Add configuration page
parent
2d594713b5
commit
7f34421c83
113
Configuration.md
Normal file
113
Configuration.md
Normal file
@ -0,0 +1,113 @@
|
||||
## Settings
|
||||
|
||||
The `settings` block contains settings for the SSH server itself.
|
||||
|
||||
### Fields
|
||||
|
||||
- `ssh_dir` (optional, string): Directory where SSH keys are stored. Default is `~/.ssh`.
|
||||
- `listen_addr` (optional, string): Address on which the SSH server listens. Default is `:2222`.
|
||||
- `debug` (optional, bool): Enables or disables debug logging. Default is `false`.
|
||||
|
||||
### Example
|
||||
```hcl
|
||||
settings {
|
||||
ssh_dir = "/home/user/.ssh"
|
||||
listen_addr = "0.0.0.0:22"
|
||||
debug = true
|
||||
}
|
||||
```
|
||||
|
||||
## Route
|
||||
|
||||
The `route` block represents a virtual host configuration.
|
||||
|
||||
### Fields
|
||||
|
||||
- `name` (label, string): The name of the virtual host.
|
||||
- `backend` (string): The backend to use for the route (e.g., `docker`, `serial`).
|
||||
- `match` (string): The regular expression to match for routing. The first capture group in the regular expression will be passed to the backend as the argument. If there's a named capture group with the name `arg`, that will be used as the argument instead. If there are no capture groups, the whole routing path will be used as the argument.
|
||||
- `settings` (object): Additional settings for the backend. These are different for each backend.
|
||||
- `permissions` (optional, object): Permissions map for the route. If this is missing, all users will be allowed to access all resources.
|
||||
|
||||
### Example
|
||||
```hcl
|
||||
route "example" {
|
||||
backend = "docker"
|
||||
match = "docker\\.(.+)"
|
||||
settings = {
|
||||
command = ["/bin/bash"]
|
||||
}
|
||||
permissions = {
|
||||
admins = {
|
||||
allow = ["*"]
|
||||
}
|
||||
group1 = {
|
||||
allow = ["container1", "container2"]
|
||||
deny = ["container3", "admin_container*"]
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Auth
|
||||
|
||||
The `auth` block contains the authentication settings.
|
||||
|
||||
### Fields
|
||||
|
||||
- [`fail2ban`](#fail2ban) (block): Fail2Ban rate limiter settings.
|
||||
- [`user`](#user) (block, multiple): List of virtual users.
|
||||
|
||||
### Example
|
||||
```hcl
|
||||
auth {
|
||||
fail2ban {
|
||||
limit = "10m"
|
||||
attempts = 5
|
||||
}
|
||||
|
||||
user "user1" {
|
||||
password = "$argon2id..."
|
||||
groups = ["admins"]
|
||||
pubkeys = ["ssh-ed25519 AAA..."]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Fail2Ban
|
||||
|
||||
The `fail2ban` block contains the Fail2Ban rate limiter settings.
|
||||
|
||||
### Fields
|
||||
|
||||
- `limit` (string): Time interval (e.g., `1h2m3s`).
|
||||
- `attempts` (int): Number of allowed attempts before banning.
|
||||
|
||||
### Example
|
||||
```hcl
|
||||
# Allows 5 failed login attempts per 10 minute interval
|
||||
fail2ban {
|
||||
limit = "10m"
|
||||
attempts = 5
|
||||
}
|
||||
```
|
||||
|
||||
## User
|
||||
|
||||
The `user` block contains the configuration for a virtual user.
|
||||
|
||||
### Fields
|
||||
|
||||
- `name` (label, string): The username.
|
||||
- `password` (optional, string): The argon2id hash of the user's password (can be generated using `seashell --gen-hash`).
|
||||
- `groups` (optional, []string): The groups to which the user belongs.
|
||||
- `pubkeys` (optional, []string): Public keys for the user.
|
||||
|
||||
### Example
|
||||
```hcl
|
||||
user "admin" {
|
||||
password = "$argon2id..."
|
||||
groups = ["admins"]
|
||||
pubkeys = ["ssh-ed25519 AAA..."]
|
||||
}
|
||||
```
|
||||
Loading…
Reference in New Issue
Block a user