diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-07-19 11:32:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2022-07-19 11:32:38 +0000 |
commit | 0409e98822a933e551cbbbfa6ac9542cc24f3be6 (patch) | |
tree | 097218ff5e3cc0be95fa098f9f6a7b7e8f083e2f | |
parent | Adding TODO file. (diff) | |
download | ttyd-tmp-apache2.tar.xz ttyd-tmp-apache2.zip |
Updating.tmp-apache2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/TODO | 1 | ||||
-rw-r--r-- | debian/changelog | 42 | ||||
-rw-r--r-- | debian/control | 6 | ||||
-rw-r--r-- | debian/copyright | 8 | ||||
-rw-r--r-- | debian/local/apache2/ttyd.conf | 27 | ||||
-rw-r--r-- | debian/local/default/ttyd | 3 | ||||
-rw-r--r-- | debian/local/examples/apache2-authbasic-file.conf | 10 | ||||
-rw-r--r-- | debian/local/examples/apache2-authbasic-ip.conf | 8 | ||||
-rw-r--r-- | debian/local/examples/apache2-authbasic-ldap-group.conf | 16 | ||||
-rw-r--r-- | debian/local/examples/apache2-authbasic-ldap-user.conf | 16 | ||||
-rw-r--r-- | debian/ttyd.README.Debian | 40 | ||||
-rw-r--r-- | debian/ttyd.examples | 1 | ||||
-rw-r--r-- | debian/ttyd.install | 3 | ||||
-rwxr-xr-x | debian/ttyd.postinst | 28 | ||||
-rwxr-xr-x | debian/ttyd.postrm | 27 | ||||
-rw-r--r-- | debian/ttyd.service | 5 |
16 files changed, 140 insertions, 101 deletions
diff --git a/debian/TODO b/debian/TODO index 7bcf1a8..df70bc2 100644 --- a/debian/TODO +++ b/debian/TODO @@ -2,6 +2,7 @@ ttyd ==== * write logs to own logfile + * add README.Debian explaining apache2 setup * add debconf support to configure apache auth (create config, create htpasswd, etc.) -- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 08 Feb 2021 14:20:24 +0100 diff --git a/debian/changelog b/debian/changelog index f4d9790..6c5e942 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,45 +1,3 @@ -ttyd (1.6.3+20220719-1) sid; urgency=medium - - * Uploading to sid. - * Merging upstream version 1.6.3+20220719. - * Updating copyright for new upstream. - * Updating to standards version 4.6.1. - * Adding apache2 reverse-proxy configuration. - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Tue, 19 Jul 2022 12:34:47 +0200 - -ttyd (1.6.3+20210924-1) sid; urgency=medium - - * Uploading to sid. - * Merging upstream version 1.6.3+20210924. - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Sat, 09 Oct 2021 12:24:08 +0200 - -ttyd (1.6.3-4) sid; urgency=medium - - * Uploading to sid. - * Updating to standards version 4.6.0. - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Sat, 09 Oct 2021 11:02:22 +0200 - -ttyd (1.6.3-3) sid; urgency=medium - - * Uploading to sid. - * Adding /etc/default/ttyd to handle options used to start ttyd via systemd - unit. - * Restricting package to linux architectures. - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Fri, 26 Feb 2021 09:38:56 +0100 - -ttyd (1.6.3-2) sid; urgency=medium - - * Uploading to sid. - * Adding README.Debian. - * Correcting path to executables in system service, - thanks to Jonas Smedegaard <dr@jones.dk> (Closes: #983261). - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 22 Feb 2021 06:50:22 +0100 - ttyd (1.6.3-1) sid; urgency=medium * Initial upload to sid (Closes: #972863). diff --git a/debian/control b/debian/control index 4b3ca58..9bf33b5 100644 --- a/debian/control +++ b/debian/control @@ -9,16 +9,18 @@ Build-Depends: libwebsockets-dev, zlib1g-dev, Rules-Requires-Root: no -Standards-Version: 4.6.1 +Standards-Version: 4.5.1 Homepage: https://tsl0922.github.io/ttyd Vcs-Browser: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd Vcs-Git: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd Package: ttyd Section: web -Architecture: linux-any +Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, +Recommends: + apache2 | httpd, Description: Share your terminal over the web ttyd is a command-line tool for sharing a terminal over the web. diff --git a/debian/copyright b/debian/copyright index df13f3f..d062f12 100644 --- a/debian/copyright +++ b/debian/copyright @@ -4,11 +4,15 @@ Upstream-Contact: Shuanglei Tao <tsl0922@gmail.com> Source: https://github.com/tsl0922/ttyd/releases Files: * -Copyright: 2016-2022 Shuanglei Tao <tsl0922@gmail.com> +Copyright: 2016-2021 Shuanglei Tao <tsl0922@gmail.com> License: MIT +Files: src/queue.h +Copyright: 1991-1993 The Regents of the University of California +License: BSD-3 + Files: debian/* -Copyright: 2021-2022 Daniel Baumann <daniel.baumann@progress-linux.org> +Copyright: 2021 Daniel Baumann <daniel.baumann@progress-linux.org> License: MIT License: BSD-3 diff --git a/debian/local/apache2/ttyd.conf b/debian/local/apache2/ttyd.conf index 3a1c927..66b1850 100644 --- a/debian/local/apache2/ttyd.conf +++ b/debian/local/apache2/ttyd.conf @@ -1,12 +1,25 @@ # /etc/apache2/conf-available/ttyd.conf -<IfModule mod_proxy.c> - ProxyRequests Off - ProxyPreserveHost On +<IfModule rewrite_module> + <IfModule proxy_http_module> + <IfModule proxy_wstunnel_module> + ProxyPreserveHost On + ProxyRequests Off - ProxyPass /ttyd/ws ws://localhost:7681/ws - ProxyPassReverse /ttyd/ws ws://localhost:7681/ws + ProxyPass /ttyd/token ws://localhost:7681/token + ProxyPassReverse /ttyd/token ws://localhost:7681/token - ProxyPass /ttyd/ http://localhost:7681/ keepalive=on - ProxyPassReverse /ttyd/ http://localhost:7681/ + ProxyPass /ttyd/ws ws://localhost:7681/ws + ProxyPassReverse /ttyd/ws ws://localhost:7681/ws + + ProxyPass /ttyd http://localhost:7681 + ProxyPassReverse /ttyd http://localhost:7681 + + <IfFile /etc/ttyd/apache2-auth.conf> + <Location /ttyd> + Include /etc/ttyd/apache2-auth.conf + </Location> + </IfFile> + </IfModule> + </IfModule> </IfModule> diff --git a/debian/local/default/ttyd b/debian/local/default/ttyd deleted file mode 100644 index 526f877..0000000 --- a/debian/local/default/ttyd +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/default/ttyd - -TTYD_OPTIONS="-i lo -p 7681 -O login" diff --git a/debian/local/examples/apache2-authbasic-file.conf b/debian/local/examples/apache2-authbasic-file.conf new file mode 100644 index 0000000..5f28cb9 --- /dev/null +++ b/debian/local/examples/apache2-authbasic-file.conf @@ -0,0 +1,10 @@ +# /etc/ttyd/apache2-auth.conf + +<IfFile /etc/ttyd/htpasswd> + AuthName "ttyd" + AuthBasicProvider file + AuthType basic + + AuthUserFile /etc/ttyd/htpasswd + Require valid-user +</IfFile> diff --git a/debian/local/examples/apache2-authbasic-ip.conf b/debian/local/examples/apache2-authbasic-ip.conf new file mode 100644 index 0000000..8507a20 --- /dev/null +++ b/debian/local/examples/apache2-authbasic-ip.conf @@ -0,0 +1,8 @@ +# /etc/ttyd/apache2-auth.conf + +Order deny,allow +Deny from all + +Allow from 10.0.0.0/8 +Allow from 172.16.0.0/12 +Allow from 192.168.0.0/16 diff --git a/debian/local/examples/apache2-authbasic-ldap-group.conf b/debian/local/examples/apache2-authbasic-ldap-group.conf new file mode 100644 index 0000000..5827794 --- /dev/null +++ b/debian/local/examples/apache2-authbasic-ldap-group.conf @@ -0,0 +1,16 @@ +# /etc/ttyd/apache2-auth.conf + +AuthName "ttyd" +AuthBasicProvider ldap +AuthType basic + +AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub" +AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net +AuthLDAPBindPassword "examplePassword" + +AuthLDAPRemoteUserAttribute uid +AuthLDAPRemoteUserIsDN off +AuthLDAPGroupAttribute memberUid +AuthLDAPGroupAttributeIsDN off + +Require ldap-group cn=foo,ou=security,ou=groups,dc=example,dc=net diff --git a/debian/local/examples/apache2-authbasic-ldap-user.conf