354 lines
8.6 KiB
Groff
354 lines
8.6 KiB
Groff
.nh
|
|
.TH ttyd 1 "September 2016" ttyd "User Manual"
|
|
|
|
.SH NAME
|
|
.PP
|
|
ttyd - Share your terminal over the web
|
|
|
|
|
|
.SH SYNOPSIS
|
|
.PP
|
|
\fBttyd\fP [options] <command> [<arguments...>]
|
|
|
|
|
|
.SH DESCRIPTION
|
|
.PP
|
|
ttyd is a command-line tool for sharing terminal over the web that runs in *nix and windows systems, with the following features:
|
|
|
|
.RS
|
|
.IP \(bu 2
|
|
Built on top of Libwebsockets with libuv for speed
|
|
.IP \(bu 2
|
|
Fully-featured terminal based on Xterm.js with CJK (Chinese, Japanese, Korean) and IME support
|
|
.IP \(bu 2
|
|
Graphical ZMODEM integration with lrzsz support
|
|
.IP \(bu 2
|
|
Sixel image output support
|
|
.IP \(bu 2
|
|
SSL support based on OpenSSL
|
|
.IP \(bu 2
|
|
Run any custom command with options
|
|
.IP \(bu 2
|
|
Basic authentication support and many other custom options
|
|
.IP \(bu 2
|
|
Cross platform: macOS, Linux, FreeBSD/OpenBSD, OpenWrt/LEDE, Windows
|
|
|
|
.RE
|
|
|
|
|
|
.SH OPTIONS
|
|
.PP
|
|
-p, --port
|
|
Port to listen (default: 7681, use \fB\fC0\fR for random port)
|
|
|
|
.PP
|
|
-i, --interface
|
|
Network interface to bind (eg: eth0), or UNIX domain socket path (eg: /var/run/ttyd.sock)
|
|
|
|
.PP
|
|
-U, --socket-owner
|
|
User owner of the UNIX domain socket file, when enabled (eg: user:group)
|
|
|
|
.PP
|
|
-c, --credential USER[:PASSWORD]
|
|
Credential for Basic Authentication (format: username:password)
|
|
|
|
.PP
|
|
-H, --auth-header
|
|
HTTP Header name for auth proxy, this will configure ttyd to let a HTTP reverse proxy handle authentication
|
|
|
|
.PP
|
|
-u, --uid
|
|
User id to run with
|
|
|
|
.PP
|
|
-g, --gid
|
|
Group id to run with
|
|
|
|
.PP
|
|
-s, --signal
|
|
Signal to send to the command when exit it (default: 1, SIGHUP)
|
|
|
|
.PP
|
|
-w, --cwd
|
|
Working directory to be set for the child program
|
|
|
|
.PP
|
|
-a, --url-arg
|
|
Allow client to send command line arguments in URL (eg: http://localhost:7681?arg=foo&arg=bar)
|
|
|
|
.PP
|
|
-W, --writable
|
|
Allow clients to write to the TTY (readonly by default)
|
|
|
|
.PP
|
|
-t, --client-option
|
|
Send option to client (format: key=value), repeat to add more options, see \fBCLIENT OPTIONS\fP for details
|
|
|
|
.PP
|
|
-T, --terminal-type
|
|
Terminal type to report, default: xterm-256color
|
|
|
|
.PP
|
|
-O, --check-origin
|
|
Do not allow websocket connection from different origin
|
|
|
|
.PP
|
|
-m, --max-clients
|
|
Maximum clients to support (default: 0, no limit)
|
|
|
|
.PP
|
|
-o, --once
|
|
Accept only one client and exit on disconnection
|
|
|
|
.PP
|
|
-q, --exit-no-conn
|
|
Exit on all clients disconnection
|
|
|
|
.PP
|
|
-B, --browser
|
|
Open terminal with the default system browser
|
|
|
|
.PP
|
|
-I, --index
|
|
Custom index.html path
|
|
|
|
.PP
|
|
-b, --base-path
|
|
Expected base path for requests coming from a reverse proxy (eg: /mounted/here, max length: 128)
|
|
|
|
.PP
|
|
-P, --ping-interval
|
|
Websocket ping interval(sec) (default: 5)
|
|
|
|
.PP
|
|
-f, --srv-buf-size
|
|
Maximum chunk of file (in bytes) that can be sent at once, a larger value may improve throughput (default: 4096)
|
|
|
|
.PP
|
|
-6, --ipv6
|
|
Enable IPv6 support
|
|
|
|
.PP
|
|
-S, --ssl
|
|
Enable SSL
|
|
|
|
.PP
|
|
-C, --ssl-cert
|
|
SSL certificate file path
|
|
|
|
.PP
|
|
-K, --ssl-key
|
|
SSL key file path
|
|
|
|
.PP
|
|
