From 116995274c49da63a9e18ec6a85423071e175280 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 19 Jul 2022 12:26:53 +0200 Subject: Adding apache2 reverse-proxy configuration. Signed-off-by: Daniel Baumann --- debian/ttyd.README.Debian | 59 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 52 insertions(+), 7 deletions(-) (limited to 'debian/ttyd.README.Debian') diff --git a/debian/ttyd.README.Debian b/debian/ttyd.README.Debian index 9af0faa..25281ca 100644 --- a/debian/ttyd.README.Debian +++ b/debian/ttyd.README.Debian @@ -1,17 +1,62 @@ ttyd for Debian =============== - * After installing ttyd it will by default listen on http://localhost:7681 - in multi-user read-write "login"-mode: +1. Default configuration +------------------------ - - multi-user means that more than one user can connect at the same time. +After installing ttyd it will by default listen on http://localhost:7681 +in multi-user read-write "login"-mode: - - read-write means that anyone connecting to the website can input data. + * multi-user means that more than one user can connect at the same time. - - Login mode means that the user gets a login prompt (like getty) where - user and password has to be entered. + * read-write means that anyone connecting to the website can input data. - * Edit /etc/default/ttyd and check the ttyd(1) manpage for the exact options. + * Login mode means that the user gets a login prompt (like getty) where + user and password has to be entered. +Edit /etc/default/ttyd and check the ttyd(1) manpage for more information +about available options. + + +2. Reverse proxy +---------------- + +To make ttyd accessible on the network, it is advised to hide it behind a +reverse proxy that does TLS and performs user authentication. + +To enable the apache2 proxy configuration, the following modules and +configuration need to be enabled: + + * sudo a2enmod proxy proxy_http proxy_http2 proxy_wstunnel + + * sudo a2enconf ttyd + + * sudo service apache2 reload + +ttyd is then accessible as . + + +3. Apache authentication +------------------------ + +The apache reverse-proxy configuration automatically includes +/etc/ttyd/apache2-auth.conf, if existing, to protect access to '/ttyd'. + +There are some examples in /usr/share/doc/ttyd/examples that can be +used as starting point. + +To enable HTTP basic authentication, the following steps can be used: + + * sudo mkdir -p /etc/ttyd + + * sudo ln -s /usr/share/doc/ttyd/examples/apache2-authbasic-file.conf \ + /etc/ttyd/apache2-auth.conf + + * sudo htpasswd -c -b /etc/ttyd/htpasswd daniel password123 + + * sudo service apache2 reload + +This will allow the user 'daniel' to access ttyd with the password +'password123'. Further users can be added, see htpasswd(1). -- Daniel Baumann Sun, 21 Feb 2021 17:19:20 +0100 -- cgit v1.2.3