zishuo/oneterm
1
0
Fork 0
mirror of https://github.com/veops/oneterm.git synced 2025-10-05 23:37:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add configs

Browse Source
This commit is contained in:
fxiang21
2024-02-01 20:15:11 +08:00
parent 53a133c3fa
commit 9988839133
12 changed files with 1625 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.gitignore vendored
View File

@@ -78,3 +78,17 @@ oneterm-ui/npm-debug.log*
oneterm-ui/yarn-debug.log* oneterm-ui/yarn-debug.log*
oneterm-ui/yarn-error.log* oneterm-ui/yarn-error.log*
oneterm-ui/package-lock.json oneterm-ui/package-lock.json
## backend
*.log
*.cast
vendor/
volume
backend/cmd/ssh/ssh
backend/cmd/ssh/config.yaml
backend/cmd/ssh/app.log
backend/cmd/api/api
backend/cmd/api/config.yaml

140
docker-compose.yaml Normal file
View File

@@ -0,0 +1,140 @@
version: "3.0"
services:
oneterm-api:
image: oneterm-api:1.24.1
container_name: oneterm-api-1
volumes:
- file-data:/replay
- ./docs/api.yaml:/oneterm/config.yaml
depends_on:
- mysql
- redis
restart: always
networks:
new:
aliases:
- oneterm-api
oneterm-ssh:
image: oneterm-ssh:1.24.26
container_name: oneterm-ssh
ports:
- "12229:12228"
restart: always
volumes:
- ./docs/ssh.yaml:/oneterm/config.yaml
- /data/jumper/cmd/ssh/ssh:/ssh
command: sleep 10000
depends_on:
- oneterm-api
networks:
new:
aliases:
- oneterm-ssh
mysql:
image: mysql:latest
container_name: oneterm-mysql-1
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD: '123456'
MYSQL_DATABASE: 'oneterm'
volumes:
- db-data:/var/lib/mysql
- ./docs/mysqld.cnf:/etc/mysql/conf.d/mysqld.cnf
- ./docs/acl.sql:/docker-entrypoint-initdb.d/2-acl.sql
- ./docs/api.sql:/docker-entrypoint-initdb.d/3-api.sql
- ./docs/create-users.sql:/docker-entrypoint-initdb.d/1-create-users.sql
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
restart: always
networks:
new:
aliases:
- mysql
ports:
- '23306:3306'
redis:
image: redis:latest
container_name: oneterm-redis-1
#command: redis-server --requirepass tyrj5QVP9rHs
restart: always
environment:
TZ: Asia/Shanghai
networks:
new:
aliases:
- redis
oneterm-ui:
image: oneterm-ui:1.24.3
container_name: oneterm-ui
depends_on:
- oneterm-api
environment:
TZ: Asia/Shanghai
ONETERM_API_HOST: oneterm-api:8080
ACL_API_HOST: acl-api:5000
NGINX_PORT: 80
volumes:
- ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
restart: always
command:
- /bin/sh
- -c
- |
envsubst '$$ONETERM_API_HOST $$ACL_API_HOST $$NGINX_PORT' < /etc/nginx/conf.d/nginx.oneterm.conf.example > /etc/nginx/conf.d/oneterm.conf
nginx -g 'daemon off;'
networks:
- new
ports:
- "8000:80"
acl-api:
image: registry.cn-hangzhou.aliyuncs.com/veops/acl-api:1.1
container_name: oneterm-acl-api
environment:
#TZ: Asia/Shanghai
WAIT_HOSTS: mysql:3306, redis:6379
volumes:
- ./docs/settings.py:/data/app/acl/settings.py
- ./docs/app.py:/data/apps/acl/api/lib/perm/acl/app.py
- ./docs/.env:/data/apps/acl/.env
- ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
restart: always
command:
- /bin/sh
- -c
- |
sleep 2
flask db-setup
flask init-acl
flask init-department
gunicorn --workers=3 autoapp:app -b 0.0.0.0:5000 -D --access-logfile logs/access.log --error-logfile logs/error.log
celery -A celery_worker.celery worker -E -Q acl_async --logfile=one_acl_async.log --autoscale=2,1 -D
depends_on:
- mysql
- redis
networks:
new:
aliases:
- acl-api
volumes:
db-data:
driver: local
name: oneterm_db-data
file-data:
driver: local
name: oneterm_file-data
networks:
new:
driver: bridge
name: oneterm_network-1
ipam:
config:
- subnet: 172.30.0.0/24

BIN
docs.tar.gz Normal file
View File

Binary file not shown.

