-
-
Notifications
You must be signed in to change notification settings - Fork 314
Deployment with systemd
Antonio Mika edited this page Dec 31, 2021
·
2 revisions
-
Setup the user that will be running sish:
# Add the user useradd -d /srv/sish -m sish # Login as the user su sish # Jump into the home folder for the user cd /srv/sish # Create the directory to store public keys # Place your public keys here! mkdir pubkeys sish # Download sish. This grabs `v2.0.0`. If you would like to retrieve a # different version, change the `2.0.0` to the semantic version you'd like. curl -L "https://github.com/antoniomika/sish/releases/download/v2.0.0/sish-2.0.0.$(uname | tr '[:upper:]' '[:lower:]')-$((uname -m | grep -q armv8 && echo arm64) || (uname -m | grep -q aarch64 && echo arm64) || (uname -m | grep -q arm && echo armv6) || echo amd64).tar.gz" | tar -xzC /srv/sish/sish --strip-components=1 # Or build sish from source. This checks out the `v2.0.0` version. # Similar to above, change this to the version or branch you'd like. git clone https://github.com/antoniomika/sish.git sish && git checkout v2.0.0 go build . # switch back to the root user exit
-
Setup the unit file at
/etc/systemd/system/sish.service:💡 These args are not exhaustive: ensure the arguments match your intended use!
[Unit] Description=sish [Service] ExecStart=/srv/sish/sish/sish \ --ssh-address=:22 \ --http-address=:80 \ --authentication-keys-directory=/srv/sish/pubkeys \ -d sish.example.com \ --bind-random-subdomains=false WorkingDirectory=/srv/sish/sish User=sish Group=sish Restart=on-failure RestartSec=5s ProtectSystem=strict PrivateTmp=true PrivateDevices=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target
-
Start the sish service
systemctl start sish
-
Enable the sish service so it restarts on reboots
systemctl enable sish -
Check service status
systemctl status sish