ubuntu系统vps通过ttyd安装webssh

前提：非常关键
1.有一个vps服务器，并且自行放行相应端口
2.有一个域名托管到cloudflare（不要开启小黄云）并指向服务器IP，假设为webssh.abc.xyz
3.已经申请了ssl证书:

/etc/ssl/certs/webssh.abc.xyz.fullchain.cer;

/etc/ssl/private/webssh.abc.xyz.key;

步骤 1：安装依赖与 ttyd
sudo apt update
sudo apt install -y cmake g++ libjson-c-dev libwebsockets-dev git build-essential
git clone https://github.com/tsl0922/ttyd.git
cd ttyd
mkdir build
cd build
cmake ..
make
sudo make install
#安装完成后，测试是否成功：
ttyd -v
which ttyd #获取文件目录稍后有用

步骤2：安装nginx并配置
sudo apt update
sudo apt install nginx -y
micro /etc/nginx/sites-available/default
#编辑内容如下


server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name webssh.abc.xyz; 
    ssl_certificate /etc/ssl/certs/webssh.abc.xyz.fullchain.cer;    
    ssl_certificate_key /etc/ssl/private/webssh.abc.xyz.key;       
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    root /var/www/html;
    index index.html;
    location / {
        try_files $uri $uri/ =404;
    }
    location /webssh {   #增加此部分内容,路径随意填写但前后要一致
    proxy_pass http://127.0.0.1:7681/; # 转发给 ttyd 服务，7681后面的”/“必须要保留，注意整个教程端口的一致性
    proxy_http_version 1.1;
    # 以下两行对于 WebSocket (ttyd的核心技术) 至关重要
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name webssh.abc.xyz;
    return 301 https://$host$request_uri;
}

步骤3：将 ttyd 设置为系统服务
sudo micro /etc/systemd/system/ttyd.service
#编辑内容如下

[Unit]
Description=ttyd - Web Terminal
After=network.target
[Service]
ExecStart=/usr/local/bin/ttyd --port 7681 -W login
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

#编辑完成后启用
sudo systemctl daemon-reload
sudo systemctl enable ttyd
sudo systemctl restart ttyd
sudo systemctl status ttyd
lsof -i :7681 #检查端口监听情况

步骤四：开启安全防护
sudo apt install ufw
sudo ufw allow OpenSSH # 允许标准的 SSH 端口 (22)
sudo ufw allow ‘Nginx Full’ # 允许 Nginx 的 HTTP(80) 和 HTTPS(443)
sudo ufw enable # 启用防火墙
sudo ufw status # 查看防火墙状态
#安装 Fail2Ban，保护SSH 端口免受暴力破解攻击。
sudo apt install fail2ban -y
sudo systemctl enable –now fail2ban

部署完成后访问：https://webssh.abc.xyz/webssh，输入vps的账号和密码即可

ubuntu系统vps通过ttyd安装webssh

http://example.com/2025/08/07/ubuntu系统vps通过ttyd安装webssh/

Author

John Doe

Posted on

August 7, 2025

Licensed under

Rocket.Chat 部署教程（Docker + Nginx 反向代理 + SSL 证书） Previous

Ubuntu22.04使用dnscrypt-proxy配置DoH（DNS）教程 Next