7
docs/.env Normal file
View File

@@ -0,0 +1,7 @@
# Environment variable overrides for local development
FLASK_APP=autoapp.py
FLASK_DEBUG=1
FLASK_ENV=development
GUNICORN_WORKERS=2
LOG_LEVEL=debug
SECRET_KEY='xW2FAUfgffjmerTEBXADmURDOQ43ojLN'

935
docs/acl.sql Normal file
View File

File diff suppressed because one or more lines are too long

217
docs/api.sql Normal file
View File

@@ -0,0 +1,217 @@
-- Active: 1700721140603@@192.168.20.82@53306@oneterm
CREATE DATABASE IF NOT EXISTS oneterm;
CREATE TABLE
IF NOT EXISTS oneterm.account(
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(64) NOT NULL DEFAULT '',
`account_type` int NOT NULL DEFAULT 0,
`account` VARCHAR(64) NOT NULL DEFAULT '',
`password` TEXT NOT NULL,
`pk` TEXT NOT NULL,
`phrase` TEXT NOT NULL,
`resource_id` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`updater_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `name_del` (`name`, `deleted_at`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.asset(
`id` INT NOT NULL AUTO_INCREMENT,
`ci_id` INT NOT NULL DEFAULT 0,
`name` VARCHAR(64) NOT NULL DEFAULT '',
`comment` VARCHAR(64) NOT NULL DEFAULT '',
`parent_id` INT NOT NULL DEFAULT 0,
`ip` VARCHAR(64) NOT NULL DEFAULT '',
`protocols` JSON NOT NULL,
`gateway_id` INT NOT NULL DEFAULT 0,
`authorization` JSON NOT NULL,
`start` TIMESTAMP,
`end` TIMESTAMP,
`cmd_ids` JSON NOT NULL,
`ranges` JSON NOT NULL,
`allow` TINYINT(1) NOT NULL DEFAULT 0,
`connectable` TINYINT(1) NOT NULL DEFAULT 0,
`resource_id` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updater_id` INT NOT NULL DEFAULT 0,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `name_del` (`name`, `deleted_at`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.command(
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(64) NOT NULL DEFAULT '',
`cmds` JSON NOT NULL,
`enable` TINYINT(1) NOT NULL DEFAULT 0,
`resource_id` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`updater_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `name_del` (`name`, `deleted_at`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.gateway(
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(64) NOT NULL DEFAULT '',
`host` VARCHAR(64) NOT NULL DEFAULT '',
`port` INT NOT NULL DEFAULT 0,
`account_type` int NOT NULL DEFAULT 0,
`account` VARCHAR(64) NOT NULL DEFAULT '',
`password` TEXT NOT NULL,
`pk` TEXT NOT NULL,
`phrase` TEXT NOT NULL,
`resource_id` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`updater_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `name_del` (`name`, `deleted_at`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.node(
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(64) NOT NULL DEFAULT '',
`comment` VARCHAR(64) NOT NULL DEFAULT '',
`parent_id` INT NOT NULL DEFAULT 0,
`ip` VARCHAR(64) NOT NULL DEFAULT '',
`protocols` JSON NOT NULL,
`gateway_id` INT NOT NULL DEFAULT 0,
`authorization` JSON NOT NULL,
`start` TIMESTAMP,
`end` TIMESTAMP,
`cmd_ids` JSON NOT NULL,
`ranges` JSON NOT NULL,
`allow` TINYINT(1) NOT NULL DEFAULT 0,
`type_id` INT NOT NULL DEFAULT 0,
`mapping` JSON NOT NULL,
`filters` TEXT NOT NULL,
`enable` TINYINT(1) NOT NULL DEFAULT 0,
`frequency` DOUBLE NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updater_id` INT NOT NULL DEFAULT 0,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.public_key(
`id` INT NOT NULL AUTO_INCREMENT,
`uid` INT NOT NULL DEFAULT 0,
`username` VARCHAR(64) NOT NULL DEFAULT '',
`name` VARCHAR(64) NOT NULL DEFAULT '',
`mac` VARCHAR(64) NOT NULL DEFAULT '',
`pk` TEXT NOT NULL,
`creator_id` INT NOT NULL DEFAULT 0,
`updater_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `creator_id_name_del` (
`creator_id`,
`name`,
`deleted_at`
)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.history(
`id` INT NOT NULL AUTO_INCREMENT,
`remote_ip` VARCHAR(64) NOT NULL DEFAULT 0,
`type` VARCHAR(64) NOT NULL DEFAULT 0,
`target_id` INT NOT NULL DEFAULT 0,
`old` JSON NOT NULL,
`new` JSON NOT NULL,
`action_type` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
PRIMARY KEY (`id`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.session(
`id` INT NOT NULL AUTO_INCREMENT,
`session_type` INT NOT NULL DEFAULT 0,
`session_id` VARCHAR(64) NOT NULL DEFAULT '',
`uid` INT NOT NULL DEFAULT 0,
`user_name` VARCHAR(64) NOT NULL DEFAULT '',
`asset_id` INT NOT NULL DEFAULT 0,
`asset_info` VARCHAR(64) NOT NULL DEFAULT '',
`account_id` INT NOT NULL DEFAULT 0,
`account_info` VARCHAR(64) NOT NULL DEFAULT '',
`gateway_id` INT NOT NULL DEFAULT 0,
`gateway_info` VARCHAR(64) NOT NULL DEFAULT '',
`protocol` VARCHAR(64) NOT NULL DEFAULT '',
`client_ip` VARCHAR(64) NOT NULL DEFAULT '',
`status` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updated_at` TIMESTAMP NOT NULL,
`closed_at` TIMESTAMP,
PRIMARY KEY(`id`),
UNIQUE KEY `session_id` (`session_id`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.session_cmd(
`id` INT NOT NULL AUTO_INCREMENT,
`session_id` VARCHAR(64) NOT NULL DEFAULT '',
`cmd` TEXT NOT NULL,
`result` TEXT NOT NULL,
`level` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
PRIMARY KEY(`id`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.authorization(
`id` INT NOT NULL AUTO_INCREMENT,
`asset_id` INT NOT NULL DEFAULT 0,
`account_id` INT NOT NULL DEFAULT 0,
`resource_id` INT NOT NULL DEFAULT 0,
`creator_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updater_id` INT NOT NULL DEFAULT 0,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY(`id`),
UNIQUE KEY `asset_account_id_del` (
`asset_id`,
`account_id`,
`deleted_at`
)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
CREATE TABLE
IF NOT EXISTS oneterm.config(
`id` INT NOT NULL AUTO_INCREMENT,
`timeout` INT NOT NULL,
`creator_id` INT NOT NULL DEFAULT 0,
`created_at` TIMESTAMP NOT NULL,
`updater_id` INT NOT NULL DEFAULT 0,
`updated_at` TIMESTAMP NOT NULL,
`deleted_at` BIGINT NOT NULL DEFAULT 0,
PRIMARY KEY(`id`),
UNIQUE KEY `deleted_at` (`deleted_at`)
) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
INSERT INTO oneterm.config (timeout) VALUES (7200);

