• 一个100%Go语言的Web-Term-SSH 堡垒机项目


    SSH-Fortress

    1. What does it do?

    1. Make your cluster servers be more safe by expose your SSH connection through SSH-Fortress server
    2. Login your SSH server through the SSH-Fortress Web Interface and record all input and output history commands.
    3. Manage your cluster server's SSH Account by SSH-Fortress with Web Account
    4. Manage a server's files by SSH-Fortress's SFTP-web-interface
    5. Easily login into your private Cluster by SSH Proxy provided by SSH-Fortress-Proxy

    2. build and run

    git clone https://github.com/mojocn/sshfortress.git && cd sshfortress;
    go build
    echo "run the app with SQLite database"
    ./sshfortress sqlite -v --listen=':3333'
    echo "run the app with Mysql database, you need a config.toml file in your sshfortress binary folder"
    ./sshfortress run -v --listen=':3333'
    

    Docker pull docker pull mojotvcn/sshfortress

    2.1 config.toml

    The config.toml file should in sshfortress binary folder. config.toml works with command sshfortress run. Command sshfortress sqlite can run with the config file.

    [app]
        name="frotress.mojotv.cn"
        addr=":8360"
        verbose= true
        jwt_expire=240 #hour
        secret="asdf4e8hcjvbkjclkjkklfgki843895iojfdnvufh98" #jwt secret
    [db]
        # mysql database connection
        host = "127.0.0.1"
        user = "root"
        dbname = "sshfortress"
        password = "your_mysql_password"
        port = 3306
    
    [github] #github.com OAuth2
        client_id="d0b29360a088d0c4dc18"
        client_secret="89b272eeb22f373d8aa688986a8dbbc4edbfc64a"
        callback_url="http://sshfortress.mojotv.cn/#/"

    3. Online demo

    https://sshfortress.mojotv.cn/#/login

    just click the login button, the default password has input for you, user admin@sshfortress.cn password: admin,

    3.1 Universal Web SST Terminal

    • URL : https://sshfortress.mojotv.cn/#/any-term eg: https://sshfortress.mojotv.cn/#/any-term?a=home.mojotv.cn&p=test007&u=test007&z=1
    • URL-ARG a : SSH Address with Port eg: home.mojotv.cn home.mojotv.cn:22
    • URL-ARG u : SSH Username eg: test007
    • URL-ARG p : SSH Password eg: test007
    • URL-ARG z : Not Use Zend Mode eg: 1

    4. Run With supervisor & nginx

    sshfortress.mojotv.cn.conf

    server {
            server_name sshfortress.mojotv.cn;
            charset utf-8;
            location /api/ws-any-term
            {
                    proxy_pass http://127.0.0.1:8360;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
                    proxy_set_header X-Real-IP $remote_addr;
             }
    
            location /api/ws/
            {
                    proxy_pass http://127.0.0.1:8360;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "Upgrade";
                    proxy_set_header X-Real-IP $remote_addr;
             }
            location / {
               proxy_set_header X-Forwarded-For $remote_addr;
               proxy_set_header Host $http_host;
               proxy_pass http://127.0.0.1:8360;
            }
            access_log  /data/wwwlogs/sshfortress.mojotv.cn.log;
    
    
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/sshfortress.mojotv.cn/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/sshfortress.mojotv.cn/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    }

    Supervisor config file: sshfortress.ini

    [program:sshfortress.mojotv.cn]
    command=/data/sshfortress/bin/sshfortress sqlite
    autostart=true
    autorestart=true
    startsecs=10
    user=root
    chmod=0777
    numprocs=1
    redirect_stderr=true
    stdout_logfile=/data/sshfortress/supervisor.log

    5. Reference

    1. idea from my another repo: libragen/felix
    2. How to run SSH-Terminal in browser
    3. Dockerhub image
     
  • 相关阅读:
    flowable流程中心设计之http监听器(十)
    flowable流程中心设计之自定义sql(十)
    flowable流程中心设计之相关表(十六)
    Spring Boot源码阅读自动化Starter原理(四)
    flowable流程中心设计之是否是发起人节点(十四)
    flowable流程中心设计之自动完成任务(十三)
    Spring源码系列导航
    设计思路判断是否有修改数据
    flowable流程中心设计之流程进度图扩展(十五)
    树莓派4B安装 百度飞桨paddlelite 做视频检测 (一、环境安装)
  • 原文地址:https://www.cnblogs.com/landv/p/11730149.html
Copyright © 2020-2023  润新知