Tools/ShellHubNative
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

inital commit

Browse Source
This commit is contained in:
Bram Prieshof
2021-01-16 00:08:06 +01:00
commit 23bfefebf8
10 changed files with 365 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Agent/ShellHubAgent.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=ShellHub Agent
Wants=network-online.target
[Service]
Type=simple
Environment=SHELLHUB_PRIVATE_KEY=/opt/ShellHubAgent/shellhub.key
Environment=SHELLHUB_TENANT_ID=SERVER_TENID
Environment=SHELLHUB_SERVER_ADDRESS=SERVER_ADDR
Environment=SHELLHUB_KEEPALIVE_INTERVAL=300
ExecStart=/opt/ShellHubAgent/ShellHubAgent
[Install]
WantedBy=multi-user.target

17
Agent/installAgent.sh Normal file
View File

@@ -0,0 +1,17 @@
##Build of a release tag
RelVer=stable
##Build of a master branch, but config is vaidated
#RelVer=latest_Tested
##Build of a master branch
#RelVer=latest
SERVER_ADDRESS=<unset>
TENANT_ID=<unset>
mkdir -p /opt/ShellHubAgent
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinAgent/ShellHubAgent-amd64 -O /opt/ShellHubAgent/ShellHubAgent
wget https://git.bprieshof.nl/Tools/ShellHubNative/raw/branch/master/Agent/ShellHubAgent.service -O /etc/systemd/system/ShellHubAgent.service
chmod +x /opt/ShellHub/ShellHubAgent
sed -i -e 's/SERVER_TENID/'$TENANT_ID'/g' -e 's/SERVER_ADDR/'$SERVER_ADDRESS'/g' /etc/systemd/system/ShellHubSSH.service
systemctl daemon-reload
systemctl enable --now ShellHubAgent

3
Server-KickStart.sh Normal file
View File

@@ -0,0 +1,3 @@
git clone https://git.bprieshof.nl/Tools/ShellHubNative
cd ShellHubNative/Server
bash install.sh

36
Server/Tools/adduser Normal file
View File

@@ -0,0 +1,36 @@
#!/bin/sh
[ $# -ne 3 ] && echo "Usage: $0 <username> <password> <email>" && exit 1
if [ ! -f "$(which uuidgen 2> /dev/null)" ]; then
echo "$0 requires uuidgen but it's not installed. Aborting!"
exit 1
fi
if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
echo "ERROR: mongoDB service is not running"
exit 1
fi
USERNAME=$1
PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
EMAIL=$3
[ -z "$TENANT_ID" ] && TENANT_ID=`uuidgen`
EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
if [ -n "$EXISTS" ]; then
echo "ERROR: user already exists!"
exit 1
fi
INSERTED=$(mongo main --quiet --eval "db.users.insert({ name: '$USERNAME', username: '$USERNAME', password: '$PASSWORD', email: '$EMAIL', tenant_id: '$TENANT_ID' }).nInserted")
if [ $INSERTED -eq 1 ]; then
echo "User added: $USERNAME"
echo "Tenant ID: $TENANT_ID"
else
echo "ERROR: Failed to add user"
fi

25
Server/Tools/del-user Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
[ -z $1 ] && echo "Usage: $0 <username>" && exit 1
if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
echo "ERROR: mongoDB service is not running"
exit 1
fi
USERNAME=$1
EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
if [ -z "$EXISTS" ]; then
echo "ERROR: user does not exists!"
exit 1
fi
REMOVED=`mongo main --quiet --eval "db.users.remove({username: '$USERNAME'}).nRemoved"`
if [ $REMOVED -gt 0 ]; then
echo "User deleted"
else
echo "ERROR: Failed to delete user"
fi

