Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs/non root user with systemd #269

Merged
merged 3 commits into from
Jul 7, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 45 additions & 6 deletions examples/systemd/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,16 @@

The directory lists some systemd unit files for example, which can be used to run `rathole` as a service on Linux.

[The `@` symbol in name of unit files](https://superuser.com/questions/393423/the-symbol-and-systemctl-and-vsftpd) such as
[The `@` symbol in the name of unit files](https://superuser.com/questions/393423/the-symbol-and-systemctl-and-vsftpd) such as
`rathole@.service` facilitates the management of multiple instances of `rathole`.

For the naming of the example, `ratholes` stands for `rathole --server`, and `ratholec` stands for `rathole --client`, `rathole` is just `rathole`.

Assuming that `rathole` is installed in `/usr/bin/rathole`, and the configuration file is in `/etc/rathole/app1.toml`, the following steps shows how to run an instance of `rathole --server`.
For security, it is suggested to store configuration files with permission `600`, that is, only the owner can read the file, preventing arbitrary users on the system from accessing the secret tokens.

### With root privilege

Assuming that `rathole` is installed in `/usr/bin/rathole`, and the configuration file is in `/etc/rathole/app1.toml`, the following steps show how to run an instance of `rathole --server` with root.

1. Create a service file.

Expand All @@ -22,14 +26,49 @@ sudo mkdir -p /etc/rathole
# And create the configuration file named `app1.toml` inside /etc/rathole
```

3. Enable and start the service
3. Enable and start the service.

```bash
sudo systemctl daemon-reload # Make sure systemd find the new unit
sudo systemctl enable ratholes@app1 --now
```

And if there's another configuration named `app2.toml` in `/etc/rathole`, then
`sudo systemctl enable ratholes@app2 --now` can start an instance for that configuration.
### Without root privilege

Assuming that `rathole` is installed in `~/.local/bin/rathole`, and the configuration file is in `~/.local/etc/rathole/app1.toml`, the following steps show how to run an instance of `rathole --server` without root.

1. Edit the example service file as...

```txt
# with root
# ExecStart=/usr/bin/rathole -s /etc/rathole/%i.toml
# without root
ExecStart=%h/.local/bin/rathole -s %h/.local/etc/rathole/%i.toml
```

2. Create a service file.

```bash
mkdir -p ~/.config/systemd/user
cp ratholes@.service ~/.config/systemd/user/
```

3. Create the configuration file `app1.toml`.

```bash
mkdir -p ~/.local/etc/rathole
# And create the configuration file named `app1.toml` inside ~/.local/etc/rathole
```

4. Enable and start the service.

```bash
systemctl --user daemon-reload # Make sure systemd find the new unit
systemctl --user enable ratholes@app1 --now
```

### Run multiple services

To run multiple services at once, simply add another configuration, say `app2.toml` under `/etc/rathole` (`~/.local/etc/rathole` for non-root), then run `sudo systemctl enable ratholes@app2 --now` (`systemctl --user enable ratholes@app2 --now` for non-root) to start an instance for that configuration.

The same applies to `rathole --client` and `rathole`.
The same applies to `ratholec@.service` for `rathole --client` and `rathole@.service` for `rathole`.
7 changes: 5 additions & 2 deletions examples/systemd/rathole@.service
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/rathole /etc/rathole/%i.toml
LimitNOFILE=1048576

# with root
ExecStart=/usr/bin/rathole /etc/rathole/%i.toml
# without root
# ExecStart=%h/.local/bin/rathole %h/.local/etc/rathole/%i.toml

[Install]
WantedBy=multi-user.target
7 changes: 5 additions & 2 deletions examples/systemd/ratholec.service
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/rathole -c /etc/rathole/rathole.toml
LimitNOFILE=1048576

# with root
ExecStart=/usr/bin/rathole -c /etc/rathole/rathole.toml
# without root
# ExecStart=%h/.local/bin/rathole -c %h/.local/etc/rathole/rathole.toml

[Install]
WantedBy=multi-user.target
7 changes: 5 additions & 2 deletions examples/systemd/ratholec@.service
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/rathole -c /etc/rathole/%i.toml
LimitNOFILE=1048576

# with root
ExecStart=/usr/bin/rathole -c /etc/rathole/%i.toml
# without root
# ExecStart=%h/.local/bin/rathole -c %h/.local/etc/rathole/%i.toml

[Install]
WantedBy=multi-user.target
7 changes: 5 additions & 2 deletions examples/systemd/ratholes.service
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/rathole -s /etc/rathole/rathole.toml
LimitNOFILE=1048576

# with root
ExecStart=/usr/bin/rathole -s /etc/rathole/rathole.toml
# without root
# ExecStart=%h/.local/bin/rathole -s %h/.local/etc/rathole/rathole.toml

[Install]
WantedBy=multi-user.target
7 changes: 5 additions & 2 deletions examples/systemd/ratholes@.service
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,14 @@ After=network.target

[Service]
Type=simple
DynamicUser=yes
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/rathole -s /etc/rathole/%i.toml
LimitNOFILE=1048576

# with root
ExecStart=/usr/bin/rathole -s /etc/rathole/%i.toml
# without root
# ExecStart=%h/.local/bin/rathole -s %h/.local/etc/rathole/%i.toml

[Install]
WantedBy=multi-user.target