1. update install script for ubuntu 20. 2. switched to wildcard cert for lets encrypt. 3. change installation directory. 4. automate the initial setup of meshcentral
This commit is contained in:
wh1te909
parent
4bdf00bf79
commit
39c4d201b9
193
install.sh
193
install.sh
|
|
@ -6,9 +6,10 @@ if [ $EUID -eq 0 ]; then
|
|||
fi
|
||||
|
||||
|
||||
DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1)
|
||||
SALTPW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
|
||||
ADMINURL=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 30 | head -n 1)
|
||||
DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 80 | head -n 1)
|
||||
SALTPW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
|
||||
ADMINURL=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 70 | head -n 1)
|
||||
MESHPASSWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 25 | head -n 1)
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
|
|
@ -34,16 +35,47 @@ echo -ne "${YELLOW}Create a username for the postgres database${NC}: "
|
|||
read pgusername
|
||||
echo -ne "${YELLOW}Create a password for the postgres database${NC}: "
|
||||
read pgpw
|
||||
echo -ne "${YELLOW}Enter the backend API domain for the rmm${NC}: "
|
||||
|
||||
while [[ $rmmdomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the backend (e.g. api.example.com)${NC}: "
|
||||
read rmmdomain
|
||||
echo -ne "${YELLOW}Enter the frontend domain for the rmm${NC}: "
|
||||
done
|
||||
|
||||
while [[ $frontenddomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the frontend (e.g. app.example.com)${NC}: "
|
||||
read frontenddomain
|
||||
echo -ne "${YELLOW}Enter the domain for meshcentral${NC}: "
|
||||
done
|
||||
|
||||
while [[ $meshdomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for meshcentral (e.g. mesh.example.com)${NC}: "
|
||||
read meshdomain
|
||||
echo -ne "${YELLOW}Enter your username for meshcentral${NC}: "
|
||||
done
|
||||
|
||||
echo -ne "${YELLOW}Create a username for meshcentral${NC}: "
|
||||
read meshusername
|
||||
echo -ne "${YELLOW}Enter your email address for let's encrypt renewal notifications${NC}: "
|
||||
|
||||
while [[ $letsemail != *[@]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter a valid email address for let's encrypt renewal notifications and meshcentral${NC}: "
|
||||
read letsemail
|
||||
done
|
||||
|
||||
rootdomain=$(expr match "$rmmdomain" '.*\.\(.*\..*\)')
|
||||
|
||||
print_green 'Getting wildcard cert'
|
||||
|
||||
sudo apt install -y software-properties-common
|
||||
sudo apt update
|
||||
sudo apt install -y certbot
|
||||
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
while [[ $? -ne 0 ]]
|
||||
do
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
done
|
||||
|
||||
|
||||
print_green 'Creating saltapi user'
|
||||
|
|
@ -53,8 +85,6 @@ echo "saltapi:${SALTPW}" | sudo chpasswd
|
|||
|
||||
print_green 'Installing Nginx'
|
||||
|
||||
sudo apt install -y software-properties-common
|
||||
sudo apt update
|
||||
sudo apt install -y nginx
|
||||
