2. Deployment Guide#
2.1. SWTP Deployment Guide#
2.1.1. Web Terminal Platform#
Pull and Deploy sswtp-base docker package
Note
Download via docker
docker pull swtp/secure-web-terminal:1.0.2
NOTE For production use proper ssl keys!!
Before starting create valid ssl keys for the db communication for all necessary nodes
2.1.2. Launch with Docker#
Note
Docker repository
Note
The default port used is 8443 you can change this in the sshwebproxy.config file
You can change it see config
Example Docker command
1IMAGE_NAME=swtp/secure-web-terminal:1.0.2
2sudo docker run -d -it --restart unless-stopped --network host --name sshproxyweb \
3 -v /etc/localtime:/etc/localtime:ro \
4 -v "$PWD/config/sshwebproxy.config:/workdir/config/sshwebproxy.config:ro" \
5 -v "$PWD/config/sshwebproxy_hosts.config:/workdir/config/sshwebproxy_hosts.config:ro" \
6 -v "$PWD/config/sswtp_license.data:/workdir/config/sswtp_license.data:ro" \
7 -v "$PWD/config/vm.args:/opt/local/build/sshproxyweb/_rel/wterm_release/releases/1/vm.args:ro" \
8 -v "$PWD/config/sys.config:/opt/local/build/sshproxyweb/_rel/wterm_release/releases/1/sys.config:ro" \
9 -v "$PWD/config/home:/workdir/config/home:rw" \
10 ${IMAGE_NAME}
Note
sshwebproxy.config config
Service configuration file, contains the main default configurations need for starting the tool
Note
sshwebproxy_hosts config
Service Jump hosts configuration file
You can use this configuration file to determine what hosts and CLI’s are exposed to your users of the SWTP tool
Note
swtp_license.data
service license file
A valid license that needs to be in place for the tool to work as desired.
If using the free version you dont need to supply this on the command line
Note
vm.args
Not Required
Erlang specific vm args file
Only modify and add to these if you know what you are doing in regards to the erlang VM
Typical vm.args configuration
-name wterm@host_ip
-setcookie wterm
-heart
Note
-v “$PWD/config/home:/workdir/config/home:rw”
Use this if you want your users to login using their public key
The directory structure should contain as directory of the userid which holds their pub/priv keys
The path should match the configuration section in sshwebproxy.config specifying the public key auth section
{cli_login_method, {“pub-key”, “/workdir/config/home/”}}.
Note
sys.config
Not Required
Erlang specific system config file
Only modify and add to these if you know what you are doing in regards to the erlang VM
Typical sys.config for logging
{lager, [
{log_root, "/var/tmp/sshproxyweb"},
{handlers, [
{lager_console_backend, [{level, info}]},
{lager_file_backend, [{file, "debug.log"}, {level, debug}]},
{lager_file_backend, [{file, "error.log"}, {level, error}]},
{lager_file_backend, [{file, "console.log"}, {level, info}]}
]}
]}