@ -30,3 +30,66 @@ incoming shares (i.e. `tty-share` clients), and 5000 is the port of the web
interface through which remote users can connect. You can override the
interface through which remote users can connect. You can override the
defaults by specifying a different port mapping on the command line, e.g.
defaults by specifying a different port mapping on the command line, e.g.
`-p 7654:6543 -p 80:5000` to listen on `7654` and serve on `80` .`-p 7654:6543 -p 80:5000` to listen on `7654` and serve on `80` .
## TLS Setup
You'll need a certificate and the associed key file.
Here is an example for a setup with `nginx` as proxy
The idea is use nginx as
* reverse proxy for the web interface at port 5000 (listen at 443, terminate the TLS, and redirect to localhost:5000)
* TLS endpoint at port 7654, and redirect to localhost:6543
The client usage (after this TLS setup): `tty-share -server server:7654`
### nginx config for the web/browser side (http+websockets connection)
This section can go for example in `/etc/nginx/site-enabled/default`
server {
server_name _;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
proxy_send_timeout 1600;
proxy_read_timeout 1600;
########### tty-server application
# the /s/, /ws/ and /static/ locations - all used by the actual tty-server.
location / {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Allow websocket upgrade
# https://iota.stackexchange.com/questions/2535/hornet-dashboard-not-working-the-client-is-not-using-the-websocket-protocol
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
### nginx config for the tty-share command line client (TLS connection)
For the stream , you'll need the stream module from nginx. This configuration cannot go in the `site-enabled/` because it's limited to the http module and not the stream module. Store it in `/etc/nginx/modules-enabled/99-tty-server-stream.conf` , for example
stream {
server {
# https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
# the tty-server tcp connection ssl proxy
listen 7654 ssl so_keepalive=30m::10;
proxy_pass localhost:6543;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
}
}
You'll have to adapt the URL variable to use the nginx URL:
docker run \
-p 6543:6543 -p 5000:5000 \
-e URL=https://server.domain.com \
--cap-drop=all --rm \
tty-server
Blindauer Emmanuel
4 years ago
committed by
GitHub