sudo systemctl stop nginx
|
||||
|
||||
|
|
@ -82,7 +112,6 @@ sudo mkdir -p /meshcentral/meshcentral-data
|
|||
sudo chown ${USER}:${USER} -R /meshcentral
|
||||
cd /meshcentral
|
||||
npm install meshcentral
|
||||
cd /home/${USER}
|
||||
sudo chown ${USER}:${USER} -R /meshcentral
|
||||
|
||||
meshcfg="$(cat << EOF
|
||||
|
|
@ -106,8 +135,8 @@ meshcfg="$(cat << EOF
|
|||
},
|
||||
"domains": {
|
||||
"": {
|
||||
"Title": "Dev RMM",
|
||||
"Title2": "DevRMM",
|
||||
"Title": "Tactical RMM",
|
||||
"Title2": "Tactical RMM",
|
||||
"NewAccounts": false,
|
||||
"CertUrl": "https://${meshdomain}:443/",
|
||||
"GeoLocation": true,
|
||||
|
|
@ -146,16 +175,11 @@ sudo -u postgres psql -c "ALTER ROLE ${pgusername} SET default_transaction_isola
|
|||
sudo -u postgres psql -c "ALTER ROLE ${pgusername} SET timezone TO 'UTC'"
|
||||
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE tacticalrmm TO ${pgusername}"
|
||||
|
||||
|
||||
sudo usermod -a -G www-data ${USER}
|
||||
sudo chmod 710 /home/${USER}
|
||||
sudo chown ${USER}:www-data /home/${USER}
|
||||
|
||||
mkdir -p /home/${USER}/rmm
|
||||
sudo mkdir /rmm
|
||||
sudo chown ${USER}:${USER} /rmm
|
||||
sudo mkdir -p /var/log/celery
|
||||
sudo chown ${USER}:${USER} /var/log/celery
|
||||
git clone https://github.com/wh1te909/tacticalrmm.git /home/${USER}/rmm/
|
||||
sudo chown ${USER}:www-data -R /home/${USER}/rmm/api/tacticalrmm
|
||||
git clone https://github.com/wh1te909/tacticalrmm.git /rmm/
|
||||
|
||||
localvars="$(cat << EOF
|
||||
SECRET_KEY = "${DJANGO_SEKRET}"
|
||||
|
|
@ -199,13 +223,6 @@ if not DEBUG:
|
|||
)
|
||||
})
|
||||
|
||||
EMAIL_USE_TLS = True
|
||||
EMAIL_HOST = 'smtp.gmail.com'
|
||||
EMAIL_HOST_USER = 'example@gmail.com'
|
||||
EMAIL_HOST_PASSWORD = 'yourgmailpassword'
|
||||
EMAIL_PORT = 587
|
||||
EMAIL_ALERT_RECIPIENTS = ["jsmith@example.com",]
|
||||
|
||||
SALT_USERNAME = "saltapi"
|
||||
SALT_PASSWORD = "${SALTPW}"
|
||||
SALT_HOST = "127.0.0.1"
|
||||
|
|
@ -214,17 +231,17 @@ MESH_SITE = "https://${meshdomain}"
|
|||
REDIS_HOST = "localhost"
|
||||
EOF
|
||||
)"
|
||||
echo "${localvars}" > /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/local_settings.py
|
||||
echo "${localvars}" > /rmm/api/tacticalrmm/tacticalrmm/local_settings.py
|
||||
|
||||
print_green 'Installing the backend'
|
||||
|
||||
cd /home/${USER}/rmm/api
|
||||
cd /rmm/api
|
||||
python3 -m venv env
|
||||
source /home/${USER}/rmm/api/env/bin/activate
|
||||
cd /home/${USER}/rmm/api/tacticalrmm
|
||||
source /rmm/api/env/bin/activate
|
||||
cd /rmm/api/tacticalrmm
|
||||
pip install --no-cache-dir --upgrade pip
|
||||
pip install --no-cache-dir --upgrade setuptools wheel
|
||||
pip install --no-cache-dir -r /home/${USER}/rmm/api/tacticalrmm/requirements.txt
|
||||
pip install --no-cache-dir -r /rmm/api/tacticalrmm/requirements.txt
|
||||
python manage.py migrate
|
||||
python manage.py collectstatic
|
||||
python manage.py initial_db_setup
|
||||
|
|
@ -247,15 +264,15 @@ read -n 1 -s -r -p "Press any key to continue..."
