From 1f77c3c4ba51849657379669f64cdf155b4449a2 Mon Sep 17 00:00:00 2001 From: itiligent Date: Sun, 10 Sep 2023 00:01:25 +1000 Subject: [PATCH] rename log file --- 1-setup.sh | 44 +++++++++++------------ 2-install-guacamole.sh | 56 ++++++++++++++--------------- 3-install-nginx.sh | 12 +++---- 4a-install-tls-self-signed-nginx.sh | 14 ++++---- 4b-install-tls-letsencrypt-nginx.sh | 16 ++++----- 5 files changed, 71 insertions(+), 71 deletions(-) diff --git a/1-setup.sh b/1-setup.sh index e8b4cd6..fe2c2ee 100644 --- a/1-setup.sh +++ b/1-setup.sh @@ -112,7 +112,7 @@ fi # TOMCAT_VERSION="tomcat9" # Install log Location -LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log" +INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log" # Guacamole default install URL GUAC_URL=http://localhost:8080/guacamole/ @@ -282,18 +282,18 @@ if [[ -z ${SERVER_NAME} ]]; then echo # A SERVER_NAME was derived via the prompt # Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references - sudo hostnamectl set-hostname $SERVER_NAME &>>${LOG_LOCATION} - sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${LOG_LOCATION} - echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION} - sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION} + sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG} + sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG} + echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG} + sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG} else echo # A SERVER_NAME value was derived from a pre-set silent install option. # Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references - sudo hostnamectl set-hostname $SERVER_NAME &>>${LOG_LOCATION} - sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${LOG_LOCATION} - echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION} - sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION} + sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG} + sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG} + echo '127.0.1.1 '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG} + sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG} fi # Ensure SERVER_NAME, LOCAL_DOMAIN suffix and host entries are all consistent @@ -311,11 +311,11 @@ if [[ -z ${LOCAL_DOMAIN} ]]; then sudo sed -i '/domain/d' /etc/resolv.conf sudo sed -i '/search/d' /etc/resolv.conf # Refresh the /etc/hosts file with the server name and new local domain value - echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION} + echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG} # Refresh /etc/resolv.conf with new domain and search suffix values - echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION} - echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION} - sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION} + echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG} + echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG} + sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG} else echo # A LOCAL_DOMIN value was derived from a pre-set silent install option. @@ -324,11 +324,11 @@ else sudo sed -i '/domain/d' /etc/resolv.conf sudo sed -i '/search/d' /etc/resolv.conf # Refresh the /etc/hosts file with the server name and new local domain value - echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${LOG_LOCATION} + echo ''${DEFAULT_IP}' '${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG} # Refresh /etc/resolv.conf with new domain and search suffix values - echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION} - echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${LOG_LOCATION} - sudo systemctl restart systemd-hostnamed &>>${LOG_LOCATION} + echo 'domain '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG} + echo 'search '${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG} + sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG} fi # Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed: @@ -643,13 +643,13 @@ if [[ $OS_FLAVOUR == "ubuntu" ]] || [[ $OS_FLAVOUR == *"ubuntu"* ]]; then # pote JPEGTURBO="libjpeg-turbo8-dev" LIBPNG="libpng-dev" # Just in case this repo is not added by default in the distro - sudo add-apt-repository -y universe &>>${LOG_LOCATION} + sudo add-apt-repository -y universe &>>${INSTALL_LOG} elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # expand distro choices here if required JPEGTURBO="libjpeg62-turbo-dev" LIBPNG="libpng-dev" fi if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -700,7 +700,7 @@ export MYSQL_VERSION=$MYSQL_VERSION export MYSQLSRV="${MYSQLSRV}" export MYSQLCLIENT="${MYSQLCLIENT}" export TOMCAT_VERSION=$TOMCAT_VERSION -export LOG_LOCATION=$LOG_LOCATION +export INSTALL_LOG=$INSTALL_LOG export GUAC_URL=$GUAC_URL export JPEGTURBO=$JPEGTURBO export LIBPNG=$LIBPNG @@ -735,7 +735,7 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}" # Run the Guacamole install script sudo -E ./2-install-guacamole.sh if [ $? -ne 0 ]; then - echo -e "${LRED}2-install-guacamole.sh FAILED. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 elif [ "${CHANGE_ROOT}" = true ]; then echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}" @@ -767,7 +767,7 @@ fi # Apply self signed TLS certificates to Nginx reverse proxy if option is selected if [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = true ]]; then - sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${LOG_LOCATION} + sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG} echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}" fi diff --git a/2-install-guacamole.sh b/2-install-guacamole.sh index 08b3179..f4e7d9e 100644 --- a/2-install-guacamole.sh +++ b/2-install-guacamole.sh @@ -33,10 +33,10 @@ fi # Update everything but don't do the annoying prompts during apt installs echo -e "${GREY}Updating base Linux OS..." export DEBIAN_FRONTEND=noninteractive -apt-get update -qq &>>${LOG_LOCATION} -apt-get upgrade -qq -y &>>${LOG_LOCATION} +apt-get update -qq &>>${INSTALL_LOG} +apt-get upgrade -qq -y &>>${INSTALL_LOG} if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -48,16 +48,16 @@ echo -e "${GREY}Installing dependencies required for building Guacamole, this mi if [ -n "${MYSQL_VERSION}" ]; then # Add the Official MariaDB repo. - apt-get -qq -y install curl gnupg2 &>>${LOG_LOCATION} - curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${LOG_LOCATION} - bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${LOG_LOCATION} + apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG} + curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG} + bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG} fi apt-get -qq -y install ${JPEGTURBO} ${LIBPNG} ufw htop pwgen wget crudini expect build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev \ - libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>>${LOG_LOCATION} + libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>>${INSTALL_LOG} if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -66,9 +66,9 @@ fi # Install Postfix with default settings for smtp email relay echo echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..." -DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${LOG_LOCATION} +DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG} if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -223,7 +223,7 @@ echo -e "${GREY}Compiling Guacamole-Server from source with with GCC $(gcc --ver export CFLAGS="-Wno-error" # Configure Guacamole Server source -./configure --with-systemd-dir=/etc/systemd/system &>>${LOG_LOCATION} +./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG} if [ $? -ne 0 ]; then echo "Failed to configure guacamole-server" echo "Trying again with --enable-allow-freerdp-snapshots" @@ -238,9 +238,9 @@ else fi echo -e "${GREY}Running make and building the Guacamole-Server application..." -make &>>${LOG_LOCATION} +make &>>${INSTALL_LOG} if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -248,10 +248,10 @@ else fi echo -e "${GREY}Installing Guacamole-Server..." -make install &>>${LOG_LOCATION} +make install &>>${INSTALL_LOG} ldconfig if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -273,7 +273,7 @@ echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/my mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar chmod 664 /etc/guacamole/lib/mysql-connector-java.jar if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -295,7 +295,7 @@ if [ "${INSTALL_TOTP}" = true ]; then mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/ chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -314,7 +314,7 @@ if [ "${INSTALL_DUO}" = true ]; then echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties echo -e "Duo auth is installed, it will need to be configured via guacamole.properties" if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -340,7 +340,7 @@ if [ "${INSTALL_LDAP}" = true ]; then echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -354,7 +354,7 @@ if [ "${INSTALL_QCONNECT}" = true ]; then mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/ chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -373,7 +373,7 @@ if [ "${INSTALL_HISTREC}" = true ]; then chmod 2750 ${HISTREC_PATH} echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -386,7 +386,7 @@ echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode them mv branding.jar /etc/guacamole/extensions chmod 664 /etc/guacamole/extensions/branding.jar if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -496,7 +496,7 @@ bind_host = 127.0.0.1 bind_port = 4822 EOF if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -509,7 +509,7 @@ systemctl enable guacd systemctl stop guacd 2>/dev/null systemctl start guacd if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -542,7 +542,7 @@ expect eof echo "$SECURE_MYSQL" systemctl restart mysql if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -573,7 +573,7 @@ if [ "${CHANGE_ROOT}" = true ]; then echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp systemctl start ${TOMCAT_VERSION} if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -590,7 +590,7 @@ echo "y" | sudo ufw enable >/dev/null 2>&1 # Reduce firewall logging noise sudo ufw logging off >/dev/null 2>&1 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -603,7 +603,7 @@ rm -rf mysql-connector-j-* rm -rf mariadb_repo_setup unset MYSQL_PWD if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" diff --git a/3-install-nginx.sh b/3-install-nginx.sh index 7594b33..3a56772 100644 --- a/3-install-nginx.sh +++ b/3-install-nginx.sh @@ -22,7 +22,7 @@ echo -e "${LGREEN}Installing Nginx...