summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2022-07-19 11:32:38 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2022-07-19 11:32:38 +0000
commit0409e98822a933e551cbbbfa6ac9542cc24f3be6 (patch)
tree097218ff5e3cc0be95fa098f9f6a7b7e8f083e2f
parentAdding TODO file. (diff)
downloadttyd-tmp-apache2.tar.xz
ttyd-tmp-apache2.zip
Updating.tmp-apache2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/TODO1
-rw-r--r--debian/changelog42
-rw-r--r--debian/control6
-rw-r--r--debian/copyright8
-rw-r--r--debian/local/apache2/ttyd.conf27
-rw-r--r--debian/local/default/ttyd3
-rw-r--r--debian/local/examples/apache2-authbasic-file.conf10
-rw-r--r--debian/local/examples/apache2-authbasic-ip.conf8
-rw-r--r--debian/local/examples/apache2-authbasic-ldap-group.conf16
-rw-r--r--debian/local/examples/apache2-authbasic-ldap-user.conf16
-rw-r--r--debian/ttyd.README.Debian40
-rw-r--r--debian/ttyd.examples1
-rw-r--r--debian/ttyd.install3
-rwxr-xr-xdebian/ttyd.postinst28
-rwxr-xr-xdebian/ttyd.postrm27
-rw-r--r--debian/ttyd.service5
16 files changed, 140 insertions, 101 deletions
diff --git a/debian/TODO b/debian/TODO
index 7bcf1a8..df70bc2 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -2,6 +2,7 @@ ttyd
====
* write logs to own logfile
+ * add README.Debian explaining apache2 setup
* add debconf support to configure apache auth (create config, create htpasswd, etc.)
-- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 08 Feb 2021 14:20:24 +0100
diff --git a/debian/changelog b/debian/changelog
index f4d9790..6c5e942 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,45 +1,3 @@
-ttyd (1.6.3+20220719-1) sid; urgency=medium
-
- * Uploading to sid.
- * Merging upstream version 1.6.3+20220719.
- * Updating copyright for new upstream.
- * Updating to standards version 4.6.1.
- * Adding apache2 reverse-proxy configuration.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Tue, 19 Jul 2022 12:34:47 +0200
-
-ttyd (1.6.3+20210924-1) sid; urgency=medium
-
- * Uploading to sid.
- * Merging upstream version 1.6.3+20210924.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Sat, 09 Oct 2021 12:24:08 +0200
-
-ttyd (1.6.3-4) sid; urgency=medium
-
- * Uploading to sid.
- * Updating to standards version 4.6.0.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Sat, 09 Oct 2021 11:02:22 +0200
-
-ttyd (1.6.3-3) sid; urgency=medium
-
- * Uploading to sid.
- * Adding /etc/default/ttyd to handle options used to start ttyd via systemd
- unit.
- * Restricting package to linux architectures.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Fri, 26 Feb 2021 09:38:56 +0100
-
-ttyd (1.6.3-2) sid; urgency=medium
-
- * Uploading to sid.
- * Adding README.Debian.
- * Correcting path to executables in system service,
- thanks to Jonas Smedegaard <dr@jones.dk> (Closes: #983261).
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 22 Feb 2021 06:50:22 +0100
-
ttyd (1.6.3-1) sid; urgency=medium
* Initial upload to sid (Closes: #972863).
diff --git a/debian/control b/debian/control
index 4b3ca58..9bf33b5 100644
--- a/debian/control
+++ b/debian/control
@@ -9,16 +9,18 @@ Build-Depends:
libwebsockets-dev,
zlib1g-dev,
Rules-Requires-Root: no
-Standards-Version: 4.6.1
+Standards-Version: 4.5.1
Homepage: https://tsl0922.github.io/ttyd
Vcs-Browser: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd
Vcs-Git: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd
Package: ttyd
Section: web
-Architecture: linux-any
+Architecture: any
Depends:
${misc:Depends},
${shlibs:Depends},
+Recommends:
+ apache2 | httpd,
Description: Share your terminal over the web
ttyd is a command-line tool for sharing a terminal over the web.
