中文 | English
Lightweight web terminal for accessing Claude Code and a shell from a mobile browser.
- Password login + Google Authenticator 2FA
- Recovery code login when the 2FA device is unavailable
- Multiple projects open at the same time, each with isolated terminal sessions
- Dual terminal tabs for Claude and Shell
- Claude session auto-continue with
--continue, configurable in Settings - Mobile-friendly virtual keyboard with paste, Tab, arrow keys, Ctrl+C, paging, and more
- Real-time sync between the text input and terminal prompt
- Shell compatible with Bash, Fish, and other shells
- Smart Starship prompt detection that skips decorative prompt glyphs like
❯ - Fish autosuggestion sync after accepting suggestions with
→ - Nerd Font rendering with bundled JetBrainsMono Nerd Font
- Automatic WebSocket reconnect
- Persistent file-based sessions that survive restarts
- Settings page for password changes, 2FA management, and recovery code status
- Security hardening with CSP, rate limiting, request timeouts, and security headers
- Included
systemdand Nginx deployment configs
git clone https://github.com/yourname/web-claude-terminal.git
cd web-claude-terminal
npm installCopy and edit the .env file:
cp .env.example .envRequired:
WEB_TERMINAL_PASSWORD=your_secure_password_hereOptional:
# Session secret. Auto-generated if unset, but should be fixed in production.
WEB_TERMINAL_SESSION_SECRET=
# Workspace root directory (default: ~/projects)
WEB_TERMINAL_WORKSPACE_ROOT=
# Shell command (default: use $SHELL first, then fall back to /bin/bash)
WEB_TERMINAL_SHELL=/usr/bin/fish
# Listen host and port
HOST=127.0.0.1
PORT=8765Notes:
- Local development can use
http://127.0.0.1:8765 - Public deployments should run behind an HTTPS reverse proxy such as Nginx + Certbot
- The
data/directory stores runtime state and should not be committed to Git
Generate a fixed session secret:
openssl rand -hex 32# Production
npm start
# Development with auto-reload
npm run devFor local development, open http://127.0.0.1:8765.
For production, access the app through an HTTPS domain.
sudo cp deploy/web-claude-terminal.service /etc/systemd/system/
sudo nano /etc/systemd/system/web-claude-terminal.service
sudo systemctl daemon-reload
sudo systemctl enable --now web-claude-terminal
sudo journalctl -u web-claude-terminal -fsudo cp deploy/nginx.conf /etc/nginx/sites-available/web-claude-terminal
sudo nano /etc/nginx/sites-available/web-claude-terminal
sudo ln -s /etc/nginx/sites-available/web-claude-terminal /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxsudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.com| Feature | Description |
|---|---|
| Password protection | All pages except the login page require authentication |
| 2FA | Optional Google Authenticator support with recovery codes |
| Rate limiting | 5 login attempts per 5 minutes, persisted to disk |
| Persistent sessions | File-based session storage survives restarts |
| CSP headers | Restricts script, style, image, and font sources |
| API timeout | /api/* requests time out after 30 seconds |
| Path validation | Prevents directory traversal outside the workspace root |
| Project isolation | Only web-created projects can be deleted |
| Idle cleanup | Terminal sessions are closed after 2 hours of inactivity |
Browser (xterm.js) <-WebSocket-> Node.js (Express + node-pty) <-PTY-> claude / fish
- Frontend: vanilla HTML/CSS/JS + xterm.js + FitAddon with a Catppuccin Mocha theme
- Backend: Express + WebSocket (
ws) +node-pty - Auth:
express-session+ file session store +speakeasyTOTP - Deployment:
systemdservice + Nginx reverse proxy
Make sure claude is available in the system PATH:
which claude# Debian/Ubuntu
sudo apt install build-essential python3
npm installCheck the Nginx WebSocket upgrade headers and firewall settings.
Make sure you are using the current version of the code. This project supports session cookies on local HTTP during development, while production should still use HTTPS.
MIT. See the root LICENSE file.
- Custom terminal themes
- Terminal output search
- File manager with upload/download
- Multi-user support with isolated passwords and projects
- Terminal recording and playback
- Better mobile gesture support
- Dockerized deployment