Μερλιν's home

User Tools

Site Tools

You are here: Μερλιν's home » technotes » Using TTYD to have shell to the server accessible through the standard web client
technotes:ttyd

Using TTYD to have shell to the server accessible through the standard web client

Download the ttyd binary https://github.com/tsl0922/ttyd (or build yourself)

Develop a command line for the ttyd:

/etc/default/ttyd
DAEMON_OPTS="-c username:password -b /ttyd/ -t fontSize=16 -t fontFamily=\"'Terminus', 'monospace'\" -t 'theme={foreground:\"#b2b2b2\",background:\"#000000\",cursor:\"#adadad\",black:\"#000000\",red:\"#650000\",green:\"#006500\",yellow:\"#655e00\",blue:\"#000065\",magenta:\"#650065\",cyan:\"#006565\",white:\"#656565\",brightBlack:\"#181818\",brightRed:\"#b21818\",brightGreen:\"#18b218\",brightYellow:\"#b26818\",brightBlue:\"#1818b2\",brightMagenta:\"#b218b2\",brightCyan:\"#18b2b2\",brightWhite:\"#b2b2b2\"}' login"

We need ttyd to run /usr/bin/login so it will ask for system login and password and then it will operate exactly like the serial terminal.

We mount it behind a reverse proxy (which will strip HTTPS for us) at the path /ttyd/.

This is needed so fonts and colors in the web terminal will be at least readable. Defaults are awful. I believe not all of them really work; on the other hand, this is the command line I use and it guaranteed to work.

Create a unit file in /etc/systemd/system:

/etc/systemd/system/ttyd.service
[Unit]
Description=Web TTY using xterm.js
After=network.target
Documentation=man:ttyd(8)
 
[Service]
EnvironmentFile=/etc/default/ttyd
ExecStart=/opt/ttyd.x86_64 $DAEMON_OPTS
KillMode=process
 
[Install]
WantedBy=multi-user.target

and enable it with systemctl enable ttyd.service. Notice the path in the EnvironmentFile — that is the file with command line options we developed in the previous step, and the path in the ExecStart — this is where we put the executable binary. If you use other paths, you need to fix them here.

Now configure the reverse proxy. Nginx configuration snippet corresponding to the command line above looks like the following: 

    location /ttyd {
        proxy_http_version 1.1;
        include proxy_params;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 1d; # dont kill connection after 60s of inactivity
        proxy_pass http://127.0.0.1:7681/ttyd;
    }

Obviously, the path in location, path in the proxy_pass, and the path in the ttyd command line must correspond to each other.

technotes/ttyd.txt · Last modified: by Nikita Kipriyanov