Add applications and application configurations-Bastionhost(Bastionhost)-阿里云帮助中心

Bastionhost supports operations and maintenance (O&M) for applications. To manage an application, you must first add it to Bastionhost and associate it with an application server and remote client.

Prerequisites

You have added an application server. For more information, see Add and deploy an application server.
You have added a remote client. For more information, see Add a remote client.

Add an application

Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose Assets > Applications.

On the Applications tab, click Create Application. In the panel that appears, configure the parameters as described in the following table and click OK.

Parameter	Description
Application Name	A custom name for the application. The name must meet the following requirements: Must be 1 to 128 characters long. The name cannot start with a special character. The name can contain only periods (.), underscores (_), hyphens (-), backslashes (\), and spaces.
Application Server	Select the application server used to access the application. For more information about how to add an application server, see Add and deploy an application server.
Associate Remote Client	Select the remote client used to access the application. For more information about how to add a remote client, see Add a remote client.
Application Type	The system automatically identifies the application type based on the selected remote client.
Destination URL	The URL that automatically opens when an O&M session for the application starts. This parameter is available only when the remote client is Google Chrome or Mozilla Firefox.
O&M Access Rules	This parameter is available only when the remote client is Google Chrome. Only allow O&M access to URLs that have the same IP address or domain name as the destination URL: When this option is enabled, users can only access URLs that share the same IP address or domain name as the Destination URL, in addition to URLs on the whitelist. Blacklist/Whitelist: Specify a blacklist or whitelist for URLs. Example: Assume that you set the destination URL to `https://example.com`, enable the Only allow O&M access to URLs that have the same IP address or domain name as the destination URL option, and add `https://example.com/help` to the blacklist. In this case, an authorized O&M user cannot access the content in the `/help` directory of the website. Access to other resource paths is not affected.

Set up automatic logon

If the application is associated with a Google Chrome or Mozilla Firefox remote client, you can configure an autofill script for the browser. This allows you to store the web application's username and password in an application account to enable automatic logon during O&M sessions.

Note

Websites that use anti-bot logon detection do not support autofill for usernames and passwords.
For websites that require a verification code, you must enter the code manually after Bastionhost autofills your credentials to complete the logon.

Generate and configure the autofill script

Although the browser extension for generating the autofill script runs only in Google Chrome, the generated script works in both Chrome and Mozilla Firefox.

Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose Assets > Applications.
On the Applications tab, find the target application and click Edit in the Actions column.
On the Application Configurations tab, click Download the browser plug-in and decompress the downloaded file on your computer.

Import the downloaded extension to your browser. Follow the instructions provided by the extension to generate the script, and then paste it into the Autofill Script field.
In Google Chrome, go to the extensions page and add the decompressed extension folder (named extension).

After the extension is loaded, Bastionhost Web Configuration Generator 1.0 appears in the extension list. Make sure the toggle switch in the lower-right corner is enabled.
In Google Chrome, open the logon page of the web application for which you want to enable autofill. Click the extension icon and then click Start.

The following steps use the Alibaba Cloud RAM user logon page as an example:

In the extension pop-up, make sure that Configuration Type is set to Autofill.
Follow the prompts to capture the username input box, password input box, and logon button by using the extension.
- Capture the username input box
  
  On the logon page, right-click the username input box and select Bastionhost Web Configuration Generator > Add Username Input Box from the context menu.
- Capture the password input box
  
  On the RAM user logon page, click the Add Password Input Box button provided by the Bastionhost Web Configuration Generator extension in the lower-right corner of the page. This adds the password input box to the autofill script.
- Capture the logon button
  
  On the RAM user logon page, right-click the page to open the browser context menu. At the bottom of the menu, find the Bastionhost Web Configuration Generator extension item and click Add Logon Button.
After you capture all required elements, the script is automatically generated and copied to your clipboard. Return to the Application Configurations tab in the Bastionhost console, paste the script into the autofill script field, and click Update.

Create an application account

Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose Assets > Applications.
On the Applications tab, find the target application and click Edit in the Actions column.
On the Application Account tab, click Create Application Account. In the panel that appears, set the username and password for the web application and click OK.

Related operations

Edit an application: To modify an application's configuration, such as its name or associated application server, find the application and click Edit in the Actions column.
Delete an application: If an application is no longer needed, find it and click Delete in the Actions column.