Work_Archive/VPS-scripts_Ubuntu-Cockpit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
Files
d2301d4ebc077f1ec8544d4c61c8de0938ce04c8
VPS-scripts_Ubuntu-Cockpit/Master-Installer.sh
bprieshof d2301d4ebc Update 'Master-Installer.sh'
2019-03-07 13:24:21 +01:00

91 lines
9.7 KiB
Bash
Raw Blame History

#!/bin/bash
###============================================================
## Ubuntu 18.04 Master Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
#install Cockpit Base
apt install cockpit cockpit-packagekit -y
#Login Limiter
sed -i '/pam_sepermit.so/ i auth required pam_tally.so silent deny=4 unlock_time=90' /etc/pam.d/cockpit
sed -i '/pam_shells.so/ i account required pam_tally2.so' /etc/pam.d/cockpit
systemctl restart cockpit
ufw enable
ufw default deny incoming
ufw default allow outgoing
ufw limit ssh
Echo Welke webserver
PS3='Keuze:'
options=("Nginx-RevProx" "Cockpit-Eigen" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Nginx-RevProx")
echo Geef domein op
read domain
apt install nginx python-certbot-nginx -y
mkdir -p /var/www/"$domain"
chown nginx:nginx /var/www/"$domain"
cat <<EOF > /etc/nginx/sites-enabled/git
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:9090;
}
server {
listen 80
server_name "$domain";
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# needed for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# change scheme of "Origin" to http
proxy_set_header Origin http://$host;
# Pass ETag header from cockpit to clients.
# See: https://github.com/cockpit-project/cockpit/issues/5239
gzip off;
}
location /.well-known {
alias /var/www/"$domain"/.well-known;
}
}
EOF
systemctl restart nginx
certbot --nginx -d "$domain" --register-unsafely-without-email --agree-tos
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
break;;
"Cockpit-Eigen")
ufw allow 9090/tcp
break;;
"Quit")
exit;;
*) echo "Fout commando $REPLY";;
esac
done
ufw limit ssh
ufw reload
Reference in New Issue View Git Blame Copy Permalink