Setup
Start your SingleJump
Now it's time to start SingleJump. You can run your docker-compose file with the following command:
Configure SingleJump
SingleJump comes without any user, before you can access it you need to create a super-admin user.
Create super-user
Execute the following command and follow the instructions:
docker exec -it web_server su - singlejump -c "php /home/singlejump/webapp/artisan make:super-admin"
Login to the web interface
Now you can log in to the web interface using your IP address or domain. For example: https://login.yourdomain.com. Use the super-user credentials previously created.
Initially, the system comes with a self-signed SSL certificate. Because of this, your browser may show security warnings until you properly configure a valid SSL certificate.
Secure your web interface
We recommend setting up SSL to access your web interface, and you have two options:
Use Let’s Encrypt certificates
We shipped SingleJump with Let’s Encrypt auto signing and renewal for SSL certificates.
To generate and sign your Let’s Encrypt certificate, please follow these steps:
- Go to Settings.
- Enter your email address and domain name (e.g., login.yourdomain.com).
- Click Enable, then Save.
- Click Request, then Request now.
Please ensure that TCP port 80 is opened in your firewall and a public IP address is configured on your server to sign your certificate.
SingleJump will automatically renew the certificate before it expires.
Initialize the database
SingleJump utilizes asymmetric encryption or public-key encryption to store SSH private keys for each device you add. To do this, you need to generate the master private/public key that will be used for all your devices and users.
Please note that you should only initialize the database once. If you do it more than once, you will lose access to your devices, and you will have to add them again.
To initialize the database, enter your super-admin user password and click Save.
Activate your Two-Factor Authentication
To access devices through SSH or view SSH session recordings, you should enable 2FA. Currently, SingleJump provides Google Authenticator, but more alternatives will be added.
To enable it, click on the profile button at the top right corner, then click on "Two Factor Authentication", and then click "Enable".
You will be prompted for your password and presented with a QR code that you can scan using the Google Authenticator app.
Now you can start adding your Device Groups, Devices and Users.
Enable SSH Access
SingleJump allows SSH access to your devices through two methods:
From your browser by accessing the SingleJump web interface. From your favorite SSH client like Putty or the regular SSH terminal client. By default, there is an ACL (Access Control List) that allows connections from anywhere (0.0.0.0/0) for web access, but SSH access to SingleJump is disabled.
We recommend changing this default ACL to include only the IP address from which you or your staff will connect, and enabling SSH access. This will allow you to use SingleJump SSH Server to access your devices.
To do so, connect to SingleJump like this:
ssh -l [email protected] -p2222
You can add as many ACLs as you want, including IP addresses or networks. You can also define those ACLs by user or globally.
Please note that you need to enable Two-Factor Authentication before connecting to SingleJump via SSH.