${DGREY}" echo # Install Nginx -sudo apt-get install nginx -qq -y &>>${LOG_LOCATION} +sudo apt-get install nginx -qq -y &>>${INSTALL_LOG} echo -e "${GREY}Configuring Nginx as a reverse proxy for Guacamole's Apache Tomcat front end...${DGREY}" # Configure /etc/nginx/sites-available/(local dns site name) @@ -44,7 +44,7 @@ server { } EOF if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -65,7 +65,7 @@ unlink /etc/nginx/sites-enabled/default echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}" sudo sed -i '/pattern="%h %l %u %t "%r" %s %b"/a \ \n ' /etc/$TOMCAT_VERSION/server.xml if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -77,7 +77,7 @@ sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}" if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -93,7 +93,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw delete allow 8080/tcp >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -106,7 +106,7 @@ sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart guacd sudo systemctl restart nginx if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" diff --git a/4a-install-tls-self-signed-nginx.sh b/4a-install-tls-self-signed-nginx.sh index 3c57610..8e2fc6a 100644 --- a/4a-install-tls-self-signed-nginx.sh +++ b/4a-install-tls-self-signed-nginx.sh @@ -72,7 +72,7 @@ echo echo "{$GREY}Creating a new Nginx TLS Certificate..." openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -87,7 +87,7 @@ sudo cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}" sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -103,7 +103,7 @@ sudo chown $SUDO_USER:root $TLSNAME.key echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak" cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -151,7 +151,7 @@ server { } EOF if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -167,7 +167,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw allow 443/tcp >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -180,7 +180,7 @@ sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart guacd sudo systemctl restart nginx if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -209,7 +209,7 @@ echo -e "(If certutil is not installed, run apt-get install libnss3-tools)" echo -e "mkdir -p $HOME/.pki/nssdb && certutil -d $HOME/.pki/nssdb -N" echo -e "certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,c" -n $TLSNAME -i $TLSNAME.crt" printf "+-------------------------------------------------------------------------------------------------------------\n" -echo -e "${LYELLOW}The above TLS browser config instructions are saved in ${LGREEN}$LOG_LOCATION${GREY}" +echo -e "${LYELLOW}The above TLS browser config instructions are saved in ${LGREEN}$INSTALL_LOG${GREY}" # Done echo -e ${NC} diff --git a/4b-install-tls-letsencrypt-nginx.sh b/4b-install-tls-letsencrypt-nginx.sh index f705579..c9f678c 100644 --- a/4b-install-tls-letsencrypt-nginx.sh +++ b/4b-install-tls-letsencrypt-nginx.sh @@ -22,15 +22,15 @@ echo -e "${LGREEN}Installing Let's Encrypt TLS configuration for Nginx...${GREY} echo # Install nginx -apt-get update -qq &>>${LOG_LOCATION} -apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${LOG_LOCATION} +apt-get update -qq &>>${INSTALL_LOG} +apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${INSTALL_LOG} # Backup the current Nginx config echo echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak" cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -58,7 +58,7 @@ server { } EOL if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -74,7 +74,7 @@ sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw allow 443/tcp >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -89,7 +89,7 @@ certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hs echo -e echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}" if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -111,7 +111,7 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'systemc crontab cron_1 rm cron_1 if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}" @@ -124,7 +124,7 @@ sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart guacd sudo systemctl restart nginx if [ $? -ne 0 ]; then - echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 + echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 exit 1 else echo -e "${LGREEN}OK${GREY}"