b/debian/local/examples/apache2-authbasic-ldap-user.conf new file mode 100644 index 0000000..5af7327 --- /dev/null +++ b/debian/local/examples/apache2-authbasic-ldap-user.conf @@ -0,0 +1,16 @@ +# /etc/ttyd/apache2-auth.conf + +AuthName "ttyd" +AuthBasicProvider ldap +AuthType basic + +AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub" +AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net +AuthLDAPBindPassword "examplePassword" + +AuthLDAPRemoteUserAttribute uid +AuthLDAPRemoteUserIsDN off +AuthLDAPGroupAttribute memberUid +AuthLDAPGroupAttributeIsDN off + +Require ldap-user foo bar baz diff --git a/debian/ttyd.README.Debian b/debian/ttyd.README.Debian deleted file mode 100644 index 90fe148..0000000 --- a/debian/ttyd.README.Debian +++ /dev/null @@ -1,40 +0,0 @@ -ttyd for Debian -=============== - -1. Default configuration ------------------------- - -After installing ttyd it will by default listen on http://localhost:7681 -in multi-user read-write "login"-mode: - - * multi-user means that more than one user can connect at the same time. - - * read-write means that anyone connecting to the website can input data. - - * Login mode means that the user gets a login prompt (like getty) where - user and password has to be entered. - -Edit /etc/default/ttyd and check the ttyd(1) manpage for the exact options. - - -2. Reverse proxy ----------------- - -To make ttyd accessible on the network, it is advised to hide it behind a -reverse proxy that does TLS and performs user authentication. - -To enable the apache2 proxy configuration, the following modules and -configuration need to be enabled: - - * sudo a2enmod proxy proxy_http proxy_http2 proxy_wstunnel - * sudo a2enconf ttyd - * sudo service apache2 reload - -ttyd is then accessible as <http://example.org/ttyd>. - - - -, consider protecting this with -TLS as well as some authentication. - - -- Daniel Baumann <daniel.baumann@progress-linux.org> Sun, 21 Feb 2021 17:19:20 +0100 diff --git a/debian/ttyd.examples b/debian/ttyd.examples new file mode 100644 index 0000000..891fdca --- /dev/null +++ b/debian/ttyd.examples @@ -0,0 +1 @@ +debian/local/examples/* diff --git a/debian/ttyd.install b/debian/ttyd.install index 4b8d4f0..a658e0d 100644 --- a/debian/ttyd.install +++ b/debian/ttyd.install @@ -1,2 +1 @@ -debian/local/default/* /etc/default -debian/local/apache2/* /etc/apache2/conf-available +debian/local/apache2/*.conf /etc/apache2/conf-available diff --git a/debian/ttyd.postinst b/debian/ttyd.postinst new file mode 100755 index 0000000..b3a83c8 --- /dev/null +++ b/debian/ttyd.postinst @@ -0,0 +1,28 @@ +#!/bin/sh + +set -e + +case "${1}" in + configure) + a2enmod rewrite + a2enmod proxy + a2enmod proxy_http + a2enmod proxy_http2 + a2enmod proxy_wstunnel + + a2enconf ttyd + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/ttyd.postrm b/debian/ttyd.postrm new file mode 100755 index 0000000..0c12e8c --- /dev/null +++ b/debian/ttyd.postrm @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +case "${1}" in + purge) + # apache2 + rm -f /etc/apache2/conf-enabled/ttyd.conf + + # httpasswd + rm -f /etc/ttyd/htpasswd + rmdir /etc/ttyd > /dev/null 2>&1 || true + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + ;; + + *) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/ttyd.service b/debian/ttyd.service index 25956c7..516d851 100644 --- a/debian/ttyd.service +++ b/debian/ttyd.service @@ -5,9 +5,8 @@ After=network.target systemd-tmpfiles-clean.service [Service] Type=simple -EnvironmentFile=/etc/default/ttyd -ExecStart=/usr/bin/ttyd $TTYD_OPTIONS -ExecReload=/usr/bin/kill -HUP $MAINPID +ExecStart=/bin/ttyd -i lo -p 7681 -O login +ExecReload=/bin/kill -HUP $MAINPID KillMode=process LimitNOFILE=512 LimitMEMLOCK=infinity |