Update something
This commit is contained in:
parent
e2770b318f
commit
5f5e43f781
4 changed files with 364 additions and 0 deletions
135
jupyter-notebook.sh
Normal file
135
jupyter-notebook.sh
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
#!/bin/bash
|
||||||
|
################################################################################
|
||||||
|
# Script: jupyter-notebook.sh
|
||||||
|
# Author: Eric Ruzanski
|
||||||
|
# Description: This script installs and configures the classic Jupyter Notebook,
|
||||||
|
# serves it securely via an Nginx reverse proxy, and makes it
|
||||||
|
# accessible through a web browser via the provided domain or
|
||||||
|
# default reverse DNS (rDNS) of the Linode. If the Linode is ever
|
||||||
|
# rebooted, or Jupyter Notebook stops running, simply start
|
||||||
|
# Jupyter Notebook from the command line using 'jupyter notebook &'.
|
||||||
|
#
|
||||||
|
# GitHub Repository:
|
||||||
|
# https://github.com/ericruzanski/StackScripts/blob/main/jupyter-notebook.sh
|
||||||
|
#
|
||||||
|
# Jupyter Notebook Docs:
|
||||||
|
# https://jupyter-notebook.readthedocs.io/en/latest/
|
||||||
|
#
|
||||||
|
# Disclaimer: This script is provided as-is without any warranties.
|
||||||
|
################################################################################
|
||||||
|
## Jupyter Notebook Settings
|
||||||
|
#<UDF name="notebook_password" label="Jupyter Notebook Password" example="s3cure_p4ssw0rd">
|
||||||
|
#<UDF name="soa_email_address" label="Email address (for the Let's Encrypt SSL certificate)" example="user@domain.tld">
|
||||||
|
## Linode/SSH Security Settings
|
||||||
|
#<UDF name="username" label="The limited sudo user to be created for the Linode" default="">
|
||||||
|
#<UDF name="password" label="The password for the limited sudo user" example="an0th3r_s3cure_p4ssw0rd" default="">
|
||||||
|
#<UDF name="pubkey" label="The SSH Public Key that will be used to access the Linode" default="">
|
||||||
|
#<UDF name="disable_root" label="Disable root access over SSH?" oneOf="Yes,No" default="No">
|
||||||
|
## Domain Settings
|
||||||
|
#<UDF name="token_password" label="Your Linode API token. This is needed to create your server's DNS records" default="">
|
||||||
|
#<UDF name="subdomain" label="Subdomain" example="The subdomain for the DNS record: www (Requires Domain)" default="">
|
||||||
|
#<UDF name="domain" label="Domain" example="The domain for the DNS record: example.com (Requires API token)" default="">
