2. Deployment Guide#

2.1. SWTP Deployment Guide#

2.1.1. Web Terminal Platform#

  • Pull and Deploy sswtp-base docker package

Note

  • Download via docker

    docker pull swtp/secure-web-terminal:1.0.2

    NOTE For production use proper ssl keys!!

    Before starting create valid ssl keys for the db communication for all necessary nodes

2.1.2. Launch with Docker#

Note

  • The default port used is 8443 you can change this in the sshwebproxy.config file

    • You can change it see config

Example Docker command

 1IMAGE_NAME=swtp/secure-web-terminal:1.0.2
 2sudo docker run -d -it --restart unless-stopped --network host --name sshproxyweb \
 3       -v /etc/localtime:/etc/localtime:ro \
 4       -v "$PWD/config/sshwebproxy.config:/workdir/config/sshwebproxy.config:ro" \
 5       -v "$PWD/config/sshwebproxy_hosts.config:/workdir/config/sshwebproxy_hosts.config:ro" \
 6       -v "$PWD/config/sswtp_license.data:/workdir/config/sswtp_license.data:ro" \
 7       -v "$PWD/config/vm.args:/opt/local/build/sshproxyweb/_rel/wterm_release/releases/1/vm.args:ro" \
 8       -v "$PWD/config/sys.config:/opt/local/build/sshproxyweb/_rel/wterm_release/releases/1/sys.config:ro" \
 9       -v "$PWD/config/home:/workdir/config/home:rw" \
10       ${IMAGE_NAME}

Note

sshwebproxy.config config

  • Service configuration file, contains the main default configurations need for starting the tool

Note

sshwebproxy_hosts config

  • Service Jump hosts configuration file

  • You can use this configuration file to determine what hosts and CLI’s are exposed to your users of the SWTP tool

Note

swtp_license.data

  • service license file

  • A valid license that needs to be in place for the tool to work as desired.

  • If using the free version you dont need to supply this on the command line

Note

vm.args

  • Not Required

  • Erlang specific vm args file

  • Only modify and add to these if you know what you are doing in regards to the erlang VM

  • Typical vm.args configuration

-name wterm@host_ip
-setcookie wterm
-heart

Note

-v “$PWD/config/home:/workdir/config/home:rw”

Use this if you want your users to login using their public key

The directory structure should contain as directory of the userid which holds their pub/priv keys

The path should match the configuration section in sshwebproxy.config specifying the public key auth section

{cli_login_method, {“pub-key”, “/workdir/config/home/”}}.

Note

sys.config

  • Not Required

  • Erlang specific system config file

  • Only modify and add to these if you know what you are doing in regards to the erlang VM

  • Typical sys.config for logging

{lager, [
     {log_root, "/var/tmp/sshproxyweb"},
     {handlers, [
       {lager_console_backend, [{level, info}]},
       {lager_file_backend, [{file, "debug.log"}, {level, debug}]},
       {lager_file_backend, [{file, "error.log"}, {level, error}]},
       {lager_file_backend, [{file, "console.log"}, {level, info}]}
     ]}
]}