#!/bin/bash ###============================================================ ## Ubuntu 18.04 Master Installer ###============================================================ ## Zet comments hieronder: # # # ##============================================================= #install Cockpit Base apt install cockpit cockpit-packagekit -y #Login Limiter sed -i '/pam_sepermit.so/ i auth required pam_tally.so silent deny=4 unlock_time=90' /etc/pam.d/cockpit sed -i '/pam_shells.so/ i account required pam_tally2.so' /etc/pam.d/cockpit systemctl restart cockpit ufw enable ufw default deny incoming ufw default allow outgoing ufw limit ssh echo Welke webserver PS3='Keuze:' options=("Nginx-RevProx" "Cockpit-Eigen" "Quit") select opt in "${options[@]}" do case $opt in "Nginx-RevProx") echo Geef domein op read domain apt install nginx python-certbot-nginx -y mkdir -p /var/www/"$domain" chown nginx:nginx /var/www/"$domain" cat < /etc/nginx/sites-enabled/git map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream websocket { server 127.0.0.1:9090; } server { listen 80 server_name "$domain"; location / { proxy_pass http://websocket; proxy_http_version 1.1; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; # needed for websocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # change scheme of "Origin" to http proxy_set_header Origin http://$host; # Pass ETag header from cockpit to clients. # See: https://github.com/cockpit-project/cockpit/issues/5239 gzip off; } location /.well-known { alias /var/www/"$domain"/.well-known; } } EOF systemctl restart nginx certbot --nginx -d "$domain" --register-unsafely-without-email --agree-tos ufw allow 80/tcp ufw allow 443/tcp ufw reload break;; "Cockpit-Eigen") ufw allow 9090/tcp break;; "Quit") exit;; *) echo "Fout commando $REPLY";; esac done ufw limit ssh ufw reload