Wetty

Wetty is a responsive, modern terminal, in your web browser. Yes, your browser. When combined with secure authentication and SSL encryption, it becomes a useful tool for quick and easy remote access.

Wetty Screenshot

Why would you need SSH in a browser window?

Need shell access to a node with no external access? Deploy Wetty behind an traefik-forward-auth with a SSL-terminating reverse proxy (traefik), and suddenly you have the means to SSH to your private host from any web browser (protected by your traefik-forward-auth of course.)

Here are some other possible use cases:

Access to SSH / CLI from an environment where outgoing SSH is locked down, or SSH client isn't / can't be installed. (i.e., a corporate network)
Access to long-running processes inside a tmux session (like irrsi)
Remote access to a VM / container running Kali linux, for penetration testing

Wetty Requirements

Ingredients

Already deployed:

Docker swarm cluster with persistent shared storage
Traefik configured per design
DNS entry for the hostname you intend to use (or a wildcard), pointed to your keepalived IP

Traefik Forward Auth or Authelia to secure your Traefik-exposed services with an additional layer of authentication

Preparation

Setup data locations

First we create a directory to hold the data which wetty will serve:

mkdir /var/data/config/wetty
cd /var/data/config/wetty

Prepare Wetty environment

Create /var/data/config/wetty.env, and populate with the following variables

# To use WeTTY to SSH to a host besides the (mostly useless) alpine container it comes with
SSHHOST=batcomputer.batcave.com
SSHUSER=batman

Wetty Docker Swarm config

Create a docker swarm config file in docker-compose syntax (v3), something like the example below:

Fast-track with premix! 🚀

"Premix" is a git repository which includes necessary docker-compose and env files for all published recipes. This means that you can launch any recipe with just a git pull and a docker stack deploy 👍.

🚀 Update: Premix now includes an ansible playbook, enabling you to deploy an entire stack + recipes, with a single ansible command! (more here)

version: "3"
services:
  wetty:
    image: krishnasrinivas/wetty
    env_file : /var/data/config/wetty/wetty.env
    deploy:
      labels:
        # traefik common
        - traefik.enable=true
        - traefik.docker.network=traefik_public

        # traefikv1
        - traefik.frontend.rule=Host:wetty.example.com
        - traefik.port=3000     

        # traefikv2
        - "traefik.http.routers.wetty.rule=Host(`wetty.example.com`)"
        - "traefik.http.services.wetty.loadbalancer.server.port=3000"
        - "traefik.enable=true"
        - "traefik.http.routers.wetty.middlewares=forward-auth@file"
    networks:
      - internal
      - traefik_public

networks:
  traefik_public:
    external: true
  internal:
    driver: overlay
    ipam:
      config:
        - subnet: 172.16.45.0/24

Note

Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See my list here.

Serving

Launch Wetty stack

Launch the Wetty stack by running docker stack deploy wetty -c <path -to-docker-compose.yml>

Browse to your new browser-cli-terminal at https://YOUR-FQDN. Authenticate with your OAuth provider, and then proceed to login, either to the remote host you specified (batcomputer.batcave.com, in the example above), or using user and password "term" to log directly into the Wetty alpine container (from which you can establish egress SSH)

Chef's notes 📓

You could set SSHHOST to the IP of the "docker0" interface on your host, which is normally 172.17.0.1. (Or run /sbin/ip route|awk '/default/ { print $3 }' in the container) This would then provide you the ability to remote-manage your swarm with only web access to Wetty. ↩
The inclusion of Wetty was due to the efforts of @gpulido in our Discord server. Thanks Gabriel! ↩

Did you receive excellent service? Want to compliment the chef? (..and support development of current and future recipes!) Sponsor me on Github / Ko-Fi / Patreon, or see the contribute page for more (free or paid) ways to say thank you! 👏

Employ your chef (engage) 🤝

Is this too much of a geeky PITA? Do you just want results, stat? I do this for a living - I'm a full-time Kubernetes contractor, providing consulting and engineering expertise to businesses needing short-term, short-notice support in the cloud-native space, including AWS/Azure/GKE, Kubernetes, CI/CD and automation.

Learn more about working with me here.

Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the RSS feed, or leave your email address below, and we'll keep you updated.