssh-host ssh server host [string] [default: "localhost"]
--ssh-port ssh server port [number] [default: 22]
--ssh-user ssh user [string] [default: ""]
--title window title [string] [default: "WeTTy - The Web Terminal Emulator"]
--ssh-auth defaults to "password", you can use "publickey,password"
instead [string] [default: "password"]
--ssh-pass ssh password [string]
--ssh-key path to an optional client private key (connection will be
password-less and insecure!) [string]
password-less and insecure!) [string]
--ssh-config Specifies an alternative ssh configuration file. For further
details see "-F" option in ssh(1) [string] [default: ""]
--force-ssh Connecting through ssh even if running as root [boolean] [default: false]
--known-hosts path to known hosts file [string]
--base, -b base path to wetty [string] [default: "/wetty/"]
--port, -p wetty listen port [number] [default: 3000]
--host wetty listen host [string] [default: "0.0.0.0"]
--command, -c command to run in shell [string] [default: "login"]
--allow-iframe Allow wetty to be embedded in an iframe, defaults to allowing same origin [boolean] [default: false]
```
details see "-F" option in ssh(1) [string] [default: ""]
--force-ssh Connecting through ssh even if running as root [boolean] [default: false]
--known-hosts path to known hosts file [string]
--base, -b base path to wetty [string] [default: "/wetty/"]
--port, -p wetty listen port [number] [default: 3000]
--host wetty listen host [string] [default: "0.0.0.0"]
--command, -c command to run in shell [string] [default: "login"]
--allow-iframe Allow wetty to be embedded in an iframe, defaults to allowing
same origin [boolean] [default: false]
```
Write Preview
Loading…
Cancel
Save