inital commit

2021-01-16 00:08:06 +01:00
commit 23bfefebf8
10 changed files with 365 additions and 0 deletions
--- a/Agent/ShellHubAgent.service
+++ b/Agent/ShellHubAgent.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=ShellHub Agent
+Wants=network-online.target
+
+[Service]
+Type=simple
+Environment=SHELLHUB_PRIVATE_KEY=/opt/ShellHubAgent/shellhub.key
+Environment=SHELLHUB_TENANT_ID=SERVER_TENID
+Environment=SHELLHUB_SERVER_ADDRESS=SERVER_ADDR
+Environment=SHELLHUB_KEEPALIVE_INTERVAL=300
+ExecStart=/opt/ShellHubAgent/ShellHubAgent
+
+[Install]
+WantedBy=multi-user.target
--- a/Agent/installAgent.sh
+++ b/Agent/installAgent.sh
@@ -0,0 +1,17 @@
+##Build of a release tag
+RelVer=stable
+##Build of a master branch, but config is vaidated
+#RelVer=latest_Tested
+##Build of a master branch 
+#RelVer=latest
+
+SERVER_ADDRESS=<unset>
+TENANT_ID=<unset>
+
+mkdir -p /opt/ShellHubAgent
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinAgent/ShellHubAgent-amd64 -O /opt/ShellHubAgent/ShellHubAgent
+wget https://git.bprieshof.nl/Tools/ShellHubNative/raw/branch/master/Agent/ShellHubAgent.service  -O /etc/systemd/system/ShellHubAgent.service
+chmod +x /opt/ShellHub/ShellHubAgent
+sed -i -e 's/SERVER_TENID/'$TENANT_ID'/g' -e 's/SERVER_ADDR/'$SERVER_ADDRESS'/g' /etc/systemd/system/ShellHubSSH.service
+systemctl daemon-reload
+systemctl enable --now ShellHubAgent
--- a/Server-KickStart.sh
+++ b/Server-KickStart.sh
@@ -0,0 +1,3 @@
+git clone https://git.bprieshof.nl/Tools/ShellHubNative
+cd ShellHubNative/Server
+bash install.sh
--- a/Server/Tools/adduser
+++ b/Server/Tools/adduser
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+[ $# -ne 3 ] && echo "Usage: $0 <username> <password> <email>" && exit 1
+
+if [ ! -f "$(which uuidgen 2> /dev/null)" ]; then
+    echo "$0 requires uuidgen but it's not installed. Aborting!"
+    exit 1
+fi
+
+if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+USERNAME=$1
+PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
+EMAIL=$3
+[ -z "$TENANT_ID" ] && TENANT_ID=`uuidgen`
+
+
+EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -n "$EXISTS" ]; then
+    echo "ERROR: user already exists!"
+    exit 1
+fi
+
+INSERTED=$(mongo main --quiet --eval "db.users.insert({ name: '$USERNAME', username: '$USERNAME', password: '$PASSWORD', email: '$EMAIL', tenant_id: '$TENANT_ID' }).nInserted")
+
+if [ $INSERTED -eq 1 ]; then
+    echo "User added: $USERNAME"
+    echo "Tenant ID: $TENANT_ID"
+else
+    echo "ERROR: Failed to add user"
+fi
--- a/Server/Tools/del-user
+++ b/Server/Tools/del-user
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+[ -z $1 ] && echo "Usage: $0 <username>" && exit 1
+
+if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+USERNAME=$1
+
+EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -z "$EXISTS" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+REMOVED=`mongo main --quiet --eval "db.users.remove({username: '$USERNAME'}).nRemoved"`
+
+if [ $REMOVED -gt 0 ]; then
+    echo "User deleted"
+else
+    echo "ERROR: Failed to delete user"
+fi
--- a/Server/Tools/reset-user-password
+++ b/Server/Tools/reset-user-password
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+[ -z $1 ] || [ -z $2 ] && echo "Usage: $0 <username> <password>" && exit 1
+
+if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
+        echo "ERROR: mongoDB service is not running"
+        exit 1  
+fi
+
+
+USERNAME=$1
+PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
+
+EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
+
+if [ -z "$EXISTS" ]; then
+    echo "ERROR: user does not exists!"
