首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >一个100%Go语言的Web-Term-SSH 堡垒机项目

一个100%Go语言的Web-Term-SSH 堡垒机项目

作者头像
landv
发布2019-10-25 04:14:04
1.3K0
发布2019-10-25 04:14:04
举报
文章被收录于专栏:landvlandv

SSH-Fortress

1. What does it do?

  1. Make your cluster servers be more safe by expose your SSH connection through SSH-Fortress server
  2. Login your SSH server through the SSH-Fortress Web Interface and record all input and output history commands.
  3. Manage your cluster server's SSH Account by SSH-Fortress with Web Account
  4. Manage a server's files by SSH-Fortress's SFTP-web-interface
  5. Easily login into your private Cluster by SSH Proxy provided by SSH-Fortress-Proxy

2. build and run

git clone https://github.com/mojocn/sshfortress.git && cd sshfortress;
go build
echo "run the app with SQLite database"
./sshfortress sqlite -v --listen=':3333'
echo "run the app with Mysql database, you need a config.toml file in your sshfortress binary folder"
./sshfortress run -v --listen=':3333'

Docker pull docker pull mojotvcn/sshfortress

2.1 config.toml

The config.toml file should in sshfortress binary folder. config.toml works with command sshfortress run. Command sshfortress sqlite can run with the config file.

[app]
    name="frotress.mojotv.cn"
    addr=":8360"
    verbose= true
    jwt_expire=240 #hour
    secret="asdf4e8hcjvbkjclkjkklfgki843895iojfdnvufh98" #jwt secret
[db]
    # mysql database connection
    host = "127.0.0.1"
    user = "root"
    dbname = "sshfortress"
    password = "your_mysql_password"
    port = 3306

[github] #github.com OAuth2
    client_id="d0b29360a088d0c4dc18"
    client_secret="89b272eeb22f373d8aa688986a8dbbc4edbfc64a"
    callback_url="http://sshfortress.mojotv.cn/#/"

3. Online demo

https://sshfortress.mojotv.cn/#/login

just click the login button, the default password has input for you, user admin@sshfortress.cn password: admin,

3.1 Universal Web SST Terminal

  • URL : https://sshfortress.mojotv.cn/#/any-term eg: https://sshfortress.mojotv.cn/#/any-term?a=home.mojotv.cn&p=test007&u=test007&z=1
  • URL-ARG a : SSH Address with Port eg: home.mojotv.cn home.mojotv.cn:22
  • URL-ARG u : SSH Username eg: test007
  • URL-ARG p : SSH Password eg: test007
  • URL-ARG z : Not Use Zend Mode eg: 1

4. Run With supervisor & nginx

sshfortress.mojotv.cn.conf

server {
        server_name sshfortress.mojotv.cn;
        charset utf-8;
        location /api/ws-any-term
        {
                proxy_pass http://127.0.0.1:8360;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Real-IP $remote_addr;
         }

        location /api/ws/
        {
                proxy_pass http://127.0.0.1:8360;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header X-Real-IP $remote_addr;
         }
        location / {
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header Host $http_host;
           proxy_pass http://127.0.0.1:8360;
        }
        access_log  /data/wwwlogs/sshfortress.mojotv.cn.log;


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sshfortress.mojotv.cn/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sshfortress.mojotv.cn/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Supervisor config file: sshfortress.ini

[program:sshfortress.mojotv.cn]
command=/data/sshfortress/bin/sshfortress sqlite
autostart=true
autorestart=true
startsecs=10
user=root
chmod=0777
numprocs=1
redirect_stderr=true
stdout_logfile=/data/sshfortress/supervisor.log

5. Reference

  1. idea from my another repo: libragen/felix
  2. How to run SSH-Terminal in browser
  3. Dockerhub image
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2019-10-24 ,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • SSH-Fortress
    • 1. What does it do?
      • 2. build and run
        • 2.1 config.toml
      • 3. Online demo
        • 3.1 Universal Web SST Terminal
      • 4. Run With supervisor & nginx
        • 5. Reference
        相关产品与服务
        容器镜像服务
        容器镜像服务(Tencent Container Registry,TCR)为您提供安全独享、高性能的容器镜像托管分发服务。您可同时在全球多个地域创建独享实例,以实现容器镜像的就近拉取,降低拉取时间,节约带宽成本。TCR 提供细颗粒度的权限管理及访问控制,保障您的数据安全。
        领券
        问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档