|
||||||
|
## Enable logging
|
||||||
|
set -x
|
||||||
|
exec > >(tee /dev/ttyS0 /var/log/stackscript.log) 2>&1
|
||||||
|
## Import the Bash StackScript Library
|
||||||
|
source <ssinclude StackScriptID=1>
|
||||||
|
## Import the DNS/API Functions Library
|
||||||
|
source <ssinclude StackScriptID=632759>
|
||||||
|
## Import the OCA Helper Functions
|
||||||
|
source <ssinclude StackScriptID=401712>
|
||||||
|
## Run initial configuration tasks (DNS/SSH stuff, etc...)
|
||||||
|
source <ssinclude StackScriptID=666912>
|
||||||
|
## Register default rDNS
|
||||||
|
export DEFAULT_RDNS=$(dnsdomainname -A | awk '{print $1}')
|
||||||
|
## Set absolute domain if any, otherwise use DEFAULT_RDNS
|
||||||
|
if [[ $DOMAIN = "" ]]; then
|
||||||
|
readonly ABS_DOMAIN="$DEFAULT_RDNS"
|
||||||
|
elif [[ $SUBDOMAIN = "" ]]; then
|
||||||
|
readonly ABS_DOMAIN="$DOMAIN"
|
||||||
|
else
|
||||||
|
readonly ABS_DOMAIN="$SUBDOMAIN.$DOMAIN"
|
||||||
|
fi
|
||||||
|
create_a_record $SUBDOMAIN $IP $DOMAIN
|
||||||
|
## Update system, set hostname & install basic security
|
||||||
|
set_hostname
|
||||||
|
apt_setup_update
|
||||||
|
ufw_install
|
||||||
|
fail2ban_install
|
||||||
|
## Add UFW rules
|
||||||
|
ufw allow http
|
||||||
|
ufw allow https
|
||||||
|
ufw allow 8888
|
||||||
|
## Prepare the Python venv
|
||||||
|
apt-get install python3-venv python3-pip -y
|
||||||
|
mkdir /root/jupyter-notebook
|
||||||
|
mkdir /opt/notebooks
|
||||||
|
python3 -m venv /root/jupyter-notebook
|
||||||
|
source /root/jupyter-notebook/bin/activate
|
||||||
|
python3 -m pip install notebook
|
||||||
|
# Configure Jupyter Notebook
|
||||||
|
jupyter notebook --generate-config
|
||||||
|
CONFIG_FILE="/root/.jupyter/jupyter_notebook_config.py"
|
||||||
|
HASHED_PASSWORD=$(python3 -c "from jupyter_server.auth import passwd; print(passwd('$NOTEBOOK_PASSWORD'))")
|
||||||
|
sudo tee -a $CONFIG_FILE <<EOF
|
||||||
|
c.NotebookApp.notebook_dir = '/opt/notebooks'
|
||||||
|
c.NotebookApp.open_browser = False
|
||||||
|
c.NotebookApp.password = u'$HASHED_PASSWORD'
|
||||||
|
c.NotebookApp.allow_origin = '*'
|
||||||
|
c.NotebookApp.allow_root = True
|
||||||
|
c.NotebookApp.trust_xheaders = True
|
||||||
|
EOF
|
||||||
|
deactivate
|
||||||
|
## Install NGINX reverse-proxy
|
||||||
|
apt-get install nginx -y
|
||||||
|
# Configure NGINX reverse proxy
|
||||||
|
rm /etc/nginx/sites-enabled/default
|
||||||
|
touch /etc/nginx/sites-available/reverse-proxy.conf
|
||||||
|
cat <<END > /etc/nginx/sites-available/reverse-proxy.conf
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name ${ABS_DOMAIN};
|
||||||
|
access_log /var/log/nginx/reverse-access.log;
|
||||||
|
error_log /var/log/nginx/reverse-error.log;
|
||||||
|
location /wss/ {
|
||||||
|
proxy_pass http://127.0.0.1:8888;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_read_timeout 86400;
|
||||||
|
}
|
||||||
|
location /api/kernels/ {
|
||||||
|
proxy_pass http://127.0.0.1:8888;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_read_timeout 86400;
|
||||||
|
}
|
||||||
|
location /terminals/ {
|
||||||
|
proxy_pass http://127.0.0.1:8888;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
proxy_read_timeout 86400;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8888;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
END
|
||||||
|
ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
|
||||||
|
# Enable and start NGINX
|
||||||
|
systemctl enable nginx
|
||||||
|
systemctl restart nginx
|
||||||
|
sleep 90
|
||||||
|
## Configure SSL
|
||||||
|
apt-get install python3-certbot-nginx -y
|
||||||
|
certbot run --non-interactive --nginx --agree-tos --redirect -d ${ABS_DOMAIN} -m ${SOA_EMAIL_ADDRESS} -w /var/www/html/
|
||||||
|
## Cleanup
|
||||||
|
stackscript_cleanup
|
||||||
|
## Start Jupyter Notebook
|
||||||
|
source /root/jupyter-notebook/bin/activate
|
||||||
|
jupyter notebook
|
34
kali-gui-linode.sh
Normal file
34
kali-gui-linode.sh
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
# Install Xfce desktop environment and related packages
|
||||||
|
apt-get update -y
|
||||||
|
apt-get install -y xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils
|
||||||
|
# Install and configure Xrdp
|