58
docs/api.yaml Normal file
View File

@@ -0,0 +1,58 @@
mode: debug
http:
ip: 0.0.0.0
port: 8080
mysql:
ip: mysql
port: 3306
user: root
password: 123456
redis:
addr: redis:6379
password: root
log:
level: debug
path: app.log
format: json
maxSize: 1
# consoleEnable Whether to enable outputting logs to the console as the sametime
consoleEnable: true
auth:
acl:
appId: '5867e079dfd1437e9ae07576ab24b391'
secretKey: '2qlTA4z@#KyigJLYHGrev?0WD6hjX*8E'
url: http://oneterm-ui/api/v1/
resourceNames:
- key: account
value: account
- key: asset
value: asset
- key: command
value: command
- key: gateway
value: gateway
- key: authorization
value: authorization
cmdb:
url: http://host/api/v0.1
secretKey: 'xW2FAUfgffjmerTEBXADmURDOQ43ojLN'
worker:
uid: 1
rid: 1
key: a5704726392648b7b5a15cc39091a166
secret: P#Iunzvq7E^6mwMbftgW@KYG28x14*Dy
sshServer:
ip: oneterm-ssh
port: 12228
account: test
password: 135790
xtoken: 123456

95
docs/app.py Normal file
View File

@@ -0,0 +1,95 @@
# -*- coding:utf-8 -*-
import datetime
import hashlib
import jwt
from flask import abort
from flask import current_app
from api.extensions import db
from api.lib.perm.acl.audit import AuditCRUD
from api.lib.perm.acl.audit import AuditOperateType
from api.lib.perm.acl.audit import AuditScope
from api.lib.perm.acl.resp_format import ErrFormat
from api.models.acl import App
class AppCRUD(object):
cls = App
@staticmethod
def get_all():
return App.get_by(to_dict=False)
@staticmethod
def get(app_id):
return App.get_by_id(app_id)
@staticmethod
def search(q, page=1, page_size=None):
query = db.session.query(App).filter(App.deleted.is_(False))
if q:
query = query.filter(App.name.ilike('%{0}%'.format(q)))
numfound = query.count()
res = query.offset((page - 1) * page_size).limit(page_size)
return numfound, res
@classmethod
def add(cls, name, description):
App.get_by(name=name) and abort(400, ErrFormat.app_is_ready_existed.format(name))
from api.lib.perm.acl.user import UserCRUD
app_id, secret_key = UserCRUD.gen_key_secret()
app = App.create(name=name, description=description, app_id=app_id, secret_key=secret_key)
AuditCRUD.add_resource_log(app.id, AuditOperateType.create, AuditScope.app, app.id, {}, app.to_dict(), {})
return app
@classmethod
def update(cls, _id, **kwargs):
kwargs.pop('id', None)
existed = App.get_by_id(_id) or abort(404, ErrFormat.app_not_found.format("id={}".format(_id)))
origin = existed.to_dict()
existed = existed.update(**kwargs)
AuditCRUD.add_resource_log(existed.id, AuditOperateType.update,
AuditScope.app, existed.id, origin, existed.to_dict(), {})
return existed
@classmethod
def delete(cls, _id):
app = App.get_by_id(_id) or abort(404, ErrFormat.app_not_found.format("id={}".format(_id)))
origin = app.to_dict()
app.soft_delete()
AuditCRUD.add_resource_log(app.id, AuditOperateType.delete,
AuditScope.app, app.id, origin, {}, {})
@staticmethod
def _get_by_key(key):
return App.get_by(app_id=key, first=True, to_dict=False)
@classmethod
def gen_token(cls, key, secret):
app = cls._get_by_key(key) or abort(404, ErrFormat.app_not_found.format("key={}".format(key)))
secret != hashlib.md5(app.secret_key.encode('utf-8')).hexdigest() and abort(403, ErrFormat.app_secret_invalid)
token = jwt.encode({
'sub': app.name,
'iat': datetime.datetime.now(),
'exp': datetime.datetime.now() + datetime.timedelta(minutes=2 * 60)},