|
|||
uwsgini="$(cat << EOF
|
||||
[uwsgi]
|
||||
|
||||
logto = /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/private/log/uwsgi.log
|
||||
chdir = /home/${USER}/rmm/api/tacticalrmm
|
||||
logto = /rmm/api/tacticalrmm/tacticalrmm/private/log/uwsgi.log
|
||||
chdir = /rmm/api/tacticalrmm
|
||||
module = tacticalrmm.wsgi
|
||||
home = /home/${USER}/rmm/api/env
|
||||
home = /rmm/api/env
|
||||
master = true
|
||||
processes = 6
|
||||
threads = 6
|
||||
enable-threads = True
|
||||
socket = /home/${USER}/rmm/api/tacticalrmm/tacticalrmm.sock
|
||||
socket = /rmm/api/tacticalrmm/tacticalrmm.sock
|
||||
harakiri = 300
|
||||
chmod-socket = 660
|
||||
# clear environment on exit
|
||||
|
|
@ -265,7 +282,7 @@ max-requests = 500
|
|||
max-requests-delta = 1000
|
||||
EOF
|
||||
)"
|
||||
echo "${uwsgini}" > /home/${USER}/rmm/api/tacticalrmm/app.ini
|
||||
echo "${uwsgini}" > /rmm/api/tacticalrmm/app.ini
|
||||
|
||||
|
||||
rmmservice="$(cat << EOF
|
||||
|
|
@ -276,9 +293,9 @@ After=network.target
|
|||
[Service]
|
||||
User=${USER}
|
||||
Group=www-data
|
||||
WorkingDirectory=/home/${USER}/rmm/api/tacticalrmm
|
||||
Environment="PATH=/home/${USER}/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
ExecStart=/home/${USER}/rmm/api/env/bin/uwsgi --ini app.ini
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
Environment="PATH=/rmm/api/env/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
ExecStart=/rmm/api/env/bin/uwsgi --ini app.ini
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
|
|
@ -293,7 +310,7 @@ nginxrmm="$(cat << EOF
|
|||
server_tokens off;
|
||||
|
||||
upstream tacticalrmm {
|
||||
server unix:////home/${USER}/rmm/api/tacticalrmm/tacticalrmm.sock;
|
||||
server unix:////rmm/api/tacticalrmm/tacticalrmm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
@ -306,20 +323,20 @@ server {
|
|||
listen 443 ssl;
|
||||
server_name ${rmmdomain};
|
||||
client_max_body_size 300M;
|
||||
access_log /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/private/log/access.log;
|
||||
error_log /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/private/log/error.log;
|
||||
ssl_certificate /etc/letsencrypt/live/${rmmdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rmmdomain}/privkey.pem;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log;
|
||||
error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log;
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
|
||||
location /static/ {
|
||||
root /home/${USER}/rmm/api/tacticalrmm;
|
||||
root /rmm/api/tacticalrmm;
|
||||
}
|
||||
|
||||
location /private/ {
|
||||
internal;
|
||||
add_header "Access-Control-Allow-Origin" "https://${frontenddomain}";
|
||||
alias /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/private/;
|
||||
alias /rmm/api/tacticalrmm/tacticalrmm/private/;
|
||||
}
|
||||
|
||||
location /saltscripts/ {
|
||||
|
|
@ -361,8 +378,8 @@ server {
|
|||
proxy_send_timeout 330s;
|
||||
proxy_read_timeout 330s;
|
||||
server_name ${meshdomain};
|
||||
ssl_certificate /etc/letsencrypt/live/${meshdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${meshdomain}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_session_cache shared:WEBSSL:10m;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
|
@ -439,7 +456,7 @@ Type=forking
|
|||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/home/${USER}/rmm/api/tacticalrmm
