From cb69e6e14eb8d9bf4366e9975a45a29e62284dc4 Mon Sep 17 00:00:00 2001 From: bprieshof Date: Thu, 27 Sep 2018 10:28:16 +0000 Subject: [PATCH] Update 'Master-Installer.sh' --- Master-Installer.sh | 82 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 3 deletions(-) diff --git a/Master-Installer.sh b/Master-Installer.sh index e309291..d2ea484 100644 --- a/Master-Installer.sh +++ b/Master-Installer.sh @@ -8,16 +8,92 @@ # ##============================================================= -#install Software +#!/bin/bash +###============================================================ +## Ubuntu 18.04 Master Installer +###============================================================ +## Zet comments hieronder: +# +# +# +##============================================================= + +#install Cockpit Base apt install cockpit cockpit-packagekit -y #Login Limiter sed -i '/pam_sepermit.so/ i auth required pam_tally.so silent deny=4 unlock_time=90' /etc/pam.d/cockpit sed -i '/pam_shells.so/ i account required pam_tally2.so' /etc/pam.d/cockpit systemctl restart cockpit + ufw enable ufw default deny incoming ufw default allow outgoing -ufw allow ssh -ufw allow 9090/tcp +ufw limit ssh + +Echo Welke webserver +PS3='Keuze:' +options=("Nginx-RevProx" "Cockpit-Eigen" "Quit") +select opt in "${options[@]}" +do + case $opt in + "Nginx-RevProx") + echo Geef domein op + read domain + + apt install nginx python-certbot-nginx -y + mkdir -p /var/www/"$domain" + chown nginx:nginx /var/www/"$domain" + + cat < /etc/nginx/sites-enabled/git + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + upstream websocket { + server 127.0.0.1:9090; + } + + server { + listen 80 + server_name "$domain"; + location / { + proxy_pass http://websocket; + proxy_http_version 1.1; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + # needed for websocket + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + # change scheme of "Origin" to http + proxy_set_header Origin http://$host; + + # Pass ETag header from cockpit to clients. + # See: https://github.com/cockpit-project/cockpit/issues/5239 + gzip off; + } + + location /.well-known { + alias /var/www/"$domain"/.well-known; + } + + } + EOF + systemctl restart nginx + certbot --nginx -d "$domain" --register-unsafely-without-email --agree-tos + ufw allow 80/tcp + ufw allow 443/tcp + ufw reload + break;; + "Cockpit-Eigen") + ufw allow 9090/tcp + "Quit") + exit;; + *) echo "Fout commando $REPLY";; + esac +done +ufw limit ssh ufw reload \ No newline at end of file