Skip to content
Klutch.sh Docs

Deploying Warpgate

Introduction

Warpgate is a smart SSH, HTTPS, and MySQL bastion host designed for modern infrastructure security. It acts as a single point of entry to your servers, providing authentication, authorization, session recording, and audit logging for all remote access connections.

Unlike traditional bastion hosts, Warpgate is protocol-aware, meaning it understands SSH, HTTP/HTTPS, and MySQL protocols natively. This enables features like live session viewing, command logging, and granular access control without requiring agents on target systems.

Key features of Warpgate include:

  • Multi-Protocol Support: Handle SSH, HTTPS, and MySQL connections through a single gateway
  • Session Recording: Record all sessions for security auditing and compliance
  • Live Session Viewing: Watch active sessions in real-time from the admin panel
  • SSO Integration: Authenticate users via OpenID Connect providers
  • Role-Based Access Control: Define granular permissions for users and groups
  • No Agent Required: Connect to any standard SSH, HTTP, or MySQL server
  • Web Admin Interface: Manage users, targets, and view logs through a web UI
  • Two-Factor Authentication: Built-in TOTP support for additional security
  • Audit Logging: Comprehensive logs for all authentication and access events

This guide walks you through deploying Warpgate on Klutch.sh using Docker for secure remote access management.

Prerequisites

Before deploying Warpgate on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your Warpgate configuration
  • Target servers you want to access through Warpgate
  • Basic understanding of SSH and bastion host concepts

Repository Structure

Create a GitHub repository with the following structure:

warpgate-deploy/
├── Dockerfile
└── .dockerignore

Dockerfile

Create a Dockerfile in your repository:

FROM ghcr.io/warp-tech/warpgate:latest


# Web admin interface
EXPOSE 8888


# SSH protocol
EXPOSE 2222


# MySQL protocol
EXPOSE 33306


# The base image handles the entrypoint

Environment Variables

Warpgate configuration is primarily done through the web interface after initial setup. The first run will generate a configuration file.

VariableRequiredDefaultDescription
WARPGATE_ADMIN_PASSWORDNoGeneratedInitial admin password (shown in logs if not set)

Deployment on Klutch.sh

  1. Push your Dockerfile to your GitHub repository.
  2. Log in to Klutch.sh and create a new project.
  3. Create a new app within your project and connect your GitHub repository containing the Dockerfile.
  4. Configure the deployment settings: - Select **HTTP** as the traffic type - Set the internal port to **8888** (for the web admin interface)
  5. Attach persistent volumes: - Mount path: `/data` - Recommended size: 10 GB - Purpose: Configuration, session recordings, and logs
  6. Click **Deploy** and wait for the build to complete.
  7. Access the web admin interface at the provided URL. Check the deployment logs for the initial admin password if not set via environment variable.
  8. Configure your target servers and user access through the web interface.

Post-Deployment Configuration

After deployment:

  1. Log in with the admin credentials from the deployment logs
  2. Add target servers (SSH hosts, HTTP endpoints, MySQL servers)
  3. Create user accounts and assign permissions
  4. Configure SSO integration if using an identity provider
  5. Set up session recording policies

Important Notes

The SSH and MySQL protocol ports (2222 and 33306) require TCP traffic routing. For full bastion host functionality including SSH access, you may need to configure additional port mappings depending on your Klutch.sh plan.

Troubleshooting

Cannot Access Admin Interface

Verify the deployment is running and check logs for startup errors. Ensure port 8888 is correctly configured for HTTP traffic.

Session Recordings Missing

Ensure the /data volume is properly mounted and has sufficient space.

Additional Resources