1. Service Configuration#
This configuration file deals with the start up and how the service is accessed.
Note
sshwebproxy.config
This file contains the config statements that setup the port and ssl for the service
1.1. sshwebproxy.config#
Configure web service defaults
1 %% http server options
2 {cowboy_ip, {192,168,1,20}}.
3 {cowboy_port, 8443}.
4 {cowboy_max_restart, 1}.
5 {cowboy_max_time, 5}.
6 {cowboy_certfile, "/workdir/erl/certs/certs/sshproxyweb-server-cert.pem"}.
7 {cowboy_keyfile, "/workdir/erl/certs/certs/sshproxyweb-server-key.pem"}.
8
9 %%
10 %% ssh login credentials and connection options for if you want this to be
11 %% a default jump host that logs users in under a specified id at first.
12 %% we dont recommend this setup - but it is here if you have a use for it
13 {ssh_user_id, "user-id"}.
14 {ssh_host, "ip-or-host-name"}.
15 {ssh_user_password, ""}.
16 {ssh_port, 22}.
17 {ssh_opts, [{silently_accept_hosts, true}, {connect_timeout, infinity} ]}.
18
19
20 % password login method
21 %{cli_login_method, {"password", []}}.
22 % if pub-key give path to dir where we will look up user and their pubkey home/${user}/id_rsa.pub
23 {cli_login_method, {"pub-key", "/workdir/config/home/"}}.
24
25
26 %%
27 %% internal means we are going to use our own sqlite3 database
28 {user_web_login_method, "internal" }.
29
30 %%
31 {sqlite3_db, "/workdir/erl/db/spxyweb.db" }.
32
33 %%
34 {hmac_key, "a-decent-and-complicated-password-passphrase-here"}.
35
36 %% kafka connection details
37 {kafka_client, sswtp_cli_client}.
38 {kafka_topic, <<"sswtp_cli_topic">>}.
39 {kafka_endpoints, [{"192.168.1.20",9092}]}.
40 {kafka_partition, 0}.
41 {kafka_client_opts, [{max_retires, 10},{retry_backoff_ms, 1000},{auto_start_producers, true},{reconnect_cool_down_seconds, 100}]}.
42
43 %%
44 {license_host, "lc09.securewebterminal.com:2568"}.
45 {license_file, "/workdir/swtp/config/sswtp_license.data"}.
1.2. SWTP Proxy Config Sections Details#
- cowboy_ip
IPv4 address to listen on
- cowboy_port
- HTTP Port service listens on
default 8443.
- cowboy_port
Default Ip address to listen on
- cowboy_max_restart
- Max Restart Of cowboy process
default 1
- cowboy_max_time
- Max time of cowboy
default 5
- cowboy_certfile
- Path to cert PEM file for https
default “/workdir/erl/certs/certs/sshproxyweb-server-cert.pem”}.
- cowboy_keyfile
- Path to cert PEM file for https
default “/workdir/erl/certs/certs/sshproxyweb-server-key.pem”}.
- ssh_user_id
default ssh user id
- ssh_host
default ssh host to connect to (hostname or ipaddress)
- ssh_user_password
default ssh user password
- ssh_port, 22
ssh port to connect to
- ssh_opts
- ssh connection options
default [{silently_accept_hosts, true}, {connect_timeout, infinity} ]}.
- cli_login_method
How users will login into the services provided by the sites configuration
- There are two options “password” and “pub-key”
password will require users to provide a password
pub-key will use the public key of the user that is store in the path
Note
pub-key requires that you mount a directory containing the public/private keys of the user id’s that will log into the service via the docker configuation
-v “$PWD/config/home:/workdir/config/home:rw”
- user_web_login_method “internal”
- Method we are going to use to validate user service requests. - default “internal”
internal means we are going to use our own sqlite3 database for user authentication
- sqlite3_db
- Path to sqlite3 database used for authentication
default “/workdir/erl/db/spxyweb.db”
- hmac_key
- Key used to encrypt user password
default “helloFuzzyLogic” urgently change
- kafka_client
- Internal Kafka client id
default sswtp_cli_client
- kafka_topic
- Kafka Topic to write msg to
default <<”sswtp_cli_topic”>>
- kafka_endpoints
- Kafka endpoint to connect to
default [{“192.168.1.20”,9092}]}.
- kafka_partition
- Kafka partition to write to
default 0
- kafka_client_opts
- Kafka client connection options
default [{max_retires, 10},{retry_backoff_ms, 1000},{auto_start_producers, true},{reconnect_cool_down_seconds, 100}]}.
- kafka_socket_opts
- Kafka socker connection options
default [{extra_sock_opts, [{sndbuf, 1024*1024}] }]}.
- license_host
hostname:port of the license server used to validate client license
If using the fee version, then comment out this entry with a % character
- license_file
Path to your license file e.g. “/workdir/swtp/config/sswtp_license.data”
If using the fee version, then comment out this entry with a % character