Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mickael-kerjean/webpty
A secure webshell
https://github.com/mickael-kerjean/webpty
bash terminal-app webshell webterminal
Last synced: 3 days ago
JSON representation
A secure webshell
- Host: GitHub
- URL: https://github.com/mickael-kerjean/webpty
- Owner: mickael-kerjean
- License: agpl-3.0
- Created: 2022-10-13T07:50:09.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-02-07T15:24:03.000Z (11 months ago)
- Last Synced: 2024-12-13T04:22:28.427Z (10 days ago)
- Topics: bash, terminal-app, webshell, webterminal
- Language: Go
- Homepage: http://www.webpty.io
- Size: 3.23 MB
- Stars: 191
- Watchers: 6
- Forks: 11
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
WebPty makes it possible to run your server terminal from your browser. It was made to "just work":
```
curl -L -o webpty.bin "https://github.com/mickael-kerjean/webpty/releases/download/stable/webpty_linux_amd64.bin"
chmod +x ./webpty.bin
./webpty.bin
```*note*: the list of build is available in the [documentation](https://www.webpty.io/)
One of the core design principle of webpty is that you can't missuse it to harm yourself meaning:
- It won't work on HTTP even if you try really hard
- it will create its own self signed certificates if you don't supply your own
- rely on SSH to authorise users meaning only people who already have an account on the box can connect to webpty
- I have it [exposed on the internet](https://home.webpty.io/) to manage a bunch of machines and servers# Accompanying Web Fleet server
The [fleet manager server](https://github.com/mickael-kerjean/webpty/tree/main/webfleet) is the latest addition to webpty, it is the central place where all your webpty instance are available. In practice, it can be your android phone running from a 3G network via termux, your home server, your laptop running from a public wifi, your production VM that don't have SSH at all, containers running as a sidecar or even your machine sitting at work behind a very restrictive corporate network.
To install the webfleet server from scratch:
```
# STEP1: compile everything
git clone --depth 1 https://github.com/mickael-kerjean/webpty && cd webpty
go build -o webfleet.bin webfleet/main.go# STEP2: run the server
sudo CERTBOT=example.com AUTH_DRIVER=simple AUTH_USER=username:password ./webfleet.bin# STEP3: attach a webpty client to the fleet
FLEET=example.com ./webpty.io
```*notes*:
- the `CERTBOT` env variable is to have the fleet server generate its own ssl certificates via letsencrypt. If you have it enabled, it will expose itself on port 80 and 443. If you don't use `CERTBOT`, the application will expose itself on port 8123 (aka you won't need to use sudo as port is > 1000) and you need to have SSL handled at the reverse proxy level.
- `AUTH_DRIVER` is to enable different strategy for authenticating to the fleet server. As of today, only 2 strategies are available: `yolo` and `simple`. As the name implies, `yolo` is to disable any kind of user authentication as it assumes you are handling this kind of things through a reverse proxy and `simple` is for the server to manage authentication in which case `AUTH_USER` will be how it gets the list of username/password.# Roadmap
1. provide more authentication drivers so it can be used not only for homelab and selfhost people but also in a company settings (LDAP, SAML, OIDC, ...)
2. have a proper bash parser (most likely treesitter) that understand bash commands and chroot to restrict access based on a user role. The ultimate goal for this is to enable devops to provide access to server to every developer who need it as you will only be able to do things that are necessary to do your job and to be able to showcase people how I'm running my kubernetes infrastructure by giving them direct access to a terminal knowing they can't do anything that will cause the cluster to break and stop serving the ~50k user I get with another [side project](https://github.com/mickael-kerjean/filestash/).
3. provide support for graphical things via RDP, VNC
# Contact
Need customisation and/or need something for your company? contact me either via [email](mailto:[email protected]) or via the [Filestash support](https://platform.filestash.app/support/ticket/new)