专栏首页landv一个100%Go语言的Web-Term-SSH 堡垒机项目

一个100%Go语言的Web-Term-SSH 堡垒机项目

SSH-Fortress

1. What does it do?

  1. Make your cluster servers be more safe by expose your SSH connection through SSH-Fortress server
  2. Login your SSH server through the SSH-Fortress Web Interface and record all input and output history commands.
  3. Manage your cluster server's SSH Account by SSH-Fortress with Web Account
  4. Manage a server's files by SSH-Fortress's SFTP-web-interface
  5. Easily login into your private Cluster by SSH Proxy provided by SSH-Fortress-Proxy

2. build and run

git clone https://github.com/mojocn/sshfortress.git && cd sshfortress;
go build
echo "run the app with SQLite database"
./sshfortress sqlite -v --listen=':3333'
echo "run the app with Mysql database, you need a config.toml file in your sshfortress binary folder"
./sshfortress run -v --listen=':3333'

Docker pull docker pull mojotvcn/sshfortress

2.1 config.toml

The config.toml file should in sshfortress binary folder. config.toml works with command sshfortress run. Command sshfortress sqlite can run with the config file.

[app]
    name="frotress.mojotv.cn"
    addr=":8360"
    verbose= true
    jwt_expire=240 #hour
    secret="asdf4e8hcjvbkjclkjkklfgki843895iojfdnvufh98" #jwt secret
[db]
    # mysql database connection
    host = "127.0.0.1"
    user = "root"
    dbname = "sshfortress"
    password = "your_mysql_password"
    port = 3306

[github] #github.com OAuth2
    client_id="d0b29360a088d0c4dc18"
    client_secret="89b272eeb22f373d8aa688986a8dbbc4edbfc64a"
    callback_url="http://sshfortress.mojotv.cn/#/"

3. Online demo

https://sshfortress.mojotv.cn/#/login

just click the login button, the default password has input for you, user admin@sshfortress.cn password: admin,

3.1 Universal Web SST Terminal

  • URL : https://sshfortress.mojotv.cn/#/any-term eg: https://sshfortress.mojotv.cn/#/any-term?a=home.mojotv.cn&p=test007&u=test007&z=1
  • URL-ARG a : SSH Address with Port eg: home.mojotv.cn home.mojotv.cn:22
  • URL-ARG u : SSH Username eg: test007
  • URL-ARG p : SSH Password eg: test007
  • URL-ARG z : Not Use Zend Mode eg: 1

4. Run With supervisor & nginx

sshfortress.mojotv.cn.conf

server {
        server_name sshfortress.mojotv.cn;
        charset utf-8;
        location /api/ws-any-term
        {
                proxy_pass http://127.0.0.1:8360;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Real-IP $remote_addr;
         }

        location /api/ws/
        {
                proxy_pass http://127.0.0.1:8360;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Real-IP $remote_addr;
         }
        location / {
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header Host $http_host;
           proxy_pass http://127.0.0.1:8360;
        }
        access_log  /data/wwwlogs/sshfortress.mojotv.cn.log;


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sshfortress.mojotv.cn/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sshfortress.mojotv.cn/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Supervisor config file: sshfortress.ini

[program:sshfortress.mojotv.cn]
command=/data/sshfortress/bin/sshfortress sqlite
autostart=true
autorestart=true
startsecs=10
user=root
chmod=0777
numprocs=1
redirect_stderr=true
stdout_logfile=/data/sshfortress/supervisor.log

5. Reference

  1. idea from my another repo: libragen/felix
  2. How to run SSH-Terminal in browser
  3. Dockerhub image

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • 【Nginx]配置文件详解

    landv
  • c语言-猜数字游戏

    landv
  • 编译安装PHP7及扩展

    编辑 php.ini,文件中的配置项 cgi.fix_pathinfo 设置为 0 。

    landv
  • IDEA中使用lombok插件

    lombok是一个可以通过简单的注解的形式来帮助我们简化消除一些必须有但显得很臃肿的 Java 代码的工具,简单来说,比如我们新建了一个类,然后在其中写了几个...

    Java学习录
  • 使用InjectProxy、InjectMediator简化Fabrication开发

    加上Fabrication自身支持的元标签,可简化一些代码,但简化后也付出了一定的代码,那就是变量需要声明为public,而之前虽然繁琐,但却可以将其声明为pr...

    meteoric
  • SpringBoot静态化

    src/main/resources/templates/*.html,默认是从templates文件夹里找html资源。

    南风
  • python: round 内建函数 (四舍五入)

    JNingWei
  • 一周极客热文:一个7岁女孩告诉你的关于计算机编程的本质

    一个七岁的女孩子,在花了一个小时学习编程后,她对编程得出了令人赞叹的体会。(如上图) 计算机很傻,它只会做那些你让它做的事。 编程真的很难!(你必须非常的认真!...

    钱曙光
  • PHP 8 所有新特性一览和代码示例

    PHP 8 正式版即将发布:10 月 29 日会发布 RC3,11 月 12 日会发布 RC4,11 月 26 日会发布正式版本。

    学院君
  • 美国最顶尖的材料学家全是中国人,为什么我国材料工业水平仍然落后?

    在这份依据过去10年中所发表研究论文的引用率而确定的最优秀的100名材料学家榜单中,共有15位华人科学家入选,其中榜单前6位均为华人,美国加州大学伯克利分校教授...

    钱塘数据

扫码关注云+社区

领取腾讯云代金券