-A, --ssl-ca
|
|
SSL CA file path for client certificate verification
|
|
|
|
.PP
|
|
-d, --debug
|
|
Set log level (default: 7)
|
|
|
|
.PP
|
|
-v, --version
|
|
Print the version and exit
|
|
|
|
.PP
|
|
-h, --help
|
|
Print this text and exit
|
|
|
|
|
|
.SH CLIENT OPTIONS
|
|
.PP
|
|
ttyd has a mechanism to pass server side command-line arguments to the browser page which is called \fBclient options\fP:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
-t, --client-option Send option to client (format: key=value), repeat to add more options
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.SH Basic usage
|
|
.RS
|
|
.IP \(bu 2
|
|
\fB\fC-t rendererType=canvas\fR: use the \fB\fCcanvas\fR renderer for xterm.js (default: \fB\fCwebgl\fR)
|
|
.IP \(bu 2
|
|
\fB\fC-t disableLeaveAlert=true\fR: disable the leave page alert
|
|
.IP \(bu 2
|
|
\fB\fC-t disableResizeOverlay=true\fR: disable the terminal resize overlay
|
|
.IP \(bu 2
|
|
\fB\fC-t disableReconnect=true\fR: prevent the terminal from reconnecting on connection error/close
|
|
.IP \(bu 2
|
|
\fB\fC-t enableZmodem=true\fR: enable ZMODEM
|
|
\[la]https://en.wikipedia.org/wiki/ZMODEM\[ra] / lrzsz
|
|
\[la]https://ohse.de/uwe/software/lrzsz.html\[ra] file transfer support
|
|
.IP \(bu 2
|
|
\fB\fC-t enableTrzsz=true\fR: enable trzsz
|
|
\[la]https://trzsz.github.io\[ra] file transfer support
|
|
.IP \(bu 2
|
|
\fB\fC-t enableSixel=true\fR: enable Sixel
|
|
\[la]https://en.wikipedia.org/wiki/Sixel\[ra] image output support (Usage
|
|
\[la]https://saitoha.github.io/libsixel/\[ra])
|
|
.IP \(bu 2
|
|
\fB\fC-t closeOnDisconnect=true\fR: close the terminal on disconnection, this will disable reconnect
|
|
.IP \(bu 2
|
|
\fB\fC-t titleFixed=hello\fR: set a fixed title for the browser window
|
|
.IP \(bu 2
|
|
\fB\fC-t fontSize=20\fR: change the font size of the terminal
|
|
.IP \(bu 2
|
|
\fB\fC-t unicodeVersion=11\fR: set xterm unicode support level (default: 11, use 6 to disable unicode addon)
|
|
.IP \(bu 2
|
|
\fB\fC-t trzszDragInitTimeout=3000\fR: set the timeout in milliseconds for initializing drag and drop files to upload. (default: 3000)
|
|
|
|
.RE
|
|
|
|
.SH Advanced usage
|
|
.PP
|
|
You can use the client option to change all the settings of xterm defined in ITerminalOptions
|
|
\[la]https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/\[ra], examples:
|
|
|
|
.RS
|
|
.IP \(bu 2
|
|
\fB\fC-t cursorStyle=bar\fR: set cursor style to \fB\fCbar\fR
|
|
.IP \(bu 2
|
|
\fB\fC-t lineHeight=1.5\fR: set line-height to \fB\fC1.5\fR
|
|
.IP \(bu 2
|
|
\fB\fC-t 'theme={"background": "green"}'\fR: set background color to \fB\fCgreen\fR
|
|
|
|
.RE
|
|
|
|
.PP
|
|
to try the example options above, run:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
ttyd -t cursorStyle=bar -t lineHeight=1.5 -t 'theme={"background": "green"}' bash
|
|
|
|
.fi
|
|
.RE
|
|
|
|
|
|
.SH EXAMPLES
|
|
.PP
|
|
ttyd starts web server at port 7681 by default, you can use the -p option to change it, the command will be started with arguments as options. For example, run:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
ttyd -p 8080 bash -x
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Then open http://localhost:8080 with a browser, you will get a bash shell with debug mode enabled. More examples:
|
|
|
|
.RS
|
|
.IP \(bu 2
|
|
If you want to login with your system accounts on the web browser, run \fB\fCttyd login\fR\&.
