Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9ba728ed01 | ||
|
|
5efa39c0d0 | ||
|
|
496e1edf2e | ||
|
|
d2301d4ebc | ||
|
|
3a0e965f90 | ||
|
cb69e6e14e |
@@ -1,3 +1,4 @@
|
||||
|
||||
#!/bin/bash
|
||||
###============================================================
|
||||
## Ubuntu 18.04 Master Installer
|
||||
@@ -8,16 +9,89 @@
|
||||
#
|
||||
##=============================================================
|
||||
|
||||
#install Software
|
||||
#install Cockpit Base
|
||||
apt install cockpit cockpit-packagekit -y
|
||||
|
||||
#Login Limiter
|
||||
sed -i '/pam_sepermit.so/ i auth required pam_tally.so silent deny=4 unlock_time=90' /etc/pam.d/cockpit
|
||||
sed -i '/pam_shells.so/ i account required pam_tally2.so' /etc/pam.d/cockpit
|
||||
systemctl restart cockpit
|
||||
|
||||
ufw enable
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
ufw allow ssh
|
||||
ufw allow 9090/tcp
|
||||
ufw limit ssh
|
||||
|
||||
echo Welke webserver
|
||||
PS3='Keuze:'
|
||||
options=("Nginx-RevProx" "Cockpit-Eigen" "Quit")
|
||||
select opt in "${options[@]}"
|
||||
do
|
||||
case $opt in
|
||||
"Nginx-RevProx")
|
||||
webserv=1
|
||||
break;;
|
||||
"Cockpit-Eigen")
|
||||
ufw allow 9090/tcp
|
||||
break;;
|
||||
"Quit")
|
||||
exit;;
|
||||
*) echo "Fout commando $REPLY";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [$webserv = 1]
|
||||
|
||||
echo Geef domein op
|
||||
read domain
|
||||
|
||||
apt install nginx python-certbot-nginx -y
|
||||
mkdir -p /var/www/"$domain"
|
||||
chown nginx:nginx /var/www/"$domain"
|
||||
|
||||
cat <<EOF > /etc/nginx/sites-enabled/git
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream websocket {
|
||||
server 127.0.0.1:9090;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80
|
||||
server_name "$domain";
|
||||
location / {
|
||||
proxy_pass http://websocket;
|
||||
proxy_http_version 1.1;
|
||||
proxy_buffering off;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
# needed for websocket
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
# change scheme of "Origin" to http
|
||||
proxy_set_header Origin http://$host;
|
||||
|
||||
# Pass ETag header from cockpit to clients.
|
||||
# See: https://github.com/cockpit-project/cockpit/issues/5239
|
||||
gzip off;
|
||||
}
|
||||
|
||||
location /.well-known {
|
||||
alias /var/www/"$domain"/.well-known;
|
||||
}
|
||||
|
||||
}
|
||||
EOF
|
||||
systemctl restart nginx
|
||||
certbot --nginx -d "$domain" --register-unsafely-without-email --agree-tos
|
||||
ufw allow 80/tcp
|
||||
ufw allow 443/tcp
|
||||
ufw reload
|
||||
fi
|
||||
|
||||
ufw limit ssh
|
||||
ufw reload
|
||||
Reference in New Issue
Block a user