zishuo/Servo
1
0
Fork 0
mirror of https://github.com/antoniomika/sish.git synced 2025-09-26 19:21:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Page: Deployment with systemd
Pages
Advanced HTTP tunnels Deployment with systemd Home
Clone
2
Deployment with systemd
Antonio Mika edited this page 2021-12-30 21:16:59 -05:00
Table of Contents

To setup sish using systemd, complete the steps as follows:

  1. Setup the user that will be running sish:

    # Add the user
useradd -d /srv/sish -m sish

# Login as the user
su sish

# Jump into the home folder for the user
cd /srv/sish

# Create the directory to store public keys
# Place your public keys here!
mkdir pubkeys sish

# Download sish. This grabs `v2.0.0`. If you would like to retrieve a
# different version, change the `2.0.0` to the semantic version you'd like.
curl -L "https://github.com/antoniomika/sish/releases/download/v2.0.0/sish-2.0.0.$(uname | tr '[:upper:]' '[:lower:]')-$((uname -m | grep -q armv8 && echo arm64) || (uname -m | grep -q aarch64 && echo arm64) || (uname -m | grep -q arm && echo armv6) || echo amd64).tar.gz" | tar -xzC /srv/sish/sish --strip-components=1

# Or build sish from source. This checks out the `v2.0.0` version.
# Similar to above, change this to the version or branch you'd like.
git clone https://github.com/antoniomika/sish.git sish && git checkout v2.0.0
go build .

# switch back to the root user
exit

  2. Setup the unit file at /etc/systemd/system/sish.service:

    💡 These args are not exhaustive: ensure the arguments match your intended use!

    [Unit]
Description=sish

[Service]
ExecStart=/srv/sish/sish/sish \
    --ssh-address=:22 \
    --http-address=:80 \
    --authentication-keys-directory=/srv/sish/pubkeys \
    -d sish.example.com \
    --bind-random-subdomains=false
WorkingDirectory=/srv/sish/sish
User=sish
Group=sish
Restart=on-failure
RestartSec=5s
ProtectSystem=strict
PrivateTmp=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

  3. Start the sish service

    systemctl start sish

  4. Enable the sish service so it restarts on reboots

    systemctl enable sish

  5. Check service status

    systemctl status sish