ttyd for Debian
===============

1. Default configuration
------------------------

After installing ttyd it will by default listen on http://localhost:7681
in multi-user read-write "login"-mode:

  * multi-user means that more than one user can connect at the same time.

  * read-write means that anyone connecting to the website can input data.

  * Login mode means that the user gets a login prompt (like getty) where
    user and password has to be entered.

Edit /etc/default/ttyd and check the ttyd(1) manpage for more information
about available options.


2. Reverse proxy
----------------

To make ttyd accessible on the network, it is advised to hide it behind a
reverse proxy that does TLS and performs user authentication.

To enable the apache2 proxy configuration, the following modules and
configuration need to be enabled:

  * sudo a2enmod proxy proxy_http proxy_http2 proxy_wstunnel

  * sudo a2enconf ttyd

  * sudo service apache2 reload

ttyd is then accessible as <http://example.org/ttyd>.


3. Apache authentication
------------------------

The apache reverse-proxy configuration automatically includes
/etc/ttyd/apache2-auth.conf, if existing, to protect access to '/ttyd'.

There are some examples in /usr/share/doc/ttyd/examples that can be
used as starting point.

To enable HTTP basic authentication, the following steps can be used:

  * sudo mkdir -p /etc/ttyd

  * sudo ln -s /usr/share/doc/ttyd/examples/apache2-authbasic-file.conf \
      /etc/ttyd/apache2-auth.conf

  * sudo htpasswd -c -b /etc/ttyd/htpasswd daniel password123

  * sudo service apache2 reload

This will allow the user 'daniel' to access ttyd with the password
'password123'. Further users can be added, see htpasswd(1).

 -- Daniel Baumann <daniel.baumann@progress-linux.org>  Sun, 21 Feb 2021 17:19:20 +0100