Skip to content

Configuration Server

ContainerSSH has the ability to configure the backend, and the launched container dynamically based on the username and/or IP address. To do this ContainerSSH calls out to a configuration server if configured.

Configuration

The configserver webhook can be configured in the main configuration using the following structure:

configserver:
  <options>

The options here are described on the HTTP and TLS page. If no url is provided the configuration webhook is disabled.

The configuration webhook

The configuration webhook is a simple JSON POST request to which the server must respond with a JSON response.

Note

We have an OpenAPI document available for the authentication and configuration server. You can check the exact values available there, or use the OpenAPI document to generate parts of your server code.

Tip

We provide a Go library to create a configuration server.

The config server will receive a request in following format:

{
  "username": "username",
  "authenticatedUsername": "username obtained during authentication",
  "remoteAddress": "127.0.0.1:1234",
  "connectionId": "An opaque ID for the SSH connection",
  "clientVersion": "SSH client version string",
  "metadata": {
    "metadata_name": {
      "value": "metadata_value",
      "sensitive": true|false
    }
  },
  "environment": {
    "env_variable_name": {
      "value": "env variable value",
      "sensitive": true|false
    }
  },
  "files": {
    "/path/to/file": {
      "value": "base64-encoded contents of the file",
      "sensitive": true|false
    }
  }
}

The configuration server will have to respond with the following response accompanied with the content type of application/json.

{
  "config": {
    // Provide a partial configuration here 
  },
  "metadata": {
    "metadata_name": {
      "value": "metadata_value",
      "sensitive": true|false
    }
  },
  "environment": {
    "env_variable_name": {
      "value": "env variable value",
      "sensitive": true|false
    }
  },
  "files": {
    "/path/to/file": {
      "value": "base64-encoded contents of the file",
      "sensitive": true|false
    }
  }
}

The configuration JSON structure is identical to the YAML described in this reference manual and the full configuration can be dumped by running ./containerssh --dump-config. The server is free to return only partial options that it wants to set. Any options that are sent overwrite the ones from the configuration file.

Currently only the following options can be set from the configuration server: