feat: add configs

.gitignore

@@ -78,3 +78,17 @@ oneterm-ui/npm-debug.log*
 oneterm-ui/yarn-debug.log*
 oneterm-ui/yarn-error.log*
 oneterm-ui/package-lock.json
+
+
+## backend
+
+*.log
+*.cast
+vendor/
+volume
+
+backend/cmd/ssh/ssh
+backend/cmd/ssh/config.yaml
+backend/cmd/ssh/app.log
+backend/cmd/api/api
+backend/cmd/api/config.yaml

docker-compose.yaml

@@ -0,0 +1,140 @@
+version: "3.0"
+
+services:
+  oneterm-api:
+    image: oneterm-api:1.24.1
+    container_name: oneterm-api-1
+    volumes:
+      - file-data:/replay
+      - ./docs/api.yaml:/oneterm/config.yaml
+    depends_on:
+      - mysql
+      - redis
+    restart: always
+    networks:
+      new:
+        aliases:
+          - oneterm-api
+
+  oneterm-ssh:
+    image: oneterm-ssh:1.24.26
+    container_name: oneterm-ssh
+    ports:
+      - "12229:12228"
+    restart: always
+    volumes:
+      - ./docs/ssh.yaml:/oneterm/config.yaml
+      - /data/jumper/cmd/ssh/ssh:/ssh
+    command: sleep 10000
+    depends_on:
+      - oneterm-api
+    networks:
+      new:
+        aliases:
+          - oneterm-ssh
+
+  mysql:
+    image: mysql:latest
+    container_name: oneterm-mysql-1
+    environment:
+      TZ: Asia/Shanghai
+      MYSQL_ROOT_PASSWORD: '123456'
+      MYSQL_DATABASE: 'oneterm'
+    volumes:
+      - db-data:/var/lib/mysql
+      - ./docs/mysqld.cnf:/etc/mysql/conf.d/mysqld.cnf
+      - ./docs/acl.sql:/docker-entrypoint-initdb.d/2-acl.sql
+      - ./docs/api.sql:/docker-entrypoint-initdb.d/3-api.sql
+      - ./docs/create-users.sql:/docker-entrypoint-initdb.d/1-create-users.sql
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    restart: always
+    networks:
+      new:
+        aliases:
+          - mysql
+    ports:
+      - '23306:3306'
+
+  redis:
+    image: redis:latest
+    container_name: oneterm-redis-1
+    #command: redis-server --requirepass tyrj5QVP9rHs
+    restart: always
+    environment:
+      TZ: Asia/Shanghai
+    networks:
+      new:
+        aliases:
+          - redis
+
+  oneterm-ui:
+    image: oneterm-ui:1.24.3
+    container_name: oneterm-ui
+    depends_on:
+      - oneterm-api
+    environment:
+      TZ: Asia/Shanghai
+      ONETERM_API_HOST: oneterm-api:8080
+      ACL_API_HOST: acl-api:5000
+      NGINX_PORT: 80
+    volumes:
+      - ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
+    restart: always
+    command:
+      - /bin/sh
+      - -c
+      - |
+        envsubst '$$ONETERM_API_HOST  $$ACL_API_HOST $$NGINX_PORT' < /etc/nginx/conf.d/nginx.oneterm.conf.example > /etc/nginx/conf.d/oneterm.conf
+        nginx -g  'daemon off;'
+    networks:
+      - new
+    ports:
+      - "8000:80"
+
+  acl-api:
+    image: registry.cn-hangzhou.aliyuncs.com/veops/acl-api:1.1
+    container_name: oneterm-acl-api
+    environment:
+      #TZ: Asia/Shanghai
+      WAIT_HOSTS: mysql:3306, redis:6379
+    volumes:
+      - ./docs/settings.py:/data/app/acl/settings.py
+      - ./docs/app.py:/data/apps/acl/api/lib/perm/acl/app.py
+      - ./docs/.env:/data/apps/acl/.env
+      - ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
+    restart: always
+    command:
+      - /bin/sh
+      - -c
+      - |
+        sleep 2
+        flask db-setup
+        flask init-acl
+        flask init-department
+
+        gunicorn --workers=3 autoapp:app -b 0.0.0.0:5000 -D --access-logfile logs/access.log --error-logfile logs/error.log
+
+        celery -A celery_worker.celery worker -E -Q acl_async --logfile=one_acl_async.log --autoscale=2,1 -D
+    depends_on:
+      - mysql
+      - redis
+    networks:
+      new:
+        aliases:
+          - acl-api
+
+volumes:
+  db-data:
+    driver: local
+    name: oneterm_db-data
+  file-data:
+    driver: local
+    name: oneterm_file-data
+
+networks:
+  new:
+    driver: bridge
+    name: oneterm_network-1
+    ipam:
+      config:
+        - subnet: 172.30.0.0/24