27
Server/Tools/reset-user-password Executable file
View File

@@ -0,0 +1,27 @@
#!/bin/sh
[ -z $1 ] || [ -z $2 ] && echo "Usage: $0 <username> <password>" && exit 1
if [ "${systemctl is-active --quiet mongod}" != "active" ]; then
echo "ERROR: mongoDB service is not running"
exit 1
fi
USERNAME=$1
PASSWORD=`printf $2 | sha256sum | awk '{ print $1 }'`
EXISTS=$(mongo main --quiet --eval "db.users.find({ username: '$USERNAME' })")
if [ -z "$EXISTS" ]; then
echo "ERROR: user does not exists!"
exit 1
fi
MODIFIED=` mongo main --quiet --eval "db.users.update({ username: '$USERNAME' }, { \\$set: { password: '$PASSWORD' } }).nModified"`
if [ $MODIFIED -eq 1 ]; then
echo "Password changed"
else
echo "User password not changed"
fi

13
Server/config/ServiceTemplates/ShellHubAPI.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=Shellhub API
Wants=network-online.target
[Service]
Type=simple
Environment=PRIVATE_KEY=/opt/ShellHub/keys/api_private_key
Environment=PUBLIC_KEY=/opt/ShellHub/keys/api_public_key
ExecStart=/opt/ShellHub/ShellHubAPI
Restart=on-failure
[Install]
WantedBy=multi-user.target

14
Server/config/ServiceTemplates/ShellHubSSH.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=Shellhub SSH
Wants=network-online.target
[Service]
Type=simple
Environment=PRIVATE_KEY=/opt/ShellHub/keys/ssh_private_key
Environment=SHELLHUB_HOSTED=false
Environment=RECORD_URL=127.0.0.1:8080
ExecStart=/opt/ShellHub/ShellHubSSH
Restart=on-failure
[Install]
WantedBy=multi-user.target

163
Server/config/openresty.conf Normal file
View File

@@ -0,0 +1,163 @@
user www-data;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
client_body_temp_path /var/run/openresty/nginx-client-body;
proxy_temp_path /var/run/openresty/nginx-proxy;
fastcgi_temp_path /var/run/openresty/nginx-fastcgi;
uwsgi_temp_path /var/run/openresty/nginx-uwsgi;
scgi_temp_path /var/run/openresty/nginx-scgi;
sendfile on;
keepalive_timeout 65;
map $http_x_real_ip $x_real_ip {
default $http_x_real_ip;
"" $remote_addr;
}
server {
include /opt/ShellHub/nginx.var;
listen 80;
server_name _;
resolver 127.0.0.1 ipv6=off;
root /opt/ShellHub/ui;
location / {
add_header Cache-Control "no-cache, no-store";
add_header Pragma "no-cache";
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /api {
auth_request /auth;
auth_request_set $tenant_id $upstream_http_x_tenant_id;
auth_request_set $username $upstream_http_x_username;
error_page 500 =401 /auth;
rewrite ^/api/(.*)$ /api/$1 break;
proxy_set_header X-Tenant-ID $tenant_id;
proxy_set_header X-Username $username;
proxy_pass http://127.0.0.1:8080;
}
location /ssh/connection {
auth_request /auth;
auth_request_set $device_uid $upstream_http_x_device_uid;
proxy_pass http://127.0.0.1:8081;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $x_real_ip;
proxy_set_header X-Device-UID $device_uid;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /ssh/revdial {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $x_real_ip;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /ssh/auth {
auth_request /auth;
auth_request_set $device_uid $upstream_http_x_device_uid;
error_page 500 =401 /auth;
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Device-UID $device_uid;
}
location ~* /api/sessions/(.*)/close {
auth_request /auth;
auth_request_set $tenant_id $upstream_http_x_tenant_id;
error_page 500 =401 /auth;
rewrite ^/api/(.*)$ /$1 break;
proxy_set_header X-Tenant-ID $tenant_id;
proxy_pass http://127.0.0.1:8081;
}
location /api/devices/auth {
auth_request off;
rewrite ^/api/(.*)$ /api/$1 break;
proxy_pass http://127.0.0.1:8080;
}
location /api/login {
auth_request off;
rewrite ^/api/(.*)$ /api/$1 break;
proxy_pass http://127.0.0.1:8080;
}
location /auth {
internal;
rewrite ^/(.*)$ /internal/$1 break;
proxy_pass http://127.0.0.1:8080;
}
location /ws {
proxy_pass http://ssh:8081;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $x_real_ip;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /info {
default_type application/json;
content_by_lua_block {
local host=ngx.var.http_host
local ssh_port=ngx.var.SHELLHUB_SSH_PORT
local version=ngx.var.SHELLHUB_VERSION
local json = require('cjson')
local data = {version=version, endpoints={api=host, ssh=host .. ":" .. ssh_port}}
ngx.say(json.encode(data))
}
}
location ~ ^/(install.sh|kickstart.sh)$ {
default_type "text/x-shellscript";
index nonexistingindex.htm;
content_by_lua_block {
local host=ngx.var.http_host
local scheme = ngx.var.http_x_forwarded_proto ~= '' and ngx.var.http_x_forwarded_proto or ngx.var.scheme
local tenant_id=ngx.var.arg_tenant_id
local keepalive_interval=ngx.var.arg_keepalive_interval
local preferred_hostname=ngx.var.arg_preferred_hostname
local version=ngx.var.SHELLHUB_VERSION
local template = require "resty.template"
template.render("kickstart.sh", {
scheme = scheme,
host = host,
tenant_id = tenant_id,
keepalive_interval = keepalive_interval,
preferred_hostname = preferred_hostname,
version = version
})
}
}
}
}

