# Remote Approver

```
 /$$                     /$$       /$$   /$$       
|__/                    | $$      |__/  | $$       
 /$$ /$$$$$$$   /$$$$$$ | $$$$$$$  /$$ /$$$$$$     
| $$| $$__  $$ |____  $$| $$__  $$| $$|_  $$_/     
| $$| $$  \ $$  /$$$$$$$| $$  \ $$| $$  | $$       
| $$| $$  | $$ /$$__  $$| $$  | $$| $$  | $$ /$$   
| $$| $$  | $$|  $$$$$$$| $$$$$$$/| $$  |  $$$$//$$
|__/|__/  |__/ \_______/|_______/ |__/   \___/ |__/
```

Production-ready CLI for configuring and running the Inabit Remote Approver with Docker and nginx.

Current version: v0.1.3

## What you get

* Guided setup wizard (validates token, configures URL/ports, generates nginx.conf)
* Automatic nginx and Docker Compose configuration
* HTTPS support with auto-detected certificates (PEM or CRT/KEY)
* Health checks and smart troubleshooting
* One-command cleanup and uninstall

## Install (production)

Clone the release repository on your remote instance and run the installer:

{% tabs %}
{% tab title="Current user (no sudo)" %}

```bash
# Clone the release bundle (contains installer + docker-compose.yml)
git clone https://your-release-repo-url.git approver-cli
cd approver-cli

# Install as current user (no sudo needed)
bash inabit-cli-installation-v1.0.sh
```

{% endtab %}

{% tab title="System-wide (requires sudo)" %}

```bash
# Clone the release bundle (contains installer + docker-compose.yml)
git clone https://your-release-repo-url.git approver-cli
cd approver-cli

# Install system-wide (requires sudo)
sudo bash inabit-cli-installation-v1.0.sh
```

{% endtab %}
{% endtabs %}

After installation, the global command `inabit` is available.

## Quick start

```bash
# Run the guided setup
inabit setup

# Check status / logs
inabit status
inabit logs

# Manage services
inabit restart
inabit stop
inabit start

# Cleanup everything created by setup (keeps Docker images)
inabit cleanup

# Uninstall the CLI and remove the global "inabit" command
inabit uninstall

# For system-wide installs, use: sudo inabit uninstall
```

## Setup flow (overview)

{% stepper %}
{% step %}

### Start setup

Run:

```bash
inabit setup
```

This begins the guided wizard.
{% endstep %}

{% step %}

### Validate login token

The wizard validates the provided token and obtains an access token.
{% endstep %}

{% step %}

### Configure service port

Default approver service port: 3020.
{% endstep %}

{% step %}

### Choose network approach

Select one of:

* Domain
* IP + Port
  {% endstep %}

{% step %}

### Domain flow

When using a domain:

* Choose HTTP (80) or HTTPS (443)
* Generates `nginx.conf`
* Auto-updates docker-compose ports
* Detects SSL files in `./ssl` (PEM or CRT/KEY)
  {% endstep %}

{% step %}

### IP + Port flow

When using IP + Port:

* Generates `nginx.conf` with a single `server { listen <custom>; }`
* Proxy to `approver:${APPROVER_PORT}`
* Compose port exposed automatically: `<custom>:<custom>`
  {% endstep %}

{% step %}

### Validate external URL

Wizard performs a health check to validate external accessibility.
{% endstep %}

{% step %}

### Create directories and configuration

Wizard creates required directories and configuration files.
{% endstep %}

{% step %}

### Start services

Starts nginx, then starts the approver service.
{% endstep %}

{% step %}

### Verify accessibility

Wizard verifies the service is reachable and healthy.
{% endstep %}

{% step %}

### Pairing

Shows pairing code and instructions to complete setup.
{% endstep %}
{% endstepper %}

{% hint style="info" %}
During setup, HTTP 403 from curl can be normal if Cloudflare or similar blocks non-browser requests; browsers should still work. The wizard treats 403/502/503 as acceptable during early startup while the approver initializes.
{% endhint %}

## Nginx in production (what the wizard configures)

* Domain
  * Port 80 (HTTP): `server { listen 80; }` that proxies to `approver:${APPROVER_PORT}`
  * Port 443 (HTTPS):
    * `listen 80;` redirects HTTP to HTTPS
    * `listen 443 ssl; http2 on;` uses detected cert/key under `/etc/nginx/ssl/`
  * Docker Compose ports exposed automatically: `80:80` and `443:443`
* IP + Port
  * Single `server { listen <custom>; }` with proxy to `approver:${APPROVER_PORT}`
  * Compose port exposed automatically: `<custom>:<custom>`

Supported certificate pairs to place in local `ssl/`:

* `cert.pem` + `key.pem`
* `cert.crt` + `key.key`
* `server.crt` + `server.key`
* `domain.crt` + `domain.key`

## Project structure (for reference)

```
release/
├── inabit-cli-installation-v1.0.sh   # Installer
├── docker-compose.yml                # Docker services configuration
└── README.md
```

## Prerequisites

{% hint style="warning" %}
Required on the host where you install the CLI:

* Docker
* Docker Compose
* Bash shell
  {% endhint %}

## Troubleshooting

<details>

<summary>Common commands (click to expand)</summary>

```bash
# Status / Logs
inabit status
inabit logs

# Restart / Cleanup
inabit restart
inabit cleanup
```

</details>

## License

This project is part of the Inabit Remote Approver service.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inabit.com/inabit-terminal/api-reference/prerequisites/remote-approver.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.