docs/.env

@@ -0,0 +1,7 @@
+# Environment variable overrides for local development
+FLASK_APP=autoapp.py
+FLASK_DEBUG=1
+FLASK_ENV=development
+GUNICORN_WORKERS=2
+LOG_LEVEL=debug
+SECRET_KEY='xW2FAUfgffjmerTEBXADmURDOQ43ojLN'

docs/api.sql

@@ -0,0 +1,217 @@
+-- Active: 1700721140603@@192.168.20.82@53306@oneterm
+
+CREATE DATABASE IF NOT EXISTS oneterm;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.account(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `account_type` int NOT NULL DEFAULT 0,
+        `account` VARCHAR(64) NOT NULL DEFAULT '',
+        `password` TEXT NOT NULL,
+        `pk` TEXT NOT NULL,
+        `phrase` TEXT NOT NULL,
+        `resource_id` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`),
+        UNIQUE KEY `name_del` (`name`, `deleted_at`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.asset(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `ci_id` INT NOT NULL DEFAULT 0,
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `comment` VARCHAR(64) NOT NULL DEFAULT '',
+        `parent_id` INT NOT NULL DEFAULT 0,
+        `ip` VARCHAR(64) NOT NULL DEFAULT '',
+        `protocols` JSON NOT NULL,
+        `gateway_id` INT NOT NULL DEFAULT 0,
+        `authorization` JSON NOT NULL,
+        `start` TIMESTAMP,
+        `end` TIMESTAMP,
+        `cmd_ids` JSON NOT NULL,
+        `ranges` JSON NOT NULL,
+        `allow` TINYINT(1) NOT NULL DEFAULT 0,
+        `connectable` TINYINT(1) NOT NULL DEFAULT 0,
+        `resource_id` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`),
+        UNIQUE KEY `name_del` (`name`, `deleted_at`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.command(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `cmds` JSON NOT NULL,
+        `enable` TINYINT(1) NOT NULL DEFAULT 0,
+        `resource_id` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`),
+        UNIQUE KEY `name_del` (`name`, `deleted_at`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.gateway(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `host` VARCHAR(64) NOT NULL DEFAULT '',
+        `port` INT NOT NULL DEFAULT 0,
+        `account_type` int NOT NULL DEFAULT 0,
+        `account` VARCHAR(64) NOT NULL DEFAULT '',
+        `password` TEXT NOT NULL,
+        `pk` TEXT NOT NULL,
+        `phrase` TEXT NOT NULL,
+        `resource_id` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`),
+        UNIQUE KEY `name_del` (`name`, `deleted_at`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.node(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `comment` VARCHAR(64) NOT NULL DEFAULT '',
+        `parent_id` INT NOT NULL DEFAULT 0,
+        `ip` VARCHAR(64) NOT NULL DEFAULT '',
+        `protocols` JSON NOT NULL,
+        `gateway_id` INT NOT NULL DEFAULT 0,
+        `authorization` JSON NOT NULL,
+        `start` TIMESTAMP,
+        `end` TIMESTAMP,
+        `cmd_ids` JSON NOT NULL,
+        `ranges` JSON NOT NULL,
+        `allow` TINYINT(1) NOT NULL DEFAULT 0,
+        `type_id` INT NOT NULL DEFAULT 0,
+        `mapping` JSON NOT NULL,
+        `filters` TEXT NOT NULL,
+        `enable` TINYINT(1) NOT NULL DEFAULT 0,
