sshpoke/config.example.yml

141 lines
4.9 KiB
YAML

# Enable or disable debug logging.
debug: true
# API settings.
api:
# Local port for Web API. Will be bound to localhost.
web_port: 25680
# Local port for plugin API. Will listen on all interfaces because it has auth.
plugin_port: 25681
# Docker client preferences.
docker:
# Extract client params from the environment.
from_env: true
# Cert path for the Docker client.
cert_path: ~
# Set it to false to disable TLS cert verification.
tls_verify: true
# Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so).
host: ~
# Docker version.
version: ~
# Default server to use if `sshpoke.server` is not specified in the target container labels.
default_server: mine
# Servers configuration.
servers:
# Server name.
- name: mine
# Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null.
driver: ssh
params:
# SSH server address
address: "your1.server:2222"
# Remote port to be used for forwarding.
forward_port: 80
# This disables remote host resolution and forcibly uses server IP for remote host.
# It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server`
# Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them.
fake_remote_host: true
# Disables PTY request for this server.
nopty: true
# Requests interactive shell for SSH sessions. Should be `true` for the `commands`.
shell: false
# Authentication data.
auth:
# Authentication type. Supported types: key, password, passwordless
type: key
# Remote user
user: user
# Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided.
# Only some of the ssh-config attributes are used.
directory: "~/.ssh"
# Expose mode (multiple domains or single domain). Allowed values: single, multi.
mode: multi
# Keep-alive settings. Remove to disable keep-alive completely.
keepalive:
# Interval for keep-alive requests in seconds.
interval: 1
# How many attempts should fail to forcibly restart the connection.
max_attempts: 2
# Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or
# localhost.run. `commands` output will also be parsed by this regex.
# With `!name` syntax you can use some built-in expressions:
# - !webUrl - any HTTP or HTTPS URL.
# - !httpUrl - any HTTP URL.
# - !httpsUrl - any HTTPS URL.
domain_extract_regex: "!httpsUrl"
# Host keys to prevent MITM. You can obtain those via `ssh-keyscan <address>` (specify `-p` for non-standard port).
# Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys.
host_keys: |
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
[ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
- name: ssh-demo-single-domain
driver: ssh
params:
auth:
type: key
user: user
directory: "~/.ssh"
keyfile: id_ed25519
address: "your2.server"
forward_port: 80
fake_remote_host: true
nopty: false
shell: true
mode: single
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!webUrl"
- name: ssh-demo-commands
driver: ssh
params:
address: "your3.server"
forward_port: 8080
auth:
type: key
user: user
directory: "~/.ssh"
mode: multi
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!webUrl"
# Commands that will be executed on the host.
commands:
# These commands will be executed after connect.
on_connect:
- echo https://`date +%s`.proxy.test
# These commands will be executed before disconnect.
on_disconnect:
- echo disconnect from `cat /etc/hostname`
- name: ssh-demo-with-password
driver: ssh
params:
address: "ssh.neur0tx.site"
forward_port: 8081
auth:
type: password
user: user
# Remote user password.
password: password
mode: multi
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!httpUrl"
commands:
on_connect:
- echo http://`date +%s`.proxy.test
- name: plugin-demo
driver: plugin
params:
# This token will be used by plugin while connecting to gRPC API.
token: key
- name: noop
# Null driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value.
driver: null