-
Notifications
You must be signed in to change notification settings - Fork 22
Manual
- Java 1.7+ runtime
- (optional) nginx webserver
- download and unzip the installation package (https://github.com/zyclonite/nassh-relay/releases/download/v0.2-alpha/nassh-relay-0.2.zip)
- edit the config.xml file to your needs
- start the application with
java -jar nassh-relay.jar
hostname - bind ip for the webservice listener
webport - port to listen on
relay-url - the public available endpoint of your relay service
make sure the /cookie and /proxy endpoints share the same domain if you are using authentication
max-sessions - maximum allowed ssh client connections
blacklist - list of networks or hosts that are not allowed for ssh clients (use cidr notation for networks)
authentication - switches google plus authentication on or off
user - requires fields (google plus userid) and a list of networks or hosts like in the blacklist (a host or network granted access for a user will override a blacklist entry)
if you want to use authentication, you need to fill in your api project account details in the client_secrets.json file to get this details follow these steps
- goto https://code.google.com/apis/console
- create a project
- enable Google+ API under APIs
- under Credentials -> Client ID for web application add your relay url to Javascript Origins
- download the json file by clicking Download JSON
- rename the json to client_secrets.json and move it in the root of your nassh-relay folder
if you run the application behind a webserver, you need to pass a X-Real-IP header to be able to log the client ip
location /cookie {
proxy_pass http://localhost:8080/cookie;
include proxy_params;
}
location /proxy {
proxy_pass http://localhost:8080/proxy;
include proxy_params;
}
location /read {
proxy_pass http://localhost:8080/read;
include proxy_params;
}
location /write {
proxy_pass http://localhost:8080/write;
include proxy_params;
}
location /connect {
proxy_pass http://localhost:8080/connect;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 10m;
include proxy_params;
}