|
|
.IP \(bu 2
|
|
You can even run a non-shell command like vim, try: \fB\fCttyd vim\fR, the web browser will show you a vim editor.
|
|
.IP \(bu 2
|
|
Sharing single process with multiple clients: \fB\fCttyd tmux new -A -s ttyd vim\fR, run \fB\fCtmux new -A -s ttyd\fR to connect to the tmux session from terminal.
|
|
|
|
.RE
|
|
|
|
|
|
.SH SSL how-to
|
|
.PP
|
|
Generate SSL CA and self signed server/client certificates:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
# CA certificate (FQDN must be different from server/client)
|
|
openssl genrsa -out ca.key 2048
|
|
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
|
|
|
|
# server certificate (for multiple domains, change subjectAltName to: DNS:example.com,DNS:www.example.com)
|
|
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out server.csr
|
|
openssl x509 -sha256 -req -extfile <(printf "subjectAltName=DNS:localhost") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
|
|
|
|
# client certificate (the p12/pem format may be useful for some clients)
|
|
openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=client" -out client.csr
|
|
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt
|
|
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
|
|
openssl pkcs12 -in client.p12 -out client.pem -clcerts
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
Then start ttyd:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
ttyd --ssl --ssl-cert server.crt --ssl-key server.key --ssl-ca ca.crt bash
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
You may want to test the client certificate verification with \fIcurl\fP(1):
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
curl --insecure --cert client.p12[:password] -v https://localhost:7681
|
|
|
|
.fi
|
|
.RE
|
|
|
|
.PP
|
|
If you don't want to enable client certificate verification, remove the \fB\fC--ssl-ca\fR option.
|
|
|
|
|
|
.SH Docker and ttyd
|
|
.PP
|
|
Docker containers are jailed environments which are more secure, this is useful for protecting the host system, you may use ttyd with docker like this:
|
|
|
|
.RS
|
|
.IP \(bu 2
|
|
Sharing single docker container with multiple clients: docker run -it --rm -p 7681:7681 tsl0922/ttyd.
|
|
.IP \(bu 2
|
|
Creating new docker container for each client: ttyd docker run -it --rm ubuntu.
|
|
|
|
.RE
|
|
|
|
|
|
.SH Nginx reverse proxy
|
|
.PP
|
|
Sample config to proxy ttyd under the \fB\fC/ttyd\fR path:
|
|
|
|
.PP
|
|
.RS
|
|
|
|
.nf
|
|
location ~ ^/ttyd(.*)$ {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass http://127.0.0.1:7681/$1;
|
|
}
|
|
|
|
.fi
|
|
.RE
|
|
|
|
|
|
.SH AUTHOR
|
|
.PP
|
|
Shuanglei Tao <tsl0922@gmail.com> Visit https://github.com/tsl0922/ttyd to get more information and report bugs.
|