Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
services:wetty [2024/04/23 12:19] – willy | services:wetty [2024/08/07 14:53] (current) – willy | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== WeTTY ====== | ====== WeTTY ====== | ||
- | **NOTE:** i don't use WeTTY anymore, this page might get outdated over time. | + | [[https:// |
- | [[https:// | + | The goal is to have a terminal |
- | Due to a bug in the latest version (2.7.0) you need to install 2.6.0. | + | You could also run a web-based VNC display or something, but that might be overkill on the network bandwidth while the web tty approach is more resillient. |
+ | |||
+ | Please note that web-based TTY access is always limited and annoying, at best, it's only an emergency access route and probably not a comfortable day to day tool. | ||
+ | |||
+ | Security wise, you must put your WeTTY behind a secured reverse-proxy with strong password protection because due to the nature of the tool you will need to setup automatic connection with SSH keys (passwordless) and the only kind of " | ||
===== Installation ===== | ===== Installation ===== | ||
- | First of all, you need **sshpass** for password login to work with WeTTY: | + | Due to a bug in the latest version (2.7.0) (see [[https:// |
- | <code bash> | + | |
- | emerge sshpass | + | |
- | </code> | + | |
Now, as usual, | Now, as usual, | ||
<code bash> | <code bash> | ||
- | useradd -m wetty | + | useradd |
</ | </ | ||
- | Now install | + | Install |
<code bash> | <code bash> | ||
su - wetty | su - wetty | ||
Line 26: | Line 27: | ||
nvm install 20 | nvm install 20 | ||
npm -g i wetty@2.6.0 | npm -g i wetty@2.6.0 | ||
+ | ssh-keygen | ||
</ | </ | ||
- | Now run: | + | Now, WeTTY will run as user **wetty** but the actual login will be done from user // |
- | <code bash> | + | |
- | wetty --host 127.0.0.1 --port 5522 --title ServerCasa --base | + | |
- | </code> | + | |
- | Might need to install fontawesome manually: | + | You need to enable SSH key login from user **wetty** to all the **users** you want to login as from your web console. Let's assume your target user is **user**, you need to copy //wetty// public key to //user// **~/ |
<code bash> | <code bash> | ||
- | npm install --save @fortawesome/fontawesome-free | + | cat /data/daemons/ |
- | npm i --save @fortawesome/fontawesome-svg-core | + | chmod 644 / |
- | npm i --save @fortawesome/free-solid-svg-icons | + | |
</ | </ | ||
+ | |||
+ | Done. | ||
+ | |||
+ | ===== Reverse Proxy ===== | ||
+ | |||
+ | WeTTY by default is based on **https:// | ||
<file conf wetty.conf> | <file conf wetty.conf> | ||
Line 52: | Line 56: | ||
proxy_set_header Host $http_host; | proxy_set_header Host $http_host; | ||
proxy_set_header X-NginX-Proxy true; | proxy_set_header X-NginX-Proxy true; | ||
+ | auth_pam " | ||
+ | auth_pam_service_name " | ||
} | } | ||
</ | </ | ||
+ | Please note that it is **critical** to enable reverse proxy auth because otherwise anybody will be able to access your server console without any protection. | ||
+ | |||
+ | See [[selfhost: | ||
+ | |||
+ | ===== Start & Autostart ===== | ||
+ | |||
+ | Using OpenRC, drop the following script into / | ||
+ | <file - / | ||
+ | # | ||
+ | # Copyright 1999-2021 Gentoo Authors | ||
+ | # Distributed under the terms of the GNU General Public License v2 | ||
+ | |||
+ | description=" | ||
+ | pidfile="/ | ||
+ | command_background=true | ||
+ | command="/ | ||
+ | command_args="" | ||
+ | command_user=" | ||
+ | |||
+ | depend() { | ||
+ | need net | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | And you will also need to create the following script under **/ | ||
+ | <file - wetty_start.sh> | ||
+ | #!/bin/bash | ||
+ | |||
+ | export NVM_DIR=" | ||
+ | [ -s " | ||
+ | [ -s " | ||
+ | |||
+ | wetty \ | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | You need to copy the last lines of the **.bashrc** in the script because NVM requires those lines and OpenRC will run as non-interactive shell, thus bypassing the // | ||
+ | |||
+ | Note: if you want to leave the user out you can omit the // | ||
+ | |||
+ | And make it executable, then create the links: | ||
+ | <code bash> | ||
+ | chmod +x / | ||
+ | chmod +x / | ||
+ | rc-update add wetty default | ||
+ | </ | ||
- | Note: [[https:// | + | And you are all set. |