Install and configure shellinabox (web terminal) with SSL (debian)

1. Install the package shellinabox which is present in repository
         #sudo apt-get install shellinabox

2. Check settings 
         #cat /etc/default/shellinabox (For RHEL it will be /etc/sysconfig/shellinaboxd)

3. Manage SSL certificate for shellinabox (by using existing SSL certifcates)
        #cat /etc/ssl/certs/web/mydomain.com/privkey.pem > /var/lib/shellinabox/certificate.pem
        #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /var/lib/shellinabox/certificate.pem
        #systemctl restart shellinabox

4. Configure  apache2 for SSL certificate and redirection
        Create a file /etc/apache2/sites-available/shellinabox.conf and and put the entries given below
  

          <VirtualHost *:80>
          ServerName terminal.mydomain.com
          Redirect permanent / https://terminal.mydomain.com/
          </VirtualHost>

          <IfModule mod_ssl.c>
          <VirtualHost *:443>
          ServerName terminal.mydomain.com
          SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
          SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
          Include /etc/letsencrypt/options-ssl-apache.conf
          ProxyPreserveHost On
          ProxyRequests Off

          # allow for upgrading to websockets
          RewriteEngine On
          RewriteCond %{HTTP:Upgrade} =websocket [NC]
          RewriteRule /(.*) ws://127.0.0.1:4200/$1 [P,L]
          RewriteCond %{HTTP:Upgrade} !=websocket [NC]
          RewriteRule /(.*) http://127.0.0.1:4200/$1 [P,L]

          # Proxy to your local bash instance
          ProxyPass / http://127.0.0.1:4200/
          ProxyPassReverse / http://127.0.0.1:4200/

          </VirtualHost>
          </IfModule>

5.  Configure IPTables to drop requests on 4200 from world
        iptables -A INPUT -p tcp -s 127.0.0.1 --dport 4200 -j ACCEPT
        iptables -A INPUT -p tcp --dport 4200 -j DROP
  

6.  Enable Apache Configuration 
       #ln -s /etc/apache2/sites-available/shellinabox.conf /etc/apache2/sites-enabled/shellinabox.conf
       #systemctl reload apache2

Summary:
After this setup web terminal (shellinabox) will be available only on https://terminal.mydomain.com and https://terminal.mydomain.com:4200 will not work

 


			

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

3,435 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>