||||||
|
apt-get install -y xrdp
|
||||||
|
sed -i 's/3389/3390/g' /etc/xrdp/xrdp.ini
|
||||||
|
systemctl enable xrdp
|
||||||
|
systemctl restart xrdp
|
||||||
|
# Open firewall ports
|
||||||
|
ufw allow 3390/tcp
|
||||||
|
# Create user with password
|
||||||
|
useradd -m -s /bin/bash username
|
||||||
|
echo "username:password" | chpasswd
|
||||||
|
# Set up VNC server
|
||||||
|
apt-get install -y tightvncserver
|
||||||
|
su -c "echo 'password' | vncpasswd -f > ~/.vnc/passwd" username
|
||||||
|
chmod 0600 /home/username/.vnc/passwd
|
||||||
|
echo "#!/bin/sh" > /etc/init.d/vncserver
|
||||||
|
echo "" >> /etc/init.d/vncserver
|
||||||
|
echo "export USER='username'" >> /etc/init.d/vncserver
|
||||||
|
echo "eval cd ~\$USER" >> /etc/init.d/vncserver
|
||||||
|
echo "" >> /etc/init.d/vncserver
|
||||||
|
echo "/usr/bin/vncserver :1 -geometry 1280x720 -depth 16 -localhost" >> /etc/init.d/vncserver
|
||||||
|
echo "" >> /etc/init.d/vncserver
|
||||||
|
chmod +x /etc/init.d/vncserver
|
||||||
|
update-rc.d vncserver defaults
|
||||||
|
# Clean up
|
||||||
|
apt-get clean
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
# Reboot the system
|
||||||
|
shutdown -r now
|
40
shadowsocks-server.sh
Normal file
40
shadowsocks-server.sh
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# <UDF name="SERVER_PORT" Label="Shadowsocks Server Port" default="8388" />
|
||||||
|
# <UDF name="LOCAL_ADDRESS" Label="Local Address" default="127.0.0.1" />
|
||||||
|
# <UDF name="LOCAL_PORT" Label="Local Port" default="1080" />
|
||||||
|
# <UDF name="PASSWORD" Label="Password" />
|
||||||
|
# <UDF name="METHOD" Label="Method" default="rc4-md5" />
|
||||||
|
# <UDF name="L2TP_USERNAME" Label="L2TP Username" default="" />
|
||||||
|
# <UDF name="L2TP_PASSWORD" Label="L2TP Password" default="" />
|
||||||
|
# <UDF name="L2TP_PSK" Label="L2TP PSK" default="" />
|
||||||
|
cat >>/etc/gai.conf<<EOF
|
||||||
|
precedence ::ffff:0:0/96 100
|
||||||
|
EOF
|
||||||
|
sudo apt-get update
|
||||||
|
sudo apt-get install -y python-pip
|
||||||
|
pip install --upgrade pip
|
||||||
|
sudo pip install shadowsocks
|
||||||
|
sudo apt-get install -y python-m2crypto
|
||||||
|
cat >>/etc/shadowsocks.json<<EOF
|
||||||
|
{
|
||||||
|
"server":"0.0.0.0",
|
||||||
|
"server_port":$SERVER_PORT,
|
||||||
|
"password":"$PASSWORD",
|
||||||
|
"local_address":"$LOCAL_ADDRESS",
|
||||||
|
"local_port":$LOCAL_PORT,
|
||||||
|
"method":"$METHOD",
|
||||||
|
"timeout":300
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
sudo chmod 755 /etc/shadowsocks.json
|
||||||
|
cat >>/etc/rc.local<<EOF
|
||||||
|
/usr/local/bin/ssserver –c /etc/shadowsocks.json
|
||||||
|
EOF
|
||||||
|
sudo ssserver -c /etc/shadowsocks.json -d start
|
||||||
|
wget https://git.io/vpnsetup -O vpnsetup.sh
|
||||||
|
sudo VPN_IPSEC_PSK=$L2TP_PSK VPN_USER=$L2TP_USERNAME VPN_PASSWORD=$L2TP_PASSWORD sh vpnsetup.sh
|
||||||
|
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
|
||||||
|
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
|
||||||
|
sysctl -p
|
||||||
|
reboot
|
155
wazuh.sh
Normal file
155
wazuh.sh
Normal file
|
@ -0,0 +1,155 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# #<UDF name="soa_email_address" label="Email address (for the Let's Encrypt SSL certificate)" example="user@domain.tld">
|
||||||
|
## Linode/SSH Security Settings
|
||||||
|
#<UDF name="username" label="The limited sudo user to be created for the Linode" default="">
|
||||||
|
#<UDF name="password" label="The password for the limited sudo user" example="an0th3r_s3cure_p4ssw0rd" default="">
|
||||||
|
#<UDF name="pubkey" label="The SSH Public Key that will be used to access the Linode" default="">
|
||||||
|
#<UDF name="disable_root" label="Disable root access over SSH?" oneOf="Yes,No" default="No">
|
||||||
|
## Domain Settings
|
||||||
|
#<UDF name="token_password" label="Your Linode API token. This is needed to create your WordPress server's DNS records" default="">
|
||||||
|
#<UDF name="subdomain" label="Subdomain" example="The subdomain for the DNS record: www (Requires Domain)" default="">
|
||||||
|
#<UDF name="domain" label="Domain" example="The domain for the DNS record: example.com (Requires API token)" default="">
