From 0409e98822a933e551cbbbfa6ac9542cc24f3be6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 19 Jul 2022 13:32:38 +0200
Subject: Updating.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/TODO                                        |  1 +
 debian/changelog                                   | 42 ----------------------
 debian/control                                     |  6 ++--
 debian/copyright                                   |  8 +++--
 debian/local/apache2/ttyd.conf                     | 27 ++++++++++----
 debian/local/default/ttyd                          |  3 --
 debian/local/examples/apache2-authbasic-file.conf  | 10 ++++++
 debian/local/examples/apache2-authbasic-ip.conf    |  8 +++++
 .../examples/apache2-authbasic-ldap-group.conf     | 16 +++++++++
 .../examples/apache2-authbasic-ldap-user.conf      | 16 +++++++++
 debian/ttyd.README.Debian                          | 40 ---------------------
 debian/ttyd.examples                               |  1 +
 debian/ttyd.install                                |  3 +-
 debian/ttyd.postinst                               | 28 +++++++++++++++
 debian/ttyd.postrm                                 | 27 ++++++++++++++
 debian/ttyd.service                                |  5 ++-
 16 files changed, 140 insertions(+), 101 deletions(-)
 delete mode 100644 debian/local/default/ttyd
 create mode 100644 debian/local/examples/apache2-authbasic-file.conf
 create mode 100644 debian/local/examples/apache2-authbasic-ip.conf
 create mode 100644 debian/local/examples/apache2-authbasic-ldap-group.conf
 create mode 100644 debian/local/examples/apache2-authbasic-ldap-user.conf
 delete mode 100644 debian/ttyd.README.Debian
 create mode 100644 debian/ttyd.examples
 create mode 100755 debian/ttyd.postinst
 create mode 100755 debian/ttyd.postrm

diff --git a/debian/TODO b/debian/TODO
index 7bcf1a8..df70bc2 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -2,6 +2,7 @@ ttyd
 ====
 
   * write logs to own logfile
+  * add README.Debian explaining apache2 setup
   * add debconf support to configure apache auth (create config, create htpasswd, etc.)
 
  -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 08 Feb 2021 14:20:24 +0100
diff --git a/debian/changelog b/debian/changelog
index f4d9790..6c5e942 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,45 +1,3 @@
-ttyd (1.6.3+20220719-1) sid; urgency=medium
-
-  * Uploading to sid.
-  * Merging upstream version 1.6.3+20220719.
-  * Updating copyright for new upstream.
-  * Updating to standards version 4.6.1.
-  * Adding apache2 reverse-proxy configuration.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Tue, 19 Jul 2022 12:34:47 +0200
-
-ttyd (1.6.3+20210924-1) sid; urgency=medium
-
-  * Uploading to sid.
-  * Merging upstream version 1.6.3+20210924.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Sat, 09 Oct 2021 12:24:08 +0200
-
-ttyd (1.6.3-4) sid; urgency=medium
-
-  * Uploading to sid.
-  * Updating to standards version 4.6.0.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Sat, 09 Oct 2021 11:02:22 +0200
-
-ttyd (1.6.3-3) sid; urgency=medium
-
-  * Uploading to sid.
-  * Adding /etc/default/ttyd to handle options used to start ttyd via systemd
-    unit.
-  * Restricting package to linux architectures.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Fri, 26 Feb 2021 09:38:56 +0100
-
-ttyd (1.6.3-2) sid; urgency=medium
-
-  * Uploading to sid.
-  * Adding README.Debian.
-  * Correcting path to executables in system service,
-    thanks to Jonas Smedegaard <dr@jones.dk> (Closes: #983261).
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 22 Feb 2021 06:50:22 +0100
-
 ttyd (1.6.3-1) sid; urgency=medium
 
   * Initial upload to sid (Closes: #972863).
diff --git a/debian/control b/debian/control
index 4b3ca58..9bf33b5 100644
--- a/debian/control
+++ b/debian/control
@@ -9,16 +9,18 @@ Build-Depends:
  libwebsockets-dev,
  zlib1g-dev,
 Rules-Requires-Root: no
-Standards-Version: 4.6.1
+Standards-Version: 4.5.1
 Homepage: https://tsl0922.github.io/ttyd
 Vcs-Browser: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd
 Vcs-Git: https://git.progress-linux.org/users/daniel.baumann/debian/packages/ttyd
 
