A secure web-based terminal interface that provides shell access through a browser, featuring HTTPS/SSL encryption and multi-layer authentication.
- HTTPS/SSL Encryption: All traffic is encrypted using SSL certificates
- Multi-layer Authentication:
- HTTP Basic Authentication for web access
- WebSocket authentication for terminal connections
- Both layers use the same credentials from config.yaml
- Configurable Users: Multiple users can be defined in the config.yaml file
- Secure by Default: Requires HTTPS and authentication to function
- Clone or copy the files to your target location:
sudo mkdir /opt/web-terminal
sudo cp -r * /opt/web-terminal/
cd /opt/web-terminal- Install dependencies:
sudo npm install-
Configure the application:
- Copy the example config:
sudo cp config.yaml.example config.yaml
- Edit config.yaml to set:
- SSL certificate paths
- Server port
- User credentials
- Terminal preferences
- Copy the example config:
-
Set up SSL certificates:
- If using Let's Encrypt:
sudo certbot certonly --standalone -d your-domain.com
- Update config.yaml with your certificate paths:
server: ssl: cert: /etc/letsencrypt/live/your-domain.com/fullchain.pem key: /etc/letsencrypt/live/your-domain.com/privkey.pem
- If using Let's Encrypt:
-
Install the systemd service:
sudo cp web-terminal.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable web-terminal
sudo systemctl start web-terminalserver:
port: 3000
ssl:
cert: /path/to/cert.pem
key: /path/to/key.pem
users:
admin: your_secure_password
user1: another_password
terminal:
shell: bash
cols: 80
rows: 30- Access the terminal through your browser:
https://your-domain.com:3000
-
Enter your credentials when prompted (configured in config.yaml)
-
You will now have access to a secure terminal session
- Always use strong passwords in config.yaml
- Keep config.yaml secure with appropriate file permissions:
sudo chown root:root config.yaml sudo chmod 600 config.yaml
- Regularly update SSL certificates
- Monitor logs for unauthorized access attempts:
sudo journalctl -u web-terminal
The system uses two layers of authentication for enhanced security:
- HTTP Basic Auth for initial web access
- WebSocket authentication for terminal connection
Both use the same credentials, so you can enter the same username/password for both prompts.
-
SSL Certificate Problems:
sudo systemctl status web-terminal
Check if the SSL paths in config.yaml are correct
-
Permission Issues:
sudo chown -R root:root /opt/web-terminal sudo chmod -R 755 /opt/web-terminal sudo chmod 600 /opt/web-terminal/config.yaml
-
Port Already in Use:
sudo netstat -tulpn | grep <port>
Change the port in config.yaml if needed
The application maintains detailed logs of all connections, authentication attempts, and commands:
- System Service Logs:
sudo journalctl -u web-terminal -f- Application Logs:
- Location:
/opt/web-terminal/logs/web-terminal-YYYY-MM-DD.log - Rotated daily with 14-day retention
- JSON formatted logs include:
- IP addresses of connections
- Authentication attempts (success/failure)
- WebSocket connections/disconnections
- Commands executed
View latest application logs:
tail -f /opt/web-terminal/logs/web-terminal-$(date +%Y-%m-%d).logLog Format:
{
"event": "authentication|connection|command",
"ip": "client_ip_address",
"username": "user_who_connected",
"timestamp": "ISO-8601 timestamp",
"success": true|false, // for authentication events
"command": "executed_command", // for command events
"type": "http|websocket", // for connection events
"status": "connected|disconnected" // for connection events
}To update the application:
- Stop the service:
sudo systemctl stop web-terminal
- Update files
- Restart the service:
sudo systemctl restart web-terminal