Wild and Wetty

2025-12-13 17:56:26 +00:00 · 2018-11-22 22:07:57 +13:00
parent df017ecef8
commit a06f66fa22
4 changed files with 138 additions and 18 deletions
--- a/manuscript/CHANGELOG.md
+++ b/manuscript/CHANGELOG.md
@@ -9,11 +9,12 @@

 ## Recently added recipes

+* Added [Wetty](/recipies/wetty/), a remote terminal client in your web browser (_22 Nov 2018_)
 * Added [PrivateBin](/recipies/privatebin/), a self-hosted pastebin alternative (_5 Nov 2018_)
 * Added [Realms](/recipies/realms/), another git-based wiki, like [Gollum](/recipies/gollum/), but including basic user auth and registration
 * Added a list of useful funkypenguin Docker [containers](/reference/containers/) (_7 Oct 2018_)
 * Added [Swarmprom](/recipies/swarmprom/), the sexiest way visualise detailed performance metrics from your swarm (_17 Sep 2018_)
-* Added [BookStack](/recipies/bookstack/), lightweight personal documentation platform (_20 Aug 2018_)
+
 ## Recent improvements

 * [Autopirate](/recipies/autopirate/start/) uber-recipe updated for [Heimdall](/recipies/autopirate/heimdall/) (_an application-launching dashboard with support for inline stats from supported applications_) (_7 Oct 2018_)
--- a/manuscript/recipies/wetty.md
+++ b/manuscript/recipies/wetty.md
@@ -0,0 +1,110 @@
+hero: Terminal in a browser, baby! 💻
+
+# Wetty
+
+[Wetty](https://github.com/krishnasrinivas/wetty) is a responsive, modern terminal, in your web browser. Yes, your browser. When combined with secure authentication and SSL encryption, it becomes a useful tool for quick and easy remote access.
+
+![Wetty Screenshot](../images/wetty.png)
+
+## Why would you need SSH in a browser window?
+
+Need shell access to a node with no external access? Deploy Wetty behind an [oauth_proxy](/reference/oauth_proxy/) with a SSL-terminating reverse proxy ([traefik](/ha-docker-swarm/traefik/)), and suddenly you have the means to SSH to your private host from any web browser (_protected by your [oauth_proxy](/reference/oauth_proxy/) of course, and your OAuth provider's 2FA_)
+
+Here are some other possible use cases:
+
+1. Access to SSH / CLI from an environment where outgoing SSH is locked down, or SSH client isn't / can't be installed. (_i.e., a corporate network_)
+2. Access to long-running processes inside a tmux session (_like [irrsi](https://irssi.org/)_)
+3. Remote access to a VM / [container running Kali linux](https://github.com/offensive-security/kali-linux-docker), for penetration testing
+
+## Ingredients
+
+1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
+2. [Traefik](/ha-docker-swarm/traefik_public) configured per design
+3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
+
+## Preparation
+
+### Prepare environment
+
+Create wetty.env, and populate with the following variables per the [oauth_proxy](/reference/oauth_proxy/) instructions:
+```
+OAUTH2_PROXY_CLIENT_ID=
+OAUTH2_PROXY_CLIENT_SECRET=
+OAUTH2_PROXY_COOKIE_SECRET=
+
+# To use WeTTY to SSH to a host besides the (mostly useless) alpine container it comes with
+SSHHOST=batcomputer.batcave.com
+SSHUSER=batman
+```
+
+### Setup Docker Swarm
+
+Create a docker swarm config file in docker-compose syntax (v3), something like this:
+
+!!! tip
+        I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
+
+
+```
+version: "3"
+services:
+  wetty:
+    image: krishnasrinivas/wetty
+    env_file : /var/data/config/wetty/wetty.env
+    networks:
+        - internal
+  proxy:
+    image: funkypenguin/oauth2_proxy:latest
+    env_file: /var/data/config/wetty/wetty.env
+    networks:
+      - internal
+      - traefik_public
+    deploy:
+      labels:
+        - traefik.frontend.rule=Host:wetty.funkypenguin.co.nz
+        - traefik.docker.network=traefik_public
+        - traefik.port=4180
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/data/config/wetty/authenticated-emails.txt:/authenticated-emails.txt
+    command: |
+      -cookie-secure=false
+      -upstream=http://wetty:3000
+      -redirect-url=https://wetty.funkypenguin.co.nz
+      -http-address=http://0.0.0.0:4180
+      -provider=github
+      -authenticated-emails-file=/authenticated-emails.txt
+
+networks:
+  traefik_public:
+    external: true
+  internal:
+    driver: overlay
+    ipam:
+      config:
+        - subnet: 172.16.45.0/24
+```
+
+!!! note
+    Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
+
+
+
+## Serving
+
+### Launch Wetty stack
+
+Launch the Wetty stack by running ```docker stack deploy wetty -c <path -to-docker-compose.yml>```
+
+Browse to your new browser-cli-terminal at https://**YOUR-FQDN**. Authenticate with your OAuth provider, and then proceed to login, either to the remote host you specified (_batcomputer.batcave.com, in the example above_), or using user and password "term" to log directly into the Wetty alpine container (_from which you can establish egress SSH_)
+
+## Chef's Notes
+
+1. You could set SSHHOST to the IP of the "docker0" interface on your host, which is normally 172.17.0.1. (_Or run ```/sbin/ip route|awk '/default/ { print $3 }'``` in the container_) This would then provide you the ability to remote-manage your swarm with only web access to Wetty.
+2. The inclusion of Wetty was due to the efforts of @gpulido in our [Discord server](http://chat.funkypenguin.co.nz). Thanks Gabriel!
+
+### Tip your waiter (donate) 👏
+
+Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
+
+### Your comments? 💬
--- a/manuscript/reference/networks.md
+++ b/manuscript/reference/networks.md
@@ -38,6 +38,14 @@ Network  | Range
 [ElkarBackup](https://geek-cookbook.funkypenguin.co.nz/recipies/elkarbackp/)  |  172.16.36.0/24
 [Mayan EDMS](https://geek-cookbook.funkypenguin.co.nz/recipies/realms/)  |  172.16.37.0/24
 [Shaarli](https://geek-cookbook.funkypenguin.co.nz/recipies/shaarli/)  |  172.16.38.0/24
+[KeyCloud](https://geek-cookbook.funkypenguin.co.nz/recipies/keycloak/)  |  172.16.39.0/24
+[MatterMost](https://geek-cookbook.funkypenguin.co.nz/recipies/mattermost/)  |  172.16.40.0/24
+[PrivateBin](https://geek-cookbook.funkypenguin.co.nz/recipies/privatebin/)  |  172.16.41.0/24
+[Mayan EDMS](https://geek-cookbook.funkypenguin.co.nz/recipies/mayan-edms/)  |  172.16.42.0/24
+[Hack MD](https://geek-cookbook.funkypenguin.co.nz/recipies/hackmd/)  |  172.16.43.0/24
+[FlightAirMap](https://geek-cookbook.funkypenguin.co.nz/recipies/flightairmap/)  |  172.16.44.0/24
+[Wetty](https://geek-cookbook.funkypenguin.co.nz/recipies/wetty/)  |  172.16.45.0/24
+