+    exit 1
+fi
+
+MODIFIED=` mongo main --quiet --eval "db.users.update({ username: '$USERNAME' }, { \\$set: { password: '$PASSWORD' } }).nModified"`
+
+if [ $MODIFIED -eq 1 ]; then
+    echo "Password changed"
+else
+    echo "User password not changed"
+fi
--- a/Server/config/ServiceTemplates/ShellHubAPI.service
+++ b/Server/config/ServiceTemplates/ShellHubAPI.service
@@ -0,0 +1,13 @@
+ [Unit]
+Description=Shellhub API
+Wants=network-online.target
+
+[Service]
+Type=simple
+Environment=PRIVATE_KEY=/opt/ShellHub/keys/api_private_key
+Environment=PUBLIC_KEY=/opt/ShellHub/keys/api_public_key
+ExecStart=/opt/ShellHub/ShellHubAPI
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/Server/config/ServiceTemplates/ShellHubSSH.service
+++ b/Server/config/ServiceTemplates/ShellHubSSH.service
@@ -0,0 +1,14 @@
+ [Unit]
+Description=Shellhub SSH
+Wants=network-online.target
+
+[Service]
+Type=simple
+Environment=PRIVATE_KEY=/opt/ShellHub/keys/ssh_private_key
+Environment=SHELLHUB_HOSTED=false
+Environment=RECORD_URL=127.0.0.1:8080
+ExecStart=/opt/ShellHub/ShellHubSSH
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/Server/config/openresty.conf
+++ b/Server/config/openresty.conf
@@ -0,0 +1,163 @@
+user www-data;
+worker_processes 1;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    error_log /var/log/nginx/error.log;
+
+    client_body_temp_path /var/run/openresty/nginx-client-body;
+    proxy_temp_path       /var/run/openresty/nginx-proxy;
+    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
+    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
+    scgi_temp_path        /var/run/openresty/nginx-scgi;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    map $http_x_real_ip $x_real_ip {
+        default $http_x_real_ip;
+        "" $remote_addr;
+    }
+
+    server {
+        include    /opt/ShellHub/nginx.var;
+        listen 80;
+        
+        server_name _;
+        resolver 127.0.0.1 ipv6=off;
+        root /opt/ShellHub/ui;
+        
+        location / {
+            add_header Cache-Control "no-cache, no-store";
+            add_header Pragma "no-cache";
+
+            index index.html index.htm;
+            try_files $uri $uri/ /index.html;
+        }
+
+        location /api {
+            auth_request /auth;
+            auth_request_set $tenant_id $upstream_http_x_tenant_id;
+            auth_request_set $username $upstream_http_x_username;
+            error_page 500 =401 /auth;
+            rewrite ^/api/(.*)$ /api/$1 break;
+            proxy_set_header X-Tenant-ID $tenant_id;
+            proxy_set_header X-Username $username;
+            proxy_pass http://127.0.0.1:8080;
+        }
+
+        location /ssh/connection {
+            auth_request /auth;
+            auth_request_set $device_uid $upstream_http_x_device_uid;
+            proxy_pass http://127.0.0.1:8081;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $x_real_ip;
+            proxy_set_header X-Device-UID $device_uid;
+            proxy_http_version 1.1;
+            proxy_cache_bypass $http_upgrade;
+            proxy_redirect off;
+        }
+
+        location /ssh/revdial {
+            proxy_pass http://127.0.0.1:8081;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $x_real_ip;
+            proxy_http_version 1.1;
+            proxy_cache_bypass $http_upgrade;
+            proxy_redirect off;
+        }
+
+        location /ssh/auth {
+            auth_request /auth;
+            auth_request_set $device_uid $upstream_http_x_device_uid;
+            error_page 500 =401 /auth;
+            proxy_pass http://127.0.0.1:8080;
+            proxy_set_header X-Device-UID $device_uid;
+        }
+
+        location ~* /api/sessions/(.*)/close {
+            auth_request /auth;
+            auth_request_set $tenant_id $upstream_http_x_tenant_id;
+            error_page 500 =401 /auth;
+            rewrite ^/api/(.*)$ /$1 break;
+            proxy_set_header X-Tenant-ID $tenant_id;
+            proxy_pass http://127.0.0.1:8081;
+        }
+
+        location /api/devices/auth {
+            auth_request off;
+            rewrite ^/api/(.*)$ /api/$1 break;
+            proxy_pass http://127.0.0.1:8080;
+        }
+
+        location /api/login {
+            auth_request off;
+            rewrite ^/api/(.*)$ /api/$1 break;
+            proxy_pass http://127.0.0.1:8080;
+        }
+
+        location /auth {