+        `frequency` DOUBLE NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.public_key(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `uid` INT NOT NULL DEFAULT 0,
+        `username` VARCHAR(64) NOT NULL DEFAULT '',
+        `name` VARCHAR(64) NOT NULL DEFAULT '',
+        `mac` VARCHAR(64) NOT NULL DEFAULT '',
+        `pk` TEXT NOT NULL,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`),
+        UNIQUE KEY `creator_id_name_del` (
+            `creator_id`,
+            `name`,
+            `deleted_at`
+        )
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.history(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `remote_ip` VARCHAR(64) NOT NULL DEFAULT 0,
+        `type` VARCHAR(64) NOT NULL DEFAULT 0,
+        `target_id` INT NOT NULL DEFAULT 0,
+        `old` JSON NOT NULL,
+        `new` JSON NOT NULL,
+        `action_type` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        PRIMARY KEY (`id`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.session(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `session_type` INT NOT NULL DEFAULT 0,
+        `session_id` VARCHAR(64) NOT NULL DEFAULT '',
+        `uid` INT NOT NULL DEFAULT 0,
+        `user_name` VARCHAR(64) NOT NULL DEFAULT '',
+        `asset_id` INT NOT NULL DEFAULT 0,
+        `asset_info` VARCHAR(64) NOT NULL DEFAULT '',
+        `account_id` INT NOT NULL DEFAULT 0,
+        `account_info` VARCHAR(64) NOT NULL DEFAULT '',
+        `gateway_id` INT NOT NULL DEFAULT 0,
+        `gateway_info` VARCHAR(64) NOT NULL DEFAULT '',
+        `protocol` VARCHAR(64) NOT NULL DEFAULT '',
+        `client_ip` VARCHAR(64) NOT NULL DEFAULT '',
+        `status` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updated_at` TIMESTAMP NOT NULL,
+        `closed_at` TIMESTAMP,
+        PRIMARY KEY(`id`),
+        UNIQUE KEY `session_id` (`session_id`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.session_cmd(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `session_id` VARCHAR(64) NOT NULL DEFAULT '',
+        `cmd` TEXT NOT NULL,
+        `result` TEXT NOT NULL,
+        `level` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        PRIMARY KEY(`id`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.authorization(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `asset_id` INT NOT NULL DEFAULT 0,
+        `account_id` INT NOT NULL DEFAULT 0,
+        `resource_id` INT NOT NULL DEFAULT 0,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY(`id`),
+        UNIQUE KEY `asset_account_id_del` (
+            `asset_id`,
+            `account_id`,
+            `deleted_at`
+        )
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+CREATE TABLE
+    IF NOT EXISTS oneterm.config(
+        `id` INT NOT NULL AUTO_INCREMENT,
+        `timeout` INT NOT NULL,
+        `creator_id` INT NOT NULL DEFAULT 0,
+        `created_at` TIMESTAMP NOT NULL,
+        `updater_id` INT NOT NULL DEFAULT 0,
+        `updated_at` TIMESTAMP NOT NULL,
+        `deleted_at` BIGINT NOT NULL DEFAULT 0,
+        PRIMARY KEY(`id`),
+        UNIQUE KEY `deleted_at` (`deleted_at`)
+    ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+INSERT INTO oneterm.config (timeout) VALUES (7200);