 ## Chef's Notes

--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -63,27 +63,11 @@ pages:
      - Munin: recipies/munin.md
      - Home Assistant: recipies/homeassistant.md
      - OwnTracks: recipies/owntracks.md
+      - PrivateBin: recipies/privatebin.md
      - Swarmprom: recipies/swarmprom.md
      - Turtle Pool: recipies/turtle-pool.md
-      - PrivateBin: recipies/privatebin.md
    - Menu:
      - Bookstack: recipies/bookstack.md
-      - Ghost: recipies/ghost.md
-      - GitLab: recipies/gitlab.md
-      - GitLab Runner: recipies/gitlab-runner.md
-      - Gollum: recipies/gollum.md
-      - Realms: recipies/realms.md
-      - Piwik: recipies/piwik.md
-      - Wekan: recipies/wekan.md
-      - Tiny Tiny RSS: recipies/tiny-tiny-rss.md
-      - Portainer: recipies/portainer.md
-      - InstaPy: recipies/instapy.md
-      - Calibre-Web: recipies/calibre-web.md
-      - Wallabag: recipies/wallabag.md
-      - CryptoNote Mining Pool:
-        - Start: recipies/cryptonote-mining-pool.md
-#        - Masari: recipies/cryptonote-mining-pool/masari.md
-        - Athena: recipies/cryptonote-mining-pool/athena.md
      - CryptoMiner:
        - Start: recipies/cryptominer.md
        - Mining Rig: recipies/cryptominer/mining-rig.md
@@ -95,6 +79,23 @@ pages:
        - Minerhotel: recipies/cryptominer/minerhotel.md
        - Monitoring: recipies/cryptominer/monitor.md
        - Profit!: recipies/cryptominer/profit.md
+      - Calibre-Web: recipies/calibre-web.md
+      - Ghost: recipies/ghost.md
+      - GitLab: recipies/gitlab.md
+      - GitLab Runner: recipies/gitlab-runner.md
+      - Gollum: recipies/gollum.md
+      - InstaPy: recipies/instapy.md
+      - Piwik: recipies/piwik.md
+      - Portainer: recipies/portainer.md
+      - Realms: recipies/realms.md
+      - Tiny Tiny RSS: recipies/tiny-tiny-rss.md
+      - Wallabag: recipies/wallabag.md
+      - Wekan: recipies/wekan.md
+      - Wetty: recipies/wetty.md
+#      - CryptoNote Mining Pool:
+#        - Start: recipies/cryptonote-mining-pool.md
+#        - Masari: recipies/cryptonote-mining-pool/masari.md
+#        - Athena: recipies/cryptonote-mining-pool/athena.md
 #      - SSO Stack:
 #        - Start: recipies/sso-stack.md
 #        - OpenLDAP: recipies/sso-stack/openldap.md