|
||||||
|
## Enable logging
|
||||||
|
set -xo pipefail
|
||||||
|
exec > >(tee /dev/ttyS0 /var/log/stackscript.log) 2>&1
|
||||||
|
## Import the Bash StackScript Library
|
||||||
|
source <ssinclude StackScriptID=1>
|
||||||
|
## Import the DNS/API Functions Library
|
||||||
|
source <ssinclude StackScriptID=632759>
|
||||||
|
## Import the OCA Helper Functions
|
||||||
|
source <ssinclude StackScriptID=401712>
|
||||||
|
## Run initial configuration tasks (DNS/SSH stuff, etc...)
|
||||||
|
source <ssinclude StackScriptID=666912>
|
||||||
|
# UFW https://documentation.wazuh.com/current/getting-started/architecture.html
|
||||||
|
ufw allow 1514
|
||||||
|
ufw allow 1515
|
||||||
|
ufw allow 1516
|
||||||
|
ufw allow 514
|
||||||
|
ufw allow 55000
|
||||||
|
ufw allow 443
|
||||||
|
ufw allow 80
|
||||||
|
ufw allow 9200
|
||||||
|
ufw allow 9300
|
||||||
|
# Prereqs & Wazuh Install
|
||||||
|
apt install -y curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release gnupg2 default-jre
|
||||||
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo apt-key add -
|
||||||
|
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee /etc/apt/sources.list.d/wazuh.list
|
||||||
|
apt_setup_update
|
||||||
|
apt install -y wazuh-manager
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable --now wazuh-manager
|
||||||
|
# Elastic
|
||||||
|
apt install -y elasticsearch-oss opendistroforelasticsearch
|
||||||
|
curl -so /etc/elasticsearch/elasticsearch.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/7.x/elasticsearch_all_in_one.yml
|
||||||
|
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles.yml
|
||||||
|
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles_mapping.yml
|
||||||
|
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/internal_users.yml
|
||||||
|
rm -f /etc/elasticsearch/{esnode-key.pem,esnode.pem,kirk-key.pem,kirk.pem,root-ca.pem}
|
||||||
|
curl -so ~/wazuh-cert-tool.sh https://packages.wazuh.com/resources/4.2/open-distro/tools/certificate-utility/wazuh-cert-tool.sh
|
||||||
|
curl -so ~/instances.yml https://packages.wazuh.com/resources/4.2/open-distro/tools/certificate-utility/instances_aio.yml
|
||||||
|
bash ~/wazuh-cert-tool.sh
|
||||||
|
mkdir /etc/elasticsearch/certs/
|
||||||
|
mv ~/certs/elasticsearch* /etc/elasticsearch/certs/
|
||||||
|
mv ~/certs/admin* /etc/elasticsearch/certs/
|
||||||
|
cp ~/certs/root-ca* /etc/elasticsearch/certs/
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable elasticsearch
|
||||||
|
systemctl start elasticsearch
|
||||||
|
export JAVA_HOME=/usr/share/elasticsearch/jdk/ && /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem -cert /etc/elasticsearch/certs/admin.pem -key /etc/elasticsearch/certs/admin-key.pem
|
||||||
|
# FOR TESTING
|
||||||
|
curl -XGET https://localhost:9200 -u admin:admin -k
|
||||||
|
# Filebeat
|
||||||
|
apt install -y filebeat
|
||||||
|
curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/resources/4.2/open-distro/filebeat/7.x/filebeat_all_in_one.yml
|
||||||
|
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json
|
||||||
|
chmod go+r /etc/filebeat/wazuh-template.json
|
||||||
|
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz | tar -xvz -C /usr/share/filebeat/module
|
||||||
|
mkdir /etc/filebeat/certs
|
||||||
|
cp ~/certs/root-ca.pem /etc/filebeat/certs/
|
||||||
|
mv ~/certs/filebeat* /etc/filebeat/certs/
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable filebeat
|
||||||
|
systemctl start filebeat
|
||||||
|
# TESTING
|
||||||
|
filebeat test output