docs/api.yaml

@@ -0,0 +1,58 @@
+mode: debug
+
+http:
+  ip: 0.0.0.0
+  port: 8080
+
+mysql:
+  ip: mysql
+  port: 3306
+  user: root
+  password: 123456
+
+redis:
+  addr: redis:6379
+  password: root
+
+log:
+  level: debug
+  path: app.log
+  format: json
+  maxSize: 1
+  # consoleEnable Whether to enable outputting logs to the console as the sametime
+  consoleEnable: true
+
+auth:
+  acl:
+    appId: '5867e079dfd1437e9ae07576ab24b391'
+    secretKey: '2qlTA4z@#KyigJLYHGrev?0WD6hjX*8E'
+    url: http://oneterm-ui/api/v1/
+    resourceNames:
+      - key: account
+        value: account
+      - key: asset
+        value: asset
+      - key: command
+        value: command
+      - key: gateway
+        value: gateway
+      - key: authorization
+        value: authorization
+
+cmdb:
+  url: http://host/api/v0.1
+
+secretKey: 'xW2FAUfgffjmerTEBXADmURDOQ43ojLN'
+
+worker:
+  uid: 1
+  rid: 1
+  key: a5704726392648b7b5a15cc39091a166
+  secret: P#Iunzvq7E^6mwMbftgW@KYG28x14*Dy
+
+sshServer:
+  ip: oneterm-ssh
+  port: 12228
+  account: test
+  password: 135790
+  xtoken: 123456

docs/app.py

@@ -0,0 +1,95 @@
+# -*- coding:utf-8 -*-
+
+import datetime
+import hashlib
+
+import jwt
+from flask import abort
+from flask import current_app
+
+from api.extensions import db
+from api.lib.perm.acl.audit import AuditCRUD
+from api.lib.perm.acl.audit import AuditOperateType
+from api.lib.perm.acl.audit import AuditScope
+from api.lib.perm.acl.resp_format import ErrFormat
+from api.models.acl import App
+
+
+class AppCRUD(object):
+    cls = App
+
+    @staticmethod
+    def get_all():
+        return App.get_by(to_dict=False)
+
+    @staticmethod
+    def get(app_id):
+        return App.get_by_id(app_id)
+
+    @staticmethod
+    def search(q, page=1, page_size=None):
+        query = db.session.query(App).filter(App.deleted.is_(False))
+        if q:
+            query = query.filter(App.name.ilike('%{0}%'.format(q)))
+
+        numfound = query.count()
+        res = query.offset((page - 1) * page_size).limit(page_size)
+
+        return numfound, res
+
+    @classmethod
+    def add(cls, name, description):
+        App.get_by(name=name) and abort(400, ErrFormat.app_is_ready_existed.format(name))
+
+        from api.lib.perm.acl.user import UserCRUD
+        app_id, secret_key = UserCRUD.gen_key_secret()
+
+        app = App.create(name=name, description=description, app_id=app_id, secret_key=secret_key)
+        AuditCRUD.add_resource_log(app.id, AuditOperateType.create, AuditScope.app, app.id, {}, app.to_dict(), {})
+        return app
+
+    @classmethod
+    def update(cls, _id, **kwargs):
+        kwargs.pop('id', None)
+
+        existed = App.get_by_id(_id) or abort(404, ErrFormat.app_not_found.format("id={}".format(_id)))
+
+        origin = existed.to_dict()
+        existed = existed.update(**kwargs)
+
+        AuditCRUD.add_resource_log(existed.id, AuditOperateType.update,
+                                   AuditScope.app, existed.id, origin, existed.to_dict(), {})
+
+        return existed
+
+    @classmethod
+    def delete(cls, _id):
+        app = App.get_by_id(_id) or abort(404, ErrFormat.app_not_found.format("id={}".format(_id)))
+        origin = app.to_dict()
+
+        app.soft_delete()
+
+        AuditCRUD.add_resource_log(app.id, AuditOperateType.delete,
+                                   AuditScope.app, app.id, origin, {}, {})
+
+    @staticmethod
+    def _get_by_key(key):
+        return App.get_by(app_id=key, first=True, to_dict=False)
+
+    @classmethod
+    def gen_token(cls, key, secret):
+        app = cls._get_by_key(key) or abort(404, ErrFormat.app_not_found.format("key={}".format(key)))
+        secret != hashlib.md5(app.secret_key.encode('utf-8')).hexdigest() and abort(403, ErrFormat.app_secret_invalid)
+
+        token = jwt.encode({
+            'sub': app.name,
+            'iat': datetime.datetime.now(),
+            'exp': datetime.datetime.now() + datetime.timedelta(minutes=2 * 60)},
+            current_app.config['SECRET_KEY'])
+
+        print("token:", token)
+        try:
+            print("token1:", token.decode())
+            return token.decode()
+        except AttributeError:
+            return token

