UI Guide

System Terminal

A full interactive host shell in the browser, governed by terminal protection rules.

The System Terminal gives you a real interactive shell on the host, streamed to the browser over a WebSocket. It is a true PTY (it supports interactive programs and resizing), not a one-shot command box.

This is host access. The session runs on the server itself, not inside a container. Treat it like SSH: anyone who can open it can affect the whole machine. Restrict it with terminal protection and user permissions.

Connecting

  1. Open the System Terminal page.
  2. Click Connect. The browser opens a WebSocket session and authenticates with your token.
  3. Use the shell as you would over SSH.
  4. Click Disconnect to close the session.

Terminal Protection

Access is governed by the terminal protection settings under Settings → Terminal:

  • Disable terminal — blocks all shell access entirely.
  • Blocked command rules — patterns that are rejected before they run. Each rule matches by contains, equals, prefix, suffix, or regex, with optional case sensitivity.
Permission required. Opening a session requires system write permission, and the configured blocked-command rules are enforced server-side, so they apply even to direct API use.

Container Shells

To get a shell inside a container rather than on the host, use the exec action on a container from the Containers page or a deployment's services. Those sessions are scoped to the container, not the host.

Star us on GitHub