+            internal;
+            rewrite ^/(.*)$ /internal/$1 break;
+            proxy_pass http://127.0.0.1:8080;
+        }
+
+        location /ws {
+            proxy_pass http://ssh:8081;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+
+            proxy_set_header X-Real-IP $x_real_ip;
+            proxy_http_version 1.1;
+            proxy_cache_bypass $http_upgrade;
+            proxy_redirect off;
+        }
+
+        location /info {
+            default_type application/json;
+
+            content_by_lua_block {
+                local host=ngx.var.http_host
+                local ssh_port=ngx.var.SHELLHUB_SSH_PORT
+                local version=ngx.var.SHELLHUB_VERSION
+                local json = require('cjson')
+                local data = {version=version, endpoints={api=host, ssh=host .. ":" .. ssh_port}}
+                ngx.say(json.encode(data))
+            }
+        }
+        location ~ ^/(install.sh|kickstart.sh)$ {
+        default_type "text/x-shellscript";
+        index nonexistingindex.htm;
+            content_by_lua_block {
+                local host=ngx.var.http_host
+                local scheme = ngx.var.http_x_forwarded_proto ~= '' and ngx.var.http_x_forwarded_proto or ngx.var.scheme
+                local tenant_id=ngx.var.arg_tenant_id
+                local keepalive_interval=ngx.var.arg_keepalive_interval
+                local preferred_hostname=ngx.var.arg_preferred_hostname
+                local version=ngx.var.SHELLHUB_VERSION
+                local template = require "resty.template"
+                template.render("kickstart.sh", {
+                    scheme = scheme,
+                    host = host,
+                    tenant_id = tenant_id,
+                    keepalive_interval = keepalive_interval,
+                    preferred_hostname = preferred_hostname,
+                    version = version
+                })
+            }
+        }
+
+    }
+
+}
--- a/Server/install.sh
+++ b/Server/install.sh
@@ -0,0 +1,53 @@
+##Build of a release tag
+RelVer=stable
+##Build of a master branch, but config is vaidated
+#RelVer=latest_Tested
+##Build of a master branch 
+#RelVer=latest
+
+#Go to script directory
+cd "$(dirname "$0")"
+#Setting up services needed for ShellHub
+##PreReqs
+apt-get -y install --no-install-recommends wget gnupg ca-certificates openssl uuid-runtime
+###add openresty Repo
+wget -O - https://openresty.org/package/pubkey.gpg | apt-key add -
+echo "deb http://openresty.org/package/$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"') openresty" > /etc/apt/sources.list.d/openresty.list
+###add mongoDB Repo
+wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
+echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+##Installing packages
+apt-get update
+apt install -y openresty mongodb-org 
+##Configuring external services
+opm get bungle/lua-resty-template
+systemctl stop openresty mongod
+systemctl enable openresty mongod
+# config openresty(nginx)
+rm /etc/openresty/nginx.conf
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/nginx.env -O /opt/ShellHub/nginx.env
+mv config/openresty.conf /etc/openresty/nginx.conf
+echo " 127.0.0.1       ui api ssh mongo" > /etc/hosts
+systemctl start openresty mongod
+
+##Setup Binaries 
+mkdir -p /opt/ShellHub/{ui,keys,tools}
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/.env -O /opt/ShellHub/shellhub.env
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubSSH-amd64  -O /opt/ShellHub/ShellHubSSH
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubAPI-amd64  -O /opt/ShellHub/ShellHubAPI
+wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/webui.tar.gz -O /tmp/webui.tar.gz
+chmod +x /opt/ShellHub/BinServices/ShellHubAPI
+chmod +x /opt/ShellHub/BinServices/ShellHubSSH
+tar -zxvf /tmp/webui.tar.gz -C /opt/ShellHub/ui
+mv Tools /opt/ShellHub/tools
+
+##Generating keys
+openssl genrsa -out /opt/ShellHub/keys/api_private_key 2048
+openssl rsa -in /opt/ShellHub/keys/api_private_key -out /opt/ShellHub/keys/api_public_key -pubout
+openssl genrsa -out /opt/ShellHub/keys/ssh_private_key 2048
+
+##Setup services
+mv config/ServiceTemplates/ShellHubAPI.service /etc/systemd/system/ShellHubAPI.service
+mv config/ServiceTemplates/ShellHubSSH.service /etc/systemd/system/ShellHubSSH.service
+systemctl daemon-reload
+systemctl enable --now ShellHubAPI ShellHubSSH