README ¶
octyne
A process manager with an HTTP API for remote console and file access.
Octyne allows running multiple apps on a remote server and provides an HTTP API to manage them. This allows for hosting web servers, game servers, bots and so on on remote servers without having to mess with SSH, using screen
and systemd
whenever you want to make any change, in a highly manageable and secure way.
It incorporates the ability to manage files and access the terminal output and input over HTTP remotely. For further security, it is recommended to use HTTPS (see config.json) to ensure end-to-end secure transmission.
retrixe/ecthelion complements octyne by providing a web interface to control apps on octyne remotely.
Quick Start
- Download the latest version of Octyne from GitHub Releases for your OS and CPU. Alternatively, you can get the latest bleeding edge version of Octyne from GitHub Actions, or by compiling it yourself.
- Place octyne in a folder, and run
chmod +x <octyne file name>
to mark it as executable if using macOS/Linux/*nix-like. - Follow the steps here to configure Octyne correctly.
- Run
./<octyne file name>
(.\<octyne file name>.exe
on Windows) in a terminal in the folder to start Octyne. Alternatively, on Windows/Linux desktops, you can double click the file (on Linux, selectRun in Terminal
, else it will run in the background). - You may want to get Ecthelion as aforementioned in the description, as a web app to manage Octyne, and octynectl as a CLI tool to manage Octyne locally on your machine. Additionally, make sure to follow the security practices here to prevent attacks against your setup!
Usage
To get the current Octyne version, you can run ./octyne --version
or ./octyne -v
. This does not account for development builds.
You might want to manage octyne using systemd on Linux systems, which can start and stop Octyne, start it on boot, store its logs and restart it on crash. This article should help you out.
Configuration
Octyne depends on two files in the current working directory to get configuration from. Note that Octyne refers to apps as "servers" in the config and API for legacy reasons (due to originally being targeted towards web servers and Minecraft servers).
The path to these files can be customised using the --config=/path/to/config.json
and --users=/path/to/users.json
CLI flags (if relative, resolved relative to the working directory).
config.json
Used to configure the apps Octyne should start, Redis-based authentication for allowing more than a single node, Unix socket API, and HTTPS support. A reverse proxy can also be used for HTTPS if it supports WSS.
NOTE: Octyne supports comments and trailing commas in the config.json file, they don't need to be removed.
{
"port": 42069, // optional, default is 42069
"unixSocket": {
"enabled": true, // enables Unix socket API for auth-less actions by locally running apps e.g. octynectl
"location": "", // optional, if absent, default is TMP/octyne.sock.PORT (see API.md for details)
"group": "" // optional, sets the socket's group owner, if absent, default is current user's primary group
},
"redis": {
"enabled": false, // whether the authentication tokens should sync to Redis for more than 1 node
"url": "redis://localhost" // link to Redis server
},
"https": {
"enabled": false, // whether Octyne should listen using HTTP or HTTPS
"cert": "/path/to/cert.pem", // path to HTTPS certificate
"key": "/path/to/key.pem" // path to HTTPS private key
},
"logging": {
"enabled": true, // whether Octyne should log actions
"path": "logs", // path to log files, can be relative or absolute
"actions": {} // optional, disable logging for specific actions, more info below
},
"servers": {
"test1": { // each key has the name of the server
"enabled": true, // optional, default true, Octyne won't auto-start when false
"directory": "/home/test/server", // the directory in which the server is located
"command": "java -jar spigot-1.12.2.jar" // the command to run to start the server
}
}
}
users.json
Contains users who can log into Octyne. This file is automatically generated on first start with an admin
user and a generated secure password which is logged to terminal. You can perform account management via Ecthelion, octynectl or other such tools.
{
"username": "password hashed with SHA-256 or Argon2id (recommended)"
}
Note: actions performed locally using the Unix socket API by apps like octynectl are logged as being performed by the @local
user, avoid using this username. Apps running on your PC under the same user as Octyne can use this API without a username or password.
Logging
Note: Fine-grained control over logging is currently experimental. Therefore, action names may change in any version, not just major versions. However, we will generally try to avoid this in the interest of stability.
By default, Octyne will log all actions performed by users. You can enable/disable logging for specific actions by setting the action to true
or false
in the logging.actions
object in config.json
. For example, to disable logging for auth.login
and auth.logout
, your actions
object would be:
"actions": {
"auth.login": false,
"auth.logout": false
}
- Authentication (
auth
):login
,logout
- Configuration (
config
):reload
,view
,edit
- Account management (
accounts
):create
,update
,delete
- Server management (
server
):- Top-level actions:
start
,stop
,kill
- Console (
server.console
):access
,input
- Files (
server.files
):upload
,download
,createFolder
,delete
,move
,copy
,compress
,decompress
- Top-level actions:
Security Practices and Reverse Proxying
Use HTTPS to ensure end-to-end secure transmission. This is easy with Certbot and a reverse proxy like nginx or Apache (if you don't want to use Octyne's built-in HTTPS support). A reverse proxy can rate limit requests to Octyne as well, and put both Octyne and Ecthelion behind the same domain under different endpoints too! (⚠️ Or, under different subdomains, if you want, but this interferes with cookie authentication.)
Sample nginx Config
location /console {
# Remember to set the basePath in Ecthelion's config.json to /console (or whatever you pick)!
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /octyne {
rewrite /octyne/(.*) /$1 break;
proxy_pass http://127.0.0.1:42069;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Adjust this as necessary for file uploads:
client_max_body_size 1024M;
# Required for WebSocket functionality to work:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
Sample Apache Config
Note: Ensure mod_proxy
is loaded.
<VirtualHost *:443>
# Remember to set the basePath in Ecthelion's config.json to /console (or whatever you pick)!
# Ecthelion
ProxyPass /console http://127.0.0.1:4200/console
ProxyPassReverse /console http://127.0.0.1:4200/console
# Octyne
Protocols h2 h2c http/1.1
ProxyPassMatch ^/octyne/(server/.*/console)$ ws://127.0.0.1:42069/$1
ProxyPass /octyne http://127.0.0.1:42069
ProxyPassReverse /octyne http://127.0.0.1:42069
</VirtualHost>
Documentation ¶
There is no documentation for this package.