53
Server/install.sh Normal file
View File

@@ -0,0 +1,53 @@
##Build of a release tag
RelVer=stable
##Build of a master branch, but config is vaidated
#RelVer=latest_Tested
##Build of a master branch
#RelVer=latest
#Go to script directory
cd "$(dirname "$0")"
#Setting up services needed for ShellHub
##PreReqs
apt-get -y install --no-install-recommends wget gnupg ca-certificates openssl uuid-runtime
###add openresty Repo
wget -O - https://openresty.org/package/pubkey.gpg | apt-key add -
echo "deb http://openresty.org/package/$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"') openresty" > /etc/apt/sources.list.d/openresty.list
###add mongoDB Repo
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
##Installing packages
apt-get update
apt install -y openresty mongodb-org
##Configuring external services
opm get bungle/lua-resty-template
systemctl stop openresty mongod
systemctl enable openresty mongod
# config openresty(nginx)
rm /etc/openresty/nginx.conf
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/nginx.env -O /opt/ShellHub/nginx.env
mv config/openresty.conf /etc/openresty/nginx.conf
echo " 127.0.0.1 ui api ssh mongo" > /etc/hosts
systemctl start openresty mongod
##Setup Binaries
mkdir -p /opt/ShellHub/{ui,keys,tools}
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/.env -O /opt/ShellHub/shellhub.env
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubSSH-amd64 -O /opt/ShellHub/ShellHubSSH
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubAPI-amd64 -O /opt/ShellHub/ShellHubAPI
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/webui.tar.gz -O /tmp/webui.tar.gz
chmod +x /opt/ShellHub/BinServices/ShellHubAPI
chmod +x /opt/ShellHub/BinServices/ShellHubSSH
tar -zxvf /tmp/webui.tar.gz -C /opt/ShellHub/ui
mv Tools /opt/ShellHub/tools
##Generating keys
openssl genrsa -out /opt/ShellHub/keys/api_private_key 2048
openssl rsa -in /opt/ShellHub/keys/api_private_key -out /opt/ShellHub/keys/api_public_key -pubout
openssl genrsa -out /opt/ShellHub/keys/ssh_private_key 2048
##Setup services
mv config/ServiceTemplates/ShellHubAPI.service /etc/systemd/system/ShellHubAPI.service
mv config/ServiceTemplates/ShellHubSSH.service /etc/systemd/system/ShellHubSSH.service
systemctl daemon-reload
systemctl enable --now ShellHubAPI ShellHubSSH