diff --git a/debian/copyright b/debian/copyright
index df13f3f..d062f12 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,11 +4,15 @@ Upstream-Contact: Shuanglei Tao <tsl0922@gmail.com>
Source: https://github.com/tsl0922/ttyd/releases
Files: *
-Copyright: 2016-2022 Shuanglei Tao <tsl0922@gmail.com>
+Copyright: 2016-2021 Shuanglei Tao <tsl0922@gmail.com>
License: MIT
+Files: src/queue.h
+Copyright: 1991-1993 The Regents of the University of California
+License: BSD-3
+
Files: debian/*
-Copyright: 2021-2022 Daniel Baumann <daniel.baumann@progress-linux.org>
+Copyright: 2021 Daniel Baumann <daniel.baumann@progress-linux.org>
License: MIT
License: BSD-3
diff --git a/debian/local/apache2/ttyd.conf b/debian/local/apache2/ttyd.conf
index 3a1c927..66b1850 100644
--- a/debian/local/apache2/ttyd.conf
+++ b/debian/local/apache2/ttyd.conf
@@ -1,12 +1,25 @@
# /etc/apache2/conf-available/ttyd.conf
-<IfModule mod_proxy.c>
- ProxyRequests Off
- ProxyPreserveHost On
+<IfModule rewrite_module>
+ <IfModule proxy_http_module>
+ <IfModule proxy_wstunnel_module>
+ ProxyPreserveHost On
+ ProxyRequests Off
- ProxyPass /ttyd/ws ws://localhost:7681/ws
- ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+ ProxyPass /ttyd/token ws://localhost:7681/token
+ ProxyPassReverse /ttyd/token ws://localhost:7681/token
- ProxyPass /ttyd/ http://localhost:7681/ keepalive=on
- ProxyPassReverse /ttyd/ http://localhost:7681/
+ ProxyPass /ttyd/ws ws://localhost:7681/ws
+ ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+
+ ProxyPass /ttyd http://localhost:7681
+ ProxyPassReverse /ttyd http://localhost:7681
+
+ <IfFile /etc/ttyd/apache2-auth.conf>
+ <Location /ttyd>
+ Include /etc/ttyd/apache2-auth.conf
+ </Location>
+ </IfFile>
+ </IfModule>
+ </IfModule>
</IfModule>
diff --git a/debian/local/default/ttyd b/debian/local/default/ttyd
deleted file mode 100644
index 526f877..0000000
--- a/debian/local/default/ttyd
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/default/ttyd
-
-TTYD_OPTIONS="-i lo -p 7681 -O login"
diff --git a/debian/local/examples/apache2-authbasic-file.conf b/debian/local/examples/apache2-authbasic-file.conf
new file mode 100644
index 0000000..5f28cb9
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-file.conf
@@ -0,0 +1,10 @@
+# /etc/ttyd/apache2-auth.conf
+
+<IfFile /etc/ttyd/htpasswd>
+ AuthName "ttyd"
+ AuthBasicProvider file
+ AuthType basic
+
+ AuthUserFile /etc/ttyd/htpasswd
+ Require valid-user
+</IfFile>
diff --git a/debian/local/examples/apache2-authbasic-ip.conf b/debian/local/examples/apache2-authbasic-ip.conf
new file mode 100644
index 0000000..8507a20
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ip.conf
@@ -0,0 +1,8 @@
+# /etc/ttyd/apache2-auth.conf
+
+Order deny,allow
+Deny from all
+
+Allow from 10.0.0.0/8
+Allow from 172.16.0.0/12
+Allow from 192.168.0.0/16
diff --git a/debian/local/examples/apache2-authbasic-ldap-group.conf b/debian/local/examples/apache2-authbasic-ldap-group.conf
new file mode 100644
index 0000000..5827794
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-group.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-group cn=foo,ou=security,ou=groups,dc=example,dc=net
diff --git a/debian/local/examples/apache2-authbasic-ldap-user.conf b/debian/local/examples/apache2-authbasic-ldap-user.conf
new file mode 100644
index 0000000..5af7327
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-user.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-user foo bar baz
diff --git a/debian/ttyd.README.Debian b/debian/ttyd.README.Debian
deleted file mode 100644
index 90fe148..0000000
--- a/debian/ttyd.README.Debian
+++ /dev/null
@@ -1,40 +0,0 @@
-ttyd for Debian
-===============
-
-1. Default configuration
-------------------------
-
-After installing ttyd it will by default listen on http://localhost:7681
-in multi-user read-write "login"-mode:
-
- * multi-user means that more than one user can connect at the same time.
-
- * read-write means that anyone connecting to the website can input data.
-
- * Login mode means that the user gets a login prompt (like getty) where
- user and password has to be entered.
-
-Edit /etc/default/ttyd and check the ttyd(1) manpage for the exact options.
-
-
-2. Reverse proxy
-----------------
-
-To make ttyd accessible on the network, it is advised to hide it behind a
-reverse proxy that does TLS and performs user authentication.
-
-To enable the apache2 proxy configuration, the following modules and
-configuration need to be enabled:
-
- * sudo a2enmod proxy proxy_http proxy_http2 proxy_wstunnel
- * sudo a2enconf ttyd
- * sudo service apache2 reload
-
-ttyd is then accessible as <http://example.org/ttyd>.
-
-
-
-, consider protecting this with
-TLS as well as some authentication.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org> Sun, 21 Feb 2021 17:19:20 +0100
diff --git a/debian/ttyd.examples b/debian/ttyd.examples
new file mode 100644
index 0000000..891fdca
--- /dev/null
+++ b/debian/ttyd.examples
@@ -0,0 +1 @@
+debian/local/examples/*
diff --git a/debian/ttyd.install b/debian/ttyd.install
index 4b8d4f0..a658e0d 100644
--- a/debian/ttyd.install
+++ b/debian/ttyd.install
@@ -1,2 +1 @@
-debian/local/default/* /etc/default
-debian/local/apache2/* /etc/apache2/conf-available
+debian/local/apache2/*.conf /etc/apache2/conf-available
diff --git a/debian/ttyd.postinst b/debian/ttyd.postinst
new file mode 100755
index 0000000..b3a83c8
--- /dev/null
+++ b/debian/ttyd.postinst
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+ configure)
+ a2enmod rewrite
+ a2enmod proxy
+ a2enmod proxy_http
+ a2enmod proxy_http2
+ a2enmod proxy_wstunnel
+
+ a2enconf ttyd
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ttyd.postrm b/debian/ttyd.postrm
new file mode 100755
index 0000000..0c12e8c
--- /dev/null
+++ b/debian/ttyd.postrm
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+ purge)
+ # apache2
+ rm -f /etc/apache2/conf-enabled/ttyd.conf
+
+ # httpasswd
+ rm -f /etc/ttyd/htpasswd
+ rmdir /etc/ttyd > /dev/null 2>&1 || true
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ttyd.service b/debian/ttyd.service
index 25956c7..516d851 100644
--- a/debian/ttyd.service
+++ b/debian/ttyd.service
@@ -5,9 +5,8 @@ After=network.target systemd-tmpfiles-clean.service
[Service]
Type=simple
-EnvironmentFile=/etc/default/ttyd
-ExecStart=/usr/bin/ttyd $TTYD_OPTIONS
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStart=/bin/ttyd -i lo -p 7681 -O login
+ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
LimitNOFILE=512
LimitMEMLOCK=infinity