Day: July 27, 2020

Install and configure webmin with SSL (debian)

Akash Uncategorized 
1. Create repository for webmin  
        #echo "deb https://download.webmin.com/download/repository sarge contrib" >> webmin.list      
   
2. Fech and install the GPG key for the repository
       #cd /root
       #wget https://download.webmin.com/jcameron-key.asc
       #apt-key add jcameron-key.asc

3. Install webmin
       #apt-get install apt-transport-https
       #apt-get update
       #apt-get install webmin
       If Debian complains about missing dependencies, you can install them with the command
       #apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python

4. Manage SSL certificate for webmin (by using existing SSL certifcates)
      #cat /etc/ssl/certs/web/mydomain.com/privkey.pem > /etc/webmin/miniserv.pem
      #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /etc/webmin/miniserv.pem
      #systemctl restart webmin

5. Configure apache2 for SSL certificate and redirection
      Create a file /etc/apache2/sites-available/webmin.conf and and put the entries given below

         <VirtualHost *:80>
         ServerName webmin.mydomain.com
         Redirect permanent / https://webmin.mydomain.com/
         </VirtualHost>

         <IfModule mod_ssl.c>
         <VirtualHost *:443>
         ServerName webmin.mydomain.com
         SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
         SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
         Include /etc/letsencrypt/options-ssl-apache.conf
         ProxyPreserveHost On
         ProxyRequests Off
         SSLProxyEngine On

         # allow for upgrading to websockets
         RewriteEngine On
         RewriteCond %{HTTP:Upgrade} =websocket [NC]
         RewriteRule /(.*) ws://127.0.0.1:10000/$1 [P,L]
         RewriteCond %{HTTP:Upgrade} !=websocket [NC]
         RewriteRule /(.*) https://127.0.0.1:10000/$1 [P,L]

         # Proxy to your local webmin instance
         ProxyPass / https://127.0.0.1:10000/
         ProxyPassReverse / https://127.0.0.1:10000/

         </VirtualHost>
         </IfModule>

6. Configure IPTables to drop requests on 4200 from world
      #iptables -A INPUT -p tcp -s 127.0.0.1 --dport 10000 -j ACCEPT
      #iptables -A INPUT -p tcp --dport 10000 -j DROP

7.  Enable Apache Configuration         
     #ln -s /etc/apache2/sites-available/webmin.conf /etc/apache2/sites-enabled/webmin.conf        
     #systemctl reload apache2

 

Summary:
After this setup webmin will be available only on https://wembin.mydomain.com and https://webmin.mydomain.com:10000 will not work

 

 

 

Install and configure shellinabox (web terminal) with SSL (debian)

Akash Uncategorized 
1. Install the package shellinabox which is present in repository
         #sudo apt-get install shellinabox

2. Check settings 
         #cat /etc/default/shellinabox (For RHEL it will be /etc/sysconfig/shellinaboxd)

3. Manage SSL certificate for shellinabox (by using existing SSL certifcates)
        #cat /etc/ssl/certs/web/mydomain.com/privkey.pem > /var/lib/shellinabox/certificate.pem
        #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /var/lib/shellinabox/certificate.pem
        #systemctl restart shellinabox

4. Configure  apache2 for SSL certificate and redirection
        Create a file /etc/apache2/sites-available/shellinabox.conf and and put the entries given below

          <VirtualHost *:80>
          ServerName terminal.mydomain.com
          Redirect permanent / https://terminal.mydomain.com/
          </VirtualHost>

          <IfModule mod_ssl.c>
          <VirtualHost *:443>
          ServerName terminal.mydomain.com
          SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem
          SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem
          Include /etc/letsencrypt/options-ssl-apache.conf
          ProxyPreserveHost On
          ProxyRequests Off

          # allow for upgrading to websockets
          RewriteEngine On
          RewriteCond %{HTTP:Upgrade} =websocket [NC]
          RewriteRule /(.*) ws://127.0.0.1:4200/$1 [P,L]
          RewriteCond %{HTTP:Upgrade} !=websocket [NC]
          RewriteRule /(.*) http://127.0.0.1:4200/$1 [P,L]

          # Proxy to your local bash instance
          ProxyPass / http://127.0.0.1:4200/
          ProxyPassReverse / http://127.0.0.1:4200/

          </VirtualHost>
          </IfModule>

5.  Configure IPTables to drop requests on 4200 from world
        iptables -A INPUT -p tcp -s 127.0.0.1 --dport 4200 -j ACCEPT
        iptables -A INPUT -p tcp --dport 4200 -j DROP
  

6.  Enable Apache Configuration 
       #ln -s /etc/apache2/sites-available/shellinabox.conf /etc/apache2/sites-enabled/shellinabox.conf
       #systemctl reload apache2

Summary:
After this setup web terminal (shellinabox) will be available only on https://terminal.mydomain.com and https://terminal.mydomain.com:4200 will not work

 


					

		
		
	




			
				


	

		

					
Install and configure cockpit with SSL (debian)

								

								 Akash
															Advanced Linux, Debian / Ubuntu, Server Configurations, Utils					
												

					


				

			
1. Edit /etc/apt/sources.list file or create new file /etc/apt/sources.list.d/Backports.list and add below lines 


        #deb http://ftp.debian.org/debian/ stretch-backports main contrib non-free
        #deb http://packages.prosody.im/debian stretch main
        #deb https://apt.dockerproject.org/repo debian-stretch main

2.  Install cockpit package
        #sudo apt-get update
        #sudo apt-get install cockpit

3. Manage SSL certificate for cockpit (by using existing SSL certifcates) 
        #cat /etc/cockpit/ws-certs.d/cockpit.base.cert > /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #cat /etc/ssl/certs/web/mydomain.com/fullchain.pem >> /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #systemctl reload cockpit

4.  Configure apache2 for SSL certificate and redirection
        Create a file /etc/apache2/sites-available/cockpit.conf and and put the entries given below




           <VirtualHost *:80>

           ServerName cockpit.mydomain.com

           Redirect permanent / https://cockpit.mydomain.com/

           </VirtualHost>


          <IfModule mod_ssl.c>

          <VirtualHost *:443>

           ServerName cockpit.mydomain.com

           SSLCertificateFile /etc/ssl/certs/web/mydomain.com/fullchain.pem

           SSLCertificateKeyFile /etc/ssl/certs/web/mydomain.com/privkey.pem

           Include /etc/letsencrypt/options-ssl-apache.conf

           ProxyPreserveHost On

           ProxyRequests Off


          # allow for upgrading to websockets

           RewriteEngine On

           RewriteCond %{HTTP:Upgrade} =websocket [NC]

           RewriteRule /(.*) ws://127.0.0.1:9090/$1 [P,L]

           RewriteCond %{HTTP:Upgrade} !=websocket [NC]

           RewriteRule /(.*) http://127.0.0.1:9090/$1 [P,L]


           # Proxy to your local cockpit instance

           ProxyPass / http://127.0.0.1:9090/

           ProxyPassReverse / http://127.0.0.1:9090/


           </VirtualHost>

           </IfModule>


 




5. Configure IPTables to drop requests on 9090 from world
        #iptables -A INPUT -p tcp -s 127.0.0.1 --dport 9090 -j ACCEPT
        #iptables -A INPUT -p tcp --dport 9090 -j DROP

 6. Enable Apache Configuration 
        #ln -s /etc/apache2/sites-available/cockpit.conf /etc/apache2/sites-enabled/cockpit.conf
        #systemctl reload apache2


          


Summary:

After this setup web terminal cockpit will be available only on https://cockpit.mydomain.com and https://cockpit.mydomain.com:9090 will not work