web-terminal/README.md
Raoni Meira Gabriel dba1def448 First version
2020-12-08 15:41:06 -03:00

9.9 KiB

web-terminal

What is this?

This is a lightweight (~43MB) alpine based docker image that comes pre-packaged with 2 wonderful tools:

  • ttyd: is a simple command-line tool for sharing terminal over the web, using websockets.
  • ngrok: Creates reverse tunnels that allow access to your box from the internet.

On top of those, I've added socat, nginx, openssh and openssl. This allows you to quickly provision an isolated (docker container) that can serve as a base for a lot of tunelling solutions. Use your imagination. 😉

If you run this with docker option --rm (as bellow), keep in mind that docker will remove the container once it gets stopped. This is good if you don't want to leave any garbage behind.


Usage

# docker run --rm -d -p 7681:7681 raonigabriel/web-terminal:latest

Then access http://localhost:7681 to have a web-based shell. There is no enforced limit on the number of shells, but you can do that if needed, by customizing the ttyd daemon process.

See here and here for more help and the CMD line of this image's Dockerfile.


Advanced Usage

Things start shining when you pair ttyd with ngrok. On one active shell, start nrgrok:

ngrok http -region=sa -bind-tls=true -inspect=false localhost:7681

Check its running:

ngrok by @inconshreveable                                                                                                                                                                                                                                     (Ctrl+C to quit)
                                                                                                                                                                                                                                                                              
Session Status                online                                                                                                                                                                                                                                          
Session Expires               7 hours, 59 minutes                                                                                                                                                                                                                             
Version                       2.3.35                                                                                                                                                                                                                                          
Region                        South America (sa)                                                                                                                                                                                                            
Forwarding                    https://e0075a2a0966.ngrok.io -> http://localhost:7681

See the Forwarding line? You now have your docker-container, web-based ttyd shell exposed (over HTTPS) by ngrok to the Internet.

Notice that on this example weŕe using a custom region (sa) and that weŕe only exposing HTTPS tunnel (no HTTP) and that we have disabled the ngrok admin console (usually it listens on port 4040).

Now, let's try that with nginx. First, run the embedded nginx in the background (notice the ampersand) then start ngrok:

# nginx &
# ngrok http 80

ngrok by @inconshreveable                                                                                                                                                                                                                                     (Ctrl+C to quit)
                                                                                                                                                                                                                                                                              
Session Status                online                                                                                                                                                                                                                                          
Session Expires               7 hours, 59 minutes                                                                                                                                                                                                                             
Version                       2.3.35                                                                                                                                                                                                                                          
Region                        United States (us)                                                                                                                                                                                                                              
Web Interface                 http://127.0.0.1:4040                                                                                                                                                                                                                           
Forwarding                    http://cf96bd9d722e.ngrok.io -> http://localhost:80                                                                                                                                                                                             
Forwarding                    https://cf96bd9d722e.ngrok.io -> http://localhost:80 

And now you have your nginx exposed to the internet over HTTP and HTPS. On this example, the web interface is also enabled on port 4040.

Keep in mind that you can also use any other TCP based service server because ngrok supports not only HTTP/HTTPS but also raw TCP tunnels.


Extras

To terminate the container (and all its shells) from inside, run this aliased version of poweroff:

# poweroff

It WILL NOT shut down the host, but the container instead.


Docker options (ports and volumes)

By default, ttyd runs on port 7681 and ngrok opens and admin console on port 4040.

If you want to have access to the ngrok admin console, remember to add -p 4040:4040 to the docker call:

# docker run --rm -d -p 4040:4040 -p 7681:7681 raonigabriel/web-terminal:latest

If you know you will need access to the container internal ports, (nginx, openssh-server) just use add -p to the docker call, for an example:

# docker run --rm -d -p 80:80 -p 7681:7681 raonigabriel/web-terminal:latest

If you want to keep the container after it exits, remove the --rm from the call:

# docker run -d -p 7681:7681 raonigabriel/web-terminal:latest

If you want to use any volume(s) from the host, just bind mount it with -v, for an example:

# docker run --rm -d -v /var/run/docker.sock:/var/run/docker.sock -p 7681:7681 raonigabriel/web-terminal:latest

Custom (derived) image

You can create your own custom Docker image, inherit from this one then add the tools you want and a non-root user (recomended). See the sample Dockerfile bellow for a custom developer image tha could be used as standard-sandboxed-environment by javascript developers:

FROM raonigabriel/web-terminal:latest
RUN apk add --no-cache curl nano git g++ make npm docker-cli && \
    npm install -g yarn typescript @angular/cli && \
    addgroup -g 1000 docker && \
    adduser -s /bin/sh -u 1000 -D -G docker developer && \
    mkdir /home/developer/.ngrok2 && \
    echo "web_addr: 0.0.0.0:4040" > /home/developer/.ngrok2/ngrok.yml && \
    echo "tunnels:" >> /home/developer/.ngrok2/ngrok.yml && \
    echo "  nodejs:" >> /home/developer/.ngrok2/ngrok.yml && \
    echo "    proto: http" >> /home/developer/.ngrok2/ngrok.yml && \
    echo "    addr: 3000" >> /home/developer/.ngrok2/ngrok.yml && \
    chown -R developer:docker /home/developer/.ngrok2

USER developer
WORKDIR /home/developer
CMD [ "ttyd", "-c", "developer:password", "-s", "3", "-t", "titleFixed=/bin/sh", "-t", "rendererType=webgl", "-t", "disableLeaveAlert=true", "/bin/sh", "-i", "-l" ]

Build, then run it:

# docker build . -t js-box
# docker run --rm --hostname jsbox -d -p 7681:7681 js-box

Because we configured the ~/.ngrok2/ngrok.yml on this custom image, you can start the ngrok tunnel by name inside the container as following:

# ngrok start nodejs

And since this image has the docker-cli, you could even bind-mount the host docker socket to use it from inside the container:

# docker run --rm --hostname jsbox -v /var/run/docker.sock:/var/run/docker.sock -d -p 7681:7681 js-box

We could also use have used socat, openssh tunnels or event ngrok to forward the local docker port (2375) to another host.


ngrok account and plans

ngrok suports TLS, TCP tunnels, certs, built-in fileserver, forwarding to another machines so please take a look on https://ngrok.com/docs for more help.

Keep in mind that some of the advanced features require you to create a (free) account then use the provided auth token. See https://ngrok.com/docs#getting-started-authtoken for more info.

ngrok is free but also has paid plans that allow custom domains, reserved tunnels and greater control. See https://ngrok.com/pricing for plans.


Licenses

Apache License 2.0


Disclaimer

  • I am not affiliated in any way with ngrok.
  • This image comes with no warranty. Use it at your own risk.
  • I don't like Apple. Fuck off, fan-boys.
  • I don't like left-winged snowflakes. Fuck off, code-covenant.
  • I will call my branches the old way. Long live master, fuck-off renaming.