someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-13 18:02:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

rename log file

Browse source
This commit is contained in:
itiligent 2023-09-10 00:01:25 +10:00
parent 4b8b5ab9b9
commit 1f77c3c4ba
5 changed files with 71 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
1-setup.sh
View file

@ -112,7 +112,7 @@ fi
# TOMCAT_VERSION="tomcat9"
# Install log Location
LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
# Guacamole default install URL
GUAC_URL=http://localhost:8080/guacamole/
@ -282,18 +282,18 @@ if [[ -z ${SERVER_NAME} ]]; then
echo
# A SERVER_NAME was derived via the prompt
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${LOG_LOCATION}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${LOG_LOCATION}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION}
sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION}
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
else
echo
# A SERVER_NAME value was derived from a pre-set silent install option.
# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
sudo hostnamectl set-hostname $SERVER_NAME &>>${LOG_LOCATION}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${LOG_LOCATION}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION}
sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION}
sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
fi
# Ensure SERVER_NAME, LOCAL_DOMAIN suffix and host entries are all consistent
@ -311,11 +311,11 @@ if [[ -z ${LOCAL_DOMAIN} ]]; then
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION}
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION}
sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION}
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
else
echo
# A LOCAL_DOMIN value was derived from a pre-set silent install option.
@ -324,11 +324,11 @@ else
sudo sed -i '/domain/d' /etc/resolv.conf
sudo sed -i '/search/d' /etc/resolv.conf
# Refresh the /etc/hosts file with the server name and new local domain value
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION}
echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
# Refresh /etc/resolv.conf with new domain and search suffix values
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION}
sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION}
echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
fi
# Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
@ -643,13 +643,13 @@ if [[ $OS_FLAVOUR == "ubuntu" ]] || [[ $OS_FLAVOUR == *"ubuntu"* ]]; then # pote
JPEGTURBO="libjpeg-turbo8-dev"
LIBPNG="libpng-dev"
# Just in case this repo is not added by default in the distro
sudo add-apt-repository -y universe &>>${LOG_LOCATION}
sudo add-apt-repository -y universe &>>${INSTALL_LOG}
elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # expand distro choices here if required
JPEGTURBO="libjpeg62-turbo-dev"
LIBPNG="libpng-dev"
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -700,7 +700,7 @@ export MYSQL_VERSION=$MYSQL_VERSION
export MYSQLSRV="${MYSQLSRV}"
export MYSQLCLIENT="${MYSQLCLIENT}"
export TOMCAT_VERSION=$TOMCAT_VERSION
export LOG_LOCATION=$LOG_LOCATION
export INSTALL_LOG=$INSTALL_LOG
export GUAC_URL=$GUAC_URL
export JPEGTURBO=$JPEGTURBO
export LIBPNG=$LIBPNG
@ -735,7 +735,7 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}"
# Run the Guacamole install script
sudo -E ./2-install-guacamole.sh
if [ $? -ne 0 ]; then
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
elif [ "${CHANGE_ROOT}" = true ]; then
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
@ -767,7 +767,7 @@ fi
# Apply self signed TLS certificates to Nginx reverse proxy if option is selected
if [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = true ]]; then
sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${LOG_LOCATION}
sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG}
echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi

56
2-install-guacamole.sh
View file

@ -33,10 +33,10 @@ fi
# Update everything but don't do the annoying prompts during apt installs
echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${LOG_LOCATION}
apt-get upgrade -qq -y &>>${LOG_LOCATION}
apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -48,16 +48,16 @@ echo -e "${GREY}Installing dependencies required for building Guacamole, this mi
if [ -n "${MYSQL_VERSION}" ]; then
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${LOG_LOCATION}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${LOG_LOCATION}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${LOG_LOCATION}
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
fi
apt-get -qq -y install ${JPEGTURBO} ${LIBPNG} ufw htop pwgen wget crudini expect build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev \
libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>>${LOG_LOCATION}
libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -66,9 +66,9 @@ fi
# Install Postfix with default settings for smtp email relay
echo
echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${LOG_LOCATION}
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -223,7 +223,7 @@ echo -e "${GREY}Compiling Guacamole-Server from source with with GCC $(gcc --ver
export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${LOG_LOCATION}
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
@ -238,9 +238,9 @@ else
fi
echo -e "${GREY}Running make and building the Guacamole-Server application..."
make &>>${LOG_LOCATION}
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -248,10 +248,10 @@ else
fi
echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${LOG_LOCATION}
make install &>>${INSTALL_LOG}
ldconfig
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -273,7 +273,7 @@ echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/my
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -295,7 +295,7 @@ if [ "${INSTALL_TOTP}" = true ]; then
mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -314,7 +314,7 @@ if [ "${INSTALL_DUO}" = true ]; then
echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -340,7 +340,7 @@ if [ "${INSTALL_LDAP}" = true ]; then
echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -354,7 +354,7 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -373,7 +373,7 @@ if [ "${INSTALL_HISTREC}" = true ]; then
chmod 2750 ${HISTREC_PATH}
echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -386,7 +386,7 @@ echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode them
mv branding.jar /etc/guacamole/extensions
chmod 664 /etc/guacamole/extensions/branding.jar
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -496,7 +496,7 @@ bind_host = 127.0.0.1
bind_port = 4822
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -509,7 +509,7 @@ systemctl enable guacd
systemctl stop guacd 2>/dev/null
systemctl start guacd
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -542,7 +542,7 @@ expect eof
echo "$SECURE_MYSQL"
systemctl restart mysql
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -573,7 +573,7 @@ if [ "${CHANGE_ROOT}" = true ]; then
echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -590,7 +590,7 @@ echo "y" | sudo ufw enable >/dev/null 2>&1
# Reduce firewall logging noise
sudo ufw logging off >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -603,7 +603,7 @@ rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup
unset MYSQL_PWD
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"

12
3-install-nginx.sh
View file

@ -22,7 +22,7 @@ echo -e "${LGREEN}Installing Nginx...${DGREY}"
echo
# Install Nginx
sudo apt-get install nginx -qq -y &>>${LOG_LOCATION}
sudo apt-get install nginx -qq -y &>>${INSTALL_LOG}
echo -e "${GREY}Configuring Nginx as a reverse proxy for Guacamole's Apache Tomcat front end...${DGREY}"
# Configure /etc/nginx/sites-available/(local dns site name)
@ -44,7 +44,7 @@ server {
}
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -65,7 +65,7 @@ unlink /etc/nginx/sites-enabled/default
echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}"
sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a \ <!-- Allow host IP to pass through to guacamole.-->\n <Valve className="org.apache.catalina.valves.RemoteIpValve"\n internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n remoteIpHeader="x-forwarded-for"\n remoteIpProxiesHeader="x-forwarded-by"\n protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -77,7 +77,7 @@ sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf
sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size
echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -93,7 +93,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw delete allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -106,7 +106,7 @@ sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"

14
4a-install-tls-self-signed-nginx.sh
View file

@ -72,7 +72,7 @@ echo
echo "{$GREY}Creating a new Nginx TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -87,7 +87,7 @@ sudo cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -103,7 +103,7 @@ sudo chown $SUDO_USER:root $TLSNAME.key
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak"
cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -151,7 +151,7 @@ server {
}
EOF
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -167,7 +167,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -180,7 +180,7 @@ sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -209,7 +209,7 @@ echo -e "(If certutil is not installed, run apt-get install libnss3-tools)"
echo -e "mkdir -p $HOME/.pki/nssdb && certutil -d $HOME/.pki/nssdb -N"
echo -e "certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,c" -n $TLSNAME -i $TLSNAME.crt"
printf "+-------------------------------------------------------------------------------------------------------------\n"
echo -e "${LYELLOW}The above TLS browser config instructions are saved in ${LGREEN}$LOG_LOCATION${GREY}"
echo -e "${LYELLOW}The above TLS browser config instructions are saved in ${LGREEN}$INSTALL_LOG${GREY}"
# Done
echo -e ${NC}

16
4b-install-tls-letsencrypt-nginx.sh
View file

@ -22,15 +22,15 @@ echo -e "${LGREEN}Installing Let's Encrypt TLS configuration for Nginx...${GREY}
echo
# Install nginx
apt-get update -qq &>>${LOG_LOCATION}
apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${LOG_LOCATION}
apt-get update -qq &>>${INSTALL_LOG}
apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${INSTALL_LOG}
# Backup the current Nginx config
echo
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -58,7 +58,7 @@ server {
}
EOL
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -74,7 +74,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -89,7 +89,7 @@ certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hs
echo -e
echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}"
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -111,7 +111,7 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'systemc
crontab cron_1
rm cron_1
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -124,7 +124,7 @@ sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"