备用shell管理方案之butterfly+nginx+https

安装butterfly+nginx https

1. 安装butterfly

yum install python36 python36-pip python36-devel -y
pip install butterfly
pip install butterfly[themes]  # If you want to use themes
pip install butterfly[systemd]  # If you want to use systemd
butterfly

1.1 注册systemd服务

cd /etc/systemd/system
curl -O https://raw.githubusercontent.com/paradoxxxzero/butterfly/master/butterfly.service
curl -O https://raw.githubusercontent.com/paradoxxxzero/butterfly/master/butterfly.socket
systemctl enable butterfly.socket
systemctl start butterfly.socket

1.3 配置butterfly为非安全模式,我们使用nginx来提供https服务

使用sshd授权登录方式.

vim /etc/systemd/system/butterfly.service

[Unit]
Description=Butterfly Terminal Server

[Service]
ExecStart=/usr/local/bin/butterfly.server.py --unsecure --login --pam_profile=sshd

1.4 重新启动服务即可

systemctl restart butterfly.socket

nginx的配置文件
1. 设置

server {
    listen       443 ssl;
    server_name  servername;
    ssl_certificate      /home/makeit/.keys/fullchain.pem;
    ssl_certificate_key  /home/makeit/.keys/keys.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    
    auth_basic "input you passwd";
    auth_basic_user_file passwd.db; 
    location / {
    proxy_pass http://127.0.0.1:575575;
    proxy_read_timeout     300s;
    proxy_connect_timeout  300s;
    #后端证书文件,如果后端开启https
    #proxy_ssl_certificate /etc/butterfly/ssl/butterfly_ca.crt;
    #proxy_ssl_certificate_key /etc/butterfly/ssl/butterfly_ca.key;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-F $remote_addr;
    proxy_http_version 1.1; #代理websocket
    proxy_set_header Upgrade "websocket";
    proxy_set_header Connection "Upgrade";
    proxy_set_header Sec-Websocket-Version 13;#重要
    proxy_set_header Connection ""; #防止客户端close,后端也close了
    }