1. Service Configuration#

This configuration file deals with the start up and how the service is accessed.

Note

  1. sshwebproxy.config

    • This file contains the config statements that setup the port and ssl for the service

1.1. sshwebproxy.config#

Configure web service defaults

 1  %% http server options
 2  {cowboy_ip, {192,168,1,20}}.
 3  {cowboy_port, 8443}.
 4  {cowboy_max_restart, 1}.
 5  {cowboy_max_time, 5}.
 6  {cowboy_certfile, "/workdir/erl/certs/certs/sshproxyweb-server-cert.pem"}.
 7  {cowboy_keyfile, "/workdir/erl/certs/certs/sshproxyweb-server-key.pem"}.
 8
 9  %%
10  %% ssh login credentials and connection options for if you want this to be
11  %% a default jump host that logs users in under a specified id at first.
12  %% we dont recommend this setup - but it is here if you have a use for it
13  {ssh_user_id, "user-id"}.
14  {ssh_host, "ip-or-host-name"}.
15  {ssh_user_password, ""}.
16  {ssh_port, 22}.
17  {ssh_opts, [{silently_accept_hosts, true}, {connect_timeout, infinity} ]}.
18
19
20  % password login method
21  %{cli_login_method,  {"password", []}}.
22  % if pub-key give path to dir where we will look up user and their pubkey home/${user}/id_rsa.pub
23  {cli_login_method, {"pub-key", "/workdir/config/home/"}}.
24
25
26  %%
27  %% internal means we are going to use our own sqlite3 database
28  {user_web_login_method, "internal" }.
29
30  %%
31  {sqlite3_db, "/workdir/erl/db/spxyweb.db" }.
32
33  %%
34  {hmac_key, "a-decent-and-complicated-password-passphrase-here"}.
35
36  %% kafka connection details
37  {kafka_client, sswtp_cli_client}.
38  {kafka_topic, <<"sswtp_cli_topic">>}.
39  {kafka_endpoints, [{"192.168.1.20",9092}]}.
40  {kafka_partition, 0}.
41  {kafka_client_opts, [{max_retires, 10},{retry_backoff_ms, 1000},{auto_start_producers, true},{reconnect_cool_down_seconds, 100}]}.
42
43  %%
44  {license_host, "lc09.securewebterminal.com:2568"}.
45  {license_file, "/workdir/swtp/config/sswtp_license.data"}.

1.2. SWTP Proxy Config Sections Details#

  • cowboy_ip
    • IPv4 address to listen on

  • cowboy_port
    • HTTP Port service listens on
      • default 8443.

  • cowboy_port
    • Default Ip address to listen on

  • cowboy_max_restart
    • Max Restart Of cowboy process
      • default 1

  • cowboy_max_time
    • Max time of cowboy
      • default 5

  • cowboy_certfile
    • Path to cert PEM file for https
      • default “/workdir/erl/certs/certs/sshproxyweb-server-cert.pem”}.

  • cowboy_keyfile
    • Path to cert PEM file for https
      • default “/workdir/erl/certs/certs/sshproxyweb-server-key.pem”}.

  • ssh_user_id
    • default ssh user id

  • ssh_host
    • default ssh host to connect to (hostname or ipaddress)

  • ssh_user_password
    • default ssh user password

  • ssh_port, 22
    • ssh port to connect to

  • ssh_opts
    • ssh connection options
      • default [{silently_accept_hosts, true}, {connect_timeout, infinity} ]}.

  • cli_login_method
    • How users will login into the services provided by the sites configuration

    • There are two options “password” and “pub-key”
      • password will require users to provide a password

      • pub-key will use the public key of the user that is store in the path

Note

pub-key requires that you mount a directory containing the public/private keys of the user id’s that will log into the service via the docker configuation

-v “$PWD/config/home:/workdir/config/home:rw”

  • user_web_login_method “internal”
    • Method we are going to use to validate user service requests. - default “internal”
      • internal means we are going to use our own sqlite3 database for user authentication

  • sqlite3_db
    • Path to sqlite3 database used for authentication
      • default “/workdir/erl/db/spxyweb.db”

  • hmac_key
    • Key used to encrypt user password
      • default “helloFuzzyLogic” urgently change

  • kafka_client
    • Internal Kafka client id
      • default sswtp_cli_client

  • kafka_topic
    • Kafka Topic to write msg to
      • default <<”sswtp_cli_topic”>>

  • kafka_endpoints
    • Kafka endpoint to connect to
      • default [{“192.168.1.20”,9092}]}.

  • kafka_partition
    • Kafka partition to write to
      • default 0

  • kafka_client_opts
    • Kafka client connection options
      • default [{max_retires, 10},{retry_backoff_ms, 1000},{auto_start_producers, true},{reconnect_cool_down_seconds, 100}]}.

  • kafka_socket_opts
    • Kafka socker connection options
      • default [{extra_sock_opts, [{sndbuf, 1024*1024}] }]}.

  • license_host
    • hostname:port of the license server used to validate client license

    • If using the fee version, then comment out this entry with a % character

  • license_file
    • Path to your license file e.g. “/workdir/swtp/config/sswtp_license.data”

    • If using the fee version, then comment out this entry with a % character