update chisel

2024-03-18 10:14:15 +01:00 · 2024-03-18 10:14:15 +01:00 · 238ce6b7ca
commit 238ce6b7ca
parent c7a3ff7723
1 changed files with 36 additions and 3 deletions
--- a/technology/applications/cli/network/chisel.md
+++ b/technology/applications/cli/network/chisel.md
@ -1,7 +1,7 @@
 ---
 obj: application
 repo: https://github.com/jpillora/chisel
-rev: 2024-03-15
+rev: 2024-03-17
 ---

 # chisel
@ -82,11 +82,44 @@ When stdio is used as local-host, the tunnel will connect standard input/output
 | `--pid`                         | Generate pid file in current working directory                                                                                                                                                                                                                                                                                                                                                    |
 | `-v`                            | Enable verbose [logging](../../../dev/Log.md)                                                                                                                                                                                                                                                                                                                                                     |

-### Security
+## Security
 Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint ([base64](../../../files/Base64.md) encoded [SHA256](../../../cryptography/SHA.md)) will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key file, using the `--keyfile` option. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the `--fingerprint` option.

-### Authentication
+## Authentication
 Using the `--authfile` option, the server may optionally provide a `user.json` configuration file to create a list of accepted users. The client then authenticates using the `--auth` option. See [users.json](https://github.com/jpillora/chisel/blob/master/example/users.json) for an example authentication configuration file.

 Internally, this is done using the _Password_ authentication method provided by [SSH](../../network/SSH.md).

+## [Systemd](../../../linux/systemd/Systemd.md) Unit
+Client:
+```
+[Unit]
+Description=Chisel Port Forwarding Service
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=chisel client --auth <auth> <server> <forward>
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+
+## [Docker Compose](../../../tools/Docker%20Compose.md)
+Server:
+```yml
+version: "3"
+services:
+    chisel:
+        image: jpillora/chisel
+        command: "server --reverse --authfile /users.json"
+        environment:
+            - HOST=0.0.0.0
+            - PORT=8080
+        ports:
+            - 8080:8080 # Proxy
+        volumes:
+            - ./users.json:/users.json
+        restart: unless-stopped
+```