cf44acda27
* Add recipe for searxng Signed-off-by: David Young <davidy@funkypenguin.co.nz> * Fussy linter Signed-off-by: David Young <davidy@funkypenguin.co.nz> --------- Signed-off-by: David Young <davidy@funkypenguin.co.nz>
3.7 KiB
title, description, recipe
| title | description | recipe |
|---|---|---|
| Use wetty under Docker for SSH in the browser | Use weTTY to run a terminal in a browser, baby! | Wetty |
Wetty
Wetty is a responsive, modern terminal, in your web browser. Yes, your browser. When combined with secure authentication and SSL encryption, it becomes a useful tool for quick and easy remote access.
{ loading=lazy }
Why would you need SSH in a browser window?
Need shell access to a node with no external access? Deploy Wetty behind an traefik-forward-auth with a SSL-terminating reverse proxy (traefik), and suddenly you have the means to SSH to your private host from any web browser (protected by your traefik-forward-auth of course.)
Here are some other possible use cases:
- Access to SSH / CLI from an environment where outgoing SSH is locked down, or SSH client isn't / can't be installed. (i.e., a corporate network)
- Access to long-running processes inside a tmux session (like irrsi)
- Remote access to a VM / container running Kali linux, for penetration testing
{{ page.meta.recipe }} Requirements
--8<-- "recipe-standard-ingredients.md"
Preparation
Setup data locations
First we create a directory to hold the data which wetty will serve:
mkdir /var/data/config/wetty
cd /var/data/config/wetty
Prepare {{ page.meta.recipe }} environment
Create /var/data/config/wetty.env, and populate with the following variables
# To use WeTTY to SSH to a host besides the (mostly useless) alpine container it comes with
SSHHOST=batcomputer.batcave.com
SSHUSER=batman
{{ page.meta.recipe }} Docker Swarm config
Create a docker swarm config file in docker-compose syntax (v3), something like the example below:
--8<-- "premix-cta.md"
version: "3"
services:
wetty:
image: krishnasrinivas/wetty
env_file : /var/data/config/wetty/wetty.env
deploy:
labels:
# traefik common
- traefik.enable=true
- traefik.docker.network=traefik_public
# traefikv1
- traefik.frontend.rule=Host:wetty.example.com
- traefik.port=3000
# traefikv2
- "traefik.http.routers.wetty.rule=Host(`wetty.example.com`)"
- "traefik.http.services.wetty.loadbalancer.server.port=3000"
- "traefik.enable=true"
- "traefik.http.routers.wetty.middlewares=forward-auth@file"
networks:
- internal
- traefik_public
networks:
traefik_public:
external: true
internal:
driver: overlay
ipam:
config:
- subnet: 172.16.45.0/24
--8<-- "reference-networks.md"
Serving
Launch Wetty stack
Launch the Wetty stack by running docker stack deploy wetty -c <path -to-docker-compose.yml>
Browse to your new browser-cli-terminal at https://YOUR-FQDN. Authenticate with your OAuth provider, and then proceed to login, either to the remote host you specified (batcomputer.batcave.com, in the example above), or using user and password "term" to log directly into the Wetty alpine container (from which you can establish egress SSH)
--8<-- "recipe-footer.md"