docs/create-users.sql

@@ -0,0 +1,11 @@
+-- create database
+CREATE DATABASE IF NOT EXISTS acl;
+CREATE DATABASE IF NOT EXISTS oneterm;
+
+-- create user 
+CREATE USER 'oneterm'@'%' IDENTIFIED BY '123456';
+CREATE USER 'acl'@'%' IDENTIFIED BY '123456';
+
+-- grant privileges
+GRANT ALL PRIVILEGES ON `oneterm`.* TO 'oneterm'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON `acl`.* TO 'acl'@'%';

docs/mysqld.cnf

@@ -0,0 +1,51 @@
+# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License, version 2.0,
+# as published by the Free Software Foundation.
+#
+# This program is also distributed with certain software (including
+# but not limited to OpenSSL) that is licensed under separate terms,
+# as designated in a particular file or component or in included license
+# documentation.  The authors of MySQL hereby grant you an additional
+# permission to link the program and your derivative works with the
+# separately licensed software that they have included with MySQL.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License, version 2.0, for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+#
+# The MySQL  Server configuration file.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[mysqld]
+character-set-server = utf8
+collation-server = utf8_unicode_ci
+skip-character-set-client-handshake
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+datadir		= /var/lib/mysql
+default-storage-engine=INNODB
+# Disabling symbolic-links is recommended to prevent assorted security risks
+skip-external-locking
+key_buffer_size=16M
+max_allowed_packet=4M
+table_open_cache=64
+sort_buffer_size=512K
+net_buffer_length=8K
+read_buffer_size=256K
+read_rnd_buffer_size=512K
+skip-name-resolve
+max_connections=1000
+slow_query_log = ON
+slow_query_log_file = /tmp/mysql_oneterm_slow.log
+long_query_time = 1
+log_timestamps = SYSTEM

docs/nginx.oneterm.conf.example

@@ -0,0 +1,85 @@
+server {
+    listen ${NGINX_PORT};
+    access_log   /var/log/nginx/access.oneterm.log;
+    error_log    /var/log/nginx/error.oneterm.log;
+
+    add_header 'Access-Control-Allow-Origin' "$http_origin";
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
+
+    gzip on;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_min_length 256;
+    gzip_types
+        text/plain
+        text/css
+        text/js
+        text/xml
+        text/javascript
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        application/rss+xml
+        image/svg+xml;
+
+    root  /etc/nginx/html;
+    location / {
+      root   /etc/nginx/html;
+      index  index.html;
+      try_files $uri $uri/ /index.html;
+    }
+
+    location ^~ /api/oneterm/v1/connect {
+        proxy_pass http://${ONETERM_API_HOST};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 7200s;
+        proxy_connect_timeout 7200s;
+        proxy_send_timeout 7200s;
+    }
+
+    location ^~ /api/oneterm {
+        proxy_pass http://${ONETERM_API_HOST};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+
+    location ^~ /api/{
+        proxy_pass http://${ACL_API_HOST};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+    location ~* \.(css|js)$ {
+        access_log off;
+        add_header Pragma public;
+        add_header Cache-Control "public, max-age=7776000";
+        #add_header Cache-Control "public,no-cache, max-age=0";
+        add_header X-Asset "yes";
+    }
+}

docs/ssh.yaml

@@ -0,0 +1,12 @@
+secretKey: 'xW2FAUfgffjmerTEBXADmURDOQ43ojLN'
+protocols:
+  ssh:
+    api: "http://oneterm-api:8080/api/oneterm/v1"
+    token: "123456"
+    ip: '0.0.0.0'
+    port: 12228
+    webUser: "test"
+    webToken: "135790"
+    privateKeyPath: "/root/.ssh/id_ed25519"
+
+i18nDir: /oneterm/translate