 Package: ttyd
 Section: web
-Architecture: linux-any
+Architecture: any
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
+Recommends:
+ apache2 | httpd,
 Description: Share your terminal over the web
  ttyd is a command-line tool for sharing a terminal over the web.
diff --git a/debian/copyright b/debian/copyright
index df13f3f..d062f12 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,11 +4,15 @@ Upstream-Contact: Shuanglei Tao <tsl0922@gmail.com>
 Source: https://github.com/tsl0922/ttyd/releases
 
 Files: *
-Copyright: 2016-2022 Shuanglei Tao <tsl0922@gmail.com>
+Copyright: 2016-2021 Shuanglei Tao <tsl0922@gmail.com>
 License: MIT
 
+Files: src/queue.h
+Copyright: 1991-1993 The Regents of the University of California
+License: BSD-3
+
 Files: debian/*
-Copyright: 2021-2022 Daniel Baumann <daniel.baumann@progress-linux.org>
+Copyright: 2021 Daniel Baumann <daniel.baumann@progress-linux.org>
 License: MIT
 
 License: BSD-3
diff --git a/debian/local/apache2/ttyd.conf b/debian/local/apache2/ttyd.conf
index 3a1c927..66b1850 100644
--- a/debian/local/apache2/ttyd.conf
+++ b/debian/local/apache2/ttyd.conf
@@ -1,12 +1,25 @@
 # /etc/apache2/conf-available/ttyd.conf
 
-<IfModule mod_proxy.c>
-	ProxyRequests Off
-	ProxyPreserveHost On
+<IfModule rewrite_module>
+	<IfModule proxy_http_module>
+		<IfModule proxy_wstunnel_module>
+			ProxyPreserveHost On
+			ProxyRequests Off
 
-	ProxyPass /ttyd/ws ws://localhost:7681/ws
-	ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+			ProxyPass  /ttyd/token ws://localhost:7681/token
+			ProxyPassReverse /ttyd/token ws://localhost:7681/token
 