|
||||||
|
# Kibana
|
||||||
|
apt install -y opendistroforelasticsearch-kibana
|
||||||
|
curl -so /etc/kibana/kibana.yml https://packages.wazuh.com/resources/4.2/open-distro/kibana/7.x/kibana_all_in_one.yml
|
||||||
|
mkdir /usr/share/kibana/data
|
||||||
|
chown -R kibana:kibana /usr/share/kibana/data
|
||||||
|
cd /usr/share/kibana
|
||||||
|
sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zip
|
||||||
|
mkdir /etc/kibana/certs
|
||||||
|
cp ~/certs/root-ca.pem /etc/kibana/certs/
|
||||||
|
mv ~/certs/kibana* /etc/kibana/certs/
|
||||||
|
chown kibana:kibana /etc/kibana/certs/*
|
||||||
|
setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable kibana
|
||||||
|
systemctl start kibana
|
||||||
|
# Get Passwords
|
||||||
|
cd && curl -so wazuh-passwords-tool.sh https://packages.wazuh.com/resources/4.2/open-distro/tools/wazuh-passwords-tool.sh
|
||||||
|
#bash wazuh-passwords-tool.sh -a > .wazuh_creds.txt
|
||||||
|
# NGINX
|
||||||
|
apt install git nginx certbot python3-certbot-nginx -y
|
||||||
|
mkdir -p /var/www/certs/.well-known
|
||||||
|
chown -R www-data:www-data /var/www/certs/
|
||||||
|
cat <<EOF > /etc/nginx/sites-available/$FQDN
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name $FQDN;
|
||||||
|
root /var/www/certs;
|
||||||
|
location / {
|
||||||
|
try_files \$uri \$uri/ =404;
|
||||||
|
}
|
||||||
|
# allow .well-known
|
||||||
|
location ^~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
auth_basic off;
|
||||||
|
alias /var/www/certs/.well-known;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
ln -s /etc/nginx/sites-available/$FQDN /etc/nginx/sites-enabled/$FQDN
|
||||||
|
unlink /etc/nginx/sites-enabled/default
|
||||||
|
systemctl restart nginx
|
||||||
|
# SSL Certbot
|
||||||
|
certbot certonly --agree-tos --webroot --webroot-path=/var/www/certs -d $FQDN -m $SOA_EMAIL_ADDRESS
|
||||||
|
# Set Variables
|
||||||
|
export KIBANA_FULL=/etc/kibana/certs/fullchain.pem
|
||||||
|
export KIBANA_PRIVKEY=/etc/kibana/certs/privkey.pem
|
||||||
|
export FULLCHAIN=/etc/letsencrypt/live/$FQDN/fullchain.pem
|
||||||
|
export PRIVKEY=/etc/letsencrypt/live/$FQDN/privkey.pem
|
||||||
|
# Place certificates in /etc/kibana/kibana.yml
|
||||||
|
cat $FULLCHAIN > $KIBANA_FULL
|
||||||
|
cat $PRIVKEY > $KIBANA_PRIVKEY
|
||||||
|
# Update kibana config to point to letsencrypt certs
|
||||||
|
sed -i -e "s/kibana-key.pem/privkey.pem/" /etc/kibana/kibana.yml
|
||||||
|
sed -i -e "s/kibana.pem/fullchain.pem/" /etc/kibana/kibana.yml
|
||||||
|
# Restart Kibana
|
||||||
|
service kibana restart
|
||||||
|
# Create Cert renewal cron script
|
||||||
|
cat <<END >/root/certbot-kibana-renewal.sh
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Script to handle Certbot renewal & Kibana
|
||||||
|
# Debug
|
||||||
|
# set -xo pipefail
|
||||||
|
export KIBANA_FULL=/etc/kibana/certs/fullchain.pem
|
||||||
|
export KIBANA_PRIVKEY=/etc/kibana/certs/privkey.pem
|
||||||
|
export FULLCHAIN=/etc/letsencrypt/live/$FQDN/fullchain.pem
|
||||||
|
export PRIVKEY=/etc/letsencrypt/live/$FQDN/privkey.pem
|
||||||
|
certbot renew
|
||||||
|
cat \$FULLCHAIN > \$KIBANA_FULL
|
||||||
|
cat \$PRIVKEY > \$KIBANA_PRIVKEY
|
||||||
|
service kibana restart
|
||||||
|
END
|
||||||
|
chmod +x /root/certbot-kibana-renewal.sh
|
||||||
|
# Setup Cron
|
||||||
|
crontab -l > cron
|
||||||
|
echo "* 1 * * 1 bash /root/certbot-kibana-renewal.sh" >> cron
|
||||||
|
crontab cron
|
||||||
|
rm cron
|
||||||
|
# Cleanup
|
||||||
|
stackscript_cleanup
|
Loading…
Reference in a new issue