diff --git a/README.md b/README.md new file mode 100644 index 0000000..ae9dc83 --- /dev/null +++ b/README.md @@ -0,0 +1,82 @@ +# Preface + +This assume you have installed codius, if you havent please do so first. + +# How to install codiusd-gui: + +This will install the GUI and once sucessfully started it will run on 127.0.0.1 on port 3300. You can SSH +redirect in, or you can add an NGinx config + +```bash +cd /usr/lib/node_modules +git clone https://github.com/codius/codiusd-gui.git +cd /usr/lib/node_modules/codiusd-gui/ +npm install +cp ./extra/systemd/codiusd-gui.service /etc/systemd/system/codiusd-gui.service +systemctl daemon-reload +systemctl enable codiusd-gui +systemctl start codiusd-gui +``` + +Once you have started the codius-gui daemon it will be accessable thru a SSH portforwarding from your workstations. Some examples: + +``` +for windows: putty -ssh root@your.host.name -L 3300:127.0.0.1:3300 +for linux: ssh -L 3300:127.0.0.1:3300 root@your.host.name +``` + +Once you have connected and logged in, you will be able to open a browser and visit https://localhost:3300 to access the GUI website. + + +# Add Nginx Config +This is an optional step, as a replacement for using the SSH option. To keep it simple we use the same template as with Codius. In this example you will see a 'allow 127.0.0.1;'. You must add another line with your trusted IP address to gain access. Once you have added this configuration and reloaded Nginx, your GUI will be reachable at https://gui.your.host.name:444/ (note its running on port 444) + +``` +map $http_upgrade $connection_upgrade { + default upgrade; + '' $http_connection; +} + +server { + listen 444 ssl; + + server_name gui.your.host.name; + + ssl_certificate /etc/letsencrypt/live/your.host.name/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/your.host.name/privkey.pem; + + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_dhparam /etc/nginx/dhparam.pem; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_ecdh_curve secp384r1; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + resolver 1.1.1.1 1.0.0.1 valid=300s; + resolver_timeout 5s; + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload'; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection '1; mode=block'; + + location / { + allow 127.0.0.1; + allow YOUR_TRUSTED_IP; + deny all; + + proxy_pass http://127.0.0.1:3300; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_buffering off; + #proxy_connect_timeout 300; + #proxy_send_timeout 300; + #proxy_read_timeout 300; + #send_timeout 300; + } +} +``` diff --git a/extra/systemd/codiusd-gui.service b/extra/systemd/codiusd-gui.service new file mode 100644 index 0000000..d95fe79 --- /dev/null +++ b/extra/systemd/codiusd-gui.service @@ -0,0 +1,14 @@ +[Unit] +Description=Codiusd GUI +After=network.target nss-lookup.target codiusd +[Service] +ExecStart=/usr/bin/npm start +WorkingDirectory=/usr/lib/node_modules/codiusd-gui +Restart=always +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=codiusd-gui +User=root +Group=root +[Install] +WantedBy=multi-user.target diff --git a/package.json b/package.json index e6990b5..eaa21f5 100644 --- a/package.json +++ b/package.json @@ -4,6 +4,7 @@ "description": "GUI utility for Codius Hosts", "main": "index.js", "scripts": { + "start": "node index.js", "test": "echo \"Error: no test specified\" && exit 1" }, "author": "Nathan Lie",