-	ProxyPass /ttyd/ http://localhost:7681/ keepalive=on
-	ProxyPassReverse /ttyd/ http://localhost:7681/
+			ProxyPass  /ttyd/ws ws://localhost:7681/ws
+			ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+
+			ProxyPass /ttyd http://localhost:7681
+			ProxyPassReverse /ttyd http://localhost:7681
+
+			<IfFile /etc/ttyd/apache2-auth.conf>
+				<Location /ttyd>
+					Include /etc/ttyd/apache2-auth.conf
+				</Location>
+			</IfFile>
+		</IfModule>
+	</IfModule>
 </IfModule>
diff --git a/debian/local/default/ttyd b/debian/local/default/ttyd
deleted file mode 100644
index 526f877..0000000
--- a/debian/local/default/ttyd
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/default/ttyd
-
-TTYD_OPTIONS="-i lo -p 7681 -O login"
diff --git a/debian/local/examples/apache2-authbasic-file.conf b/debian/local/examples/apache2-authbasic-file.conf
new file mode 100644
index 0000000..5f28cb9
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-file.conf
@@ -0,0 +1,10 @@
+# /etc/ttyd/apache2-auth.conf
+
+<IfFile /etc/ttyd/htpasswd>
+	AuthName "ttyd"
+	AuthBasicProvider file
+	AuthType basic
+
+	AuthUserFile /etc/ttyd/htpasswd
+	Require valid-user
+</IfFile>
diff --git a/debian/local/examples/apache2-authbasic-ip.conf b/debian/local/examples/apache2-authbasic-ip.conf
new file mode 100644
index 0000000..8507a20
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ip.conf
@@ -0,0 +1,8 @@
+# /etc/ttyd/apache2-auth.conf
+
+Order deny,allow
+Deny from all
+
+Allow from 10.0.0.0/8
+Allow from 172.16.0.0/12
+Allow from 192.168.0.0/16
diff --git a/debian/local/examples/apache2-authbasic-ldap-group.conf b/debian/local/examples/apache2-authbasic-ldap-group.conf
new file mode 100644
index 0000000..5827794
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-group.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-group cn=foo,ou=security,ou=groups,dc=example,dc=net
diff --git a/debian/local/examples/apache2-authbasic-ldap-user.conf b/debian/local/examples/apache2-authbasic-ldap-user.conf
new file mode 100644
index 0000000..5af7327
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-user.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-user foo bar baz
diff --git a/debian/ttyd.README.Debian b/debian/ttyd.README.Debian
deleted file mode 100644
index 90fe148..0000000
--- a/debian/ttyd.README.Debian
+++ /dev/null
@@ -1,40 +0,0 @@
-ttyd for Debian
-===============
-
-1. Default configuration
-------------------------
-
-After installing ttyd it will by default listen on http://localhost:7681
-in multi-user read-write "login"-mode:
-
-  * multi-user means that more than one user can connect at the same time.
-
-  * read-write means that anyone connecting to the website can input data.
-
-  * Login mode means that the user gets a login prompt (like getty) where
-    user and password has to be entered.
-
-Edit /etc/default/ttyd and check the ttyd(1) manpage for the exact options.
-
-
-2. Reverse proxy
-----------------
-
-To make ttyd accessible on the network, it is advised to hide it behind a
-reverse proxy that does TLS and performs user authentication.
-
-To enable the apache2 proxy configuration, the following modules and
-configuration need to be enabled:
-
-  * sudo a2enmod proxy proxy_http proxy_http2 proxy_wstunnel
-  * sudo a2enconf ttyd
-  * sudo service apache2 reload
-
-ttyd is then accessible as <http://example.org/ttyd>.
-
-
-
-, consider protecting this with
-TLS as well as some authentication.
-
- -- Daniel Baumann <daniel.baumann@progress-linux.org>  Sun, 21 Feb 2021 17:19:20 +0100
diff --git a/debian/ttyd.examples b/debian/ttyd.examples
new file mode 100644
index 0000000..891fdca
--- /dev/null
+++ b/debian/ttyd.examples
@@ -0,0 +1 @@
+debian/local/examples/*
diff --git a/debian/ttyd.install b/debian/ttyd.install
index 4b8d4f0..a658e0d 100644
--- a/debian/ttyd.install
+++ b/debian/ttyd.install
@@ -1,2 +1 @@
-debian/local/default/*	/etc/default
-debian/local/apache2/*	/etc/apache2/conf-available
+debian/local/apache2/*.conf	/etc/apache2/conf-available
diff --git a/debian/ttyd.postinst b/debian/ttyd.postinst
new file mode 100755
index 0000000..b3a83c8
--- /dev/null
+++ b/debian/ttyd.postinst
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	configure)
+		a2enmod rewrite
+		a2enmod proxy
+		a2enmod proxy_http
+		a2enmod proxy_http2
+		a2enmod proxy_wstunnel
+
+		a2enconf ttyd
+		;;
+
+	abort-upgrade|abort-remove|abort-deconfigure)
+
+		;;
+
+	*)
+		echo "postinst called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ttyd.postrm b/debian/ttyd.postrm
new file mode 100755
index 0000000..0c12e8c
--- /dev/null
+++ b/debian/ttyd.postrm
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	purge)
+		# apache2
+		rm -f /etc/apache2/conf-enabled/ttyd.conf
+
+		# httpasswd
+		rm -f /etc/ttyd/htpasswd
+		rmdir /etc/ttyd > /dev/null 2>&1 || true
+		;;
+
+	remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+		;;
+
+	*)
+		echo "postrm called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ttyd.service b/debian/ttyd.service
index 25956c7..516d851 100644
--- a/debian/ttyd.service
+++ b/debian/ttyd.service
@@ -5,9 +5,8 @@ After=network.target systemd-tmpfiles-clean.service
 
 [Service]
 Type=simple
-EnvironmentFile=/etc/default/ttyd
-ExecStart=/usr/bin/ttyd $TTYD_OPTIONS
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStart=/bin/ttyd -i lo -p 7681 -O login
+ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 LimitNOFILE=512
 LimitMEMLOCK=infinity
-- 
cgit v1.2.3