current_app.config['SECRET_KEY'])
print("token:", token)
try:
print("token1:", token.decode())
return token.decode()
except AttributeError:
return token

11
docs/create-users.sql Normal file
View File

@@ -0,0 +1,11 @@
-- create database
CREATE DATABASE IF NOT EXISTS acl;
CREATE DATABASE IF NOT EXISTS oneterm;
-- create user
CREATE USER 'oneterm'@'%' IDENTIFIED BY '123456';
CREATE USER 'acl'@'%' IDENTIFIED BY '123456';
-- grant privileges
GRANT ALL PRIVILEGES ON `oneterm`.* TO 'oneterm'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON `acl`.* TO 'acl'@'%';

51
docs/mysqld.cnf Normal file
View File

@@ -0,0 +1,51 @@
# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License, version 2.0,
# as published by the Free Software Foundation.
#
# This program is also distributed with certain software (including
# but not limited to OpenSSL) that is licensed under separate terms,
# as designated in a particular file or component or in included license
# documentation. The authors of MySQL hereby grant you an additional
# permission to link the program and your derivative works with the
# separately licensed software that they have included with MySQL.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License, version 2.0, for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# The MySQL Server configuration file.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
[mysqld]
character-set-server = utf8
collation-server = utf8_unicode_ci
skip-character-set-client-handshake
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
default-storage-engine=INNODB
# Disabling symbolic-links is recommended to prevent assorted security risks
skip-external-locking
key_buffer_size=16M
max_allowed_packet=4M
table_open_cache=64
sort_buffer_size=512K
net_buffer_length=8K
read_buffer_size=256K
read_rnd_buffer_size=512K
skip-name-resolve
max_connections=1000
slow_query_log = ON
slow_query_log_file = /tmp/mysql_oneterm_slow.log
long_query_time = 1
log_timestamps = SYSTEM

85
docs/nginx.oneterm.conf.example Normal file
View File

@@ -0,0 +1,85 @@
server {
listen ${NGINX_PORT};
access_log /var/log/nginx/access.oneterm.log;
error_log /var/log/nginx/error.oneterm.log;
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
gzip on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
root /etc/nginx/html;
location / {
root /etc/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location ^~ /api/oneterm/v1/connect {
proxy_pass http://${ONETERM_API_HOST};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 7200s;
proxy_connect_timeout 7200s;
proxy_send_timeout 7200s;
}
location ^~ /api/oneterm {
proxy_pass http://${ONETERM_API_HOST};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /api/{
proxy_pass http://${ACL_API_HOST};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~* \.(css|js)$ {
access_log off;
add_header Pragma public;
add_header Cache-Control "public, max-age=7776000";
#add_header Cache-Control "public,no-cache, max-age=0";
add_header X-Asset "yes";
}
}

12
docs/ssh.yaml Normal file
View File

@@ -0,0 +1,12 @@
secretKey: 'xW2FAUfgffjmerTEBXADmURDOQ43ojLN'
protocols:
ssh:
api: "http://oneterm-api:8080/api/oneterm/v1"
token: "123456"
ip: '0.0.0.0'
port: 12228
webUser: "test"
webToken: "135790"
privateKeyPath: "/root/.ssh/id_ed25519"
i18nDir: /oneterm/translate