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} multi start \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} \${CELERYD_OPTS}'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \${CELERYD_NODES} --pidfile=\${CELERYD_PID_FILE}'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} multi restart \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} \${CELERYD_OPTS}'
|
||||
|
|
@ -463,7 +480,7 @@ Type=forking
|
|||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery-winupdate.conf
|
||||
WorkingDirectory=/home/${USER}/rmm/api/tacticalrmm
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} multi start \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} -Q wupdate \${CELERYD_OPTS}'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \${CELERYD_NODES} --pidfile=\${CELERYD_PID_FILE}'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} multi restart \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} -Q wupdate \${CELERYD_OPTS}'
|
||||
|
|
@ -479,7 +496,7 @@ echo "${celerywinupdatesvc}" | sudo tee /etc/systemd/system/celery-winupdate.ser
|
|||
celeryconf="$(cat << EOF
|
||||
CELERYD_NODES="w1"
|
||||
|
||||
CELERY_BIN="/home/${USER}/rmm/api/env/bin/celery"
|
||||
CELERY_BIN="/rmm/api/env/bin/celery"
|
||||
|
||||
CELERY_APP="tacticalrmm"
|
||||
|
||||
|
|
@ -487,11 +504,11 @@ CELERYD_MULTI="multi"
|
|||
|
||||
CELERYD_OPTS="--time-limit=2900 --autoscale=50,5"
|
||||
|
||||
CELERYD_PID_FILE="/home/${USER}/rmm/api/tacticalrmm/%n.pid"
|
||||
CELERYD_PID_FILE="/rmm/api/tacticalrmm/%n.pid"
|
||||
CELERYD_LOG_FILE="/var/log/celery/%n%I.log"
|
||||
CELERYD_LOG_LEVEL="INFO"
|
||||
|
||||
CELERYBEAT_PID_FILE="/home/${USER}/rmm/api/tacticalrmm/beat.pid"
|
||||
CELERYBEAT_PID_FILE="/rmm/api/tacticalrmm/beat.pid"
|
||||
CELERYBEAT_LOG_FILE="/var/log/celery/beat.log"
|
||||
EOF
|
||||
)"
|
||||
|
|
@ -500,7 +517,7 @@ echo "${celeryconf}" | sudo tee /etc/conf.d/celery.conf > /dev/null
|
|||
celerywinupdate="$(cat << EOF
|
||||
CELERYD_NODES="w2"
|
||||
|
||||
CELERY_BIN="/home/${USER}/rmm/api/env/bin/celery"
|
||||
CELERY_BIN="/rmm/api/env/bin/celery"
|
||||
|
||||
CELERY_APP="tacticalrmm"
|
||||
|
||||
|
|
@ -508,7 +525,7 @@ CELERYD_MULTI="multi"
|
|||
|
||||
CELERYD_OPTS="--time-limit=4000 --autoscale=15,1"
|
||||
|
||||
CELERYD_PID_FILE="/home/${USER}/rmm/api/tacticalrmm/%n.pid"
|
||||
CELERYD_PID_FILE="/rmm/api/tacticalrmm/%n.pid"
|
||||
CELERYD_LOG_FILE="/var/log/celery/%n%I.log"
|
||||
CELERYD_LOG_LEVEL="INFO"
|
||||
EOF
|
||||
|
|
@ -527,7 +544,7 @@ Type=simple
|
|||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/home/${USER}/rmm/api/tacticalrmm
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} beat -A \${CELERY_APP} --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
|
@ -539,8 +556,8 @@ EOF
|
|||
echo "${celerybeatservice}" | sudo tee /etc/systemd/system/celerybeat.service > /dev/null
|
||||
|
||||
sudo mkdir -p /srv/salt
|
||||
sudo cp -r /home/${USER}/rmm/_modules /srv/salt/
|
||||
sudo cp -r /home/${USER}/rmm/scripts /srv/salt/
|
||||
sudo cp -r /rmm/_modules /srv/salt/
|
||||
sudo cp -r /rmm/scripts /srv/salt/
|
||||
sudo mkdir /srv/salt/scripts/userdefined
|
||||
sudo chown ${USER}:${USER} -R /srv/salt/
|
||||
sudo chown ${USER}:www-data /srv/salt/scripts/userdefined
|
||||
|
|
@ -577,36 +594,23 @@ sudo systemctl enable salt-api
|
|||
|
||||
sudo systemctl restart salt-api
|
||||
|
||||
print_green 'Installing certbot'
|
||||
|
||||
sudo apt install -y certbot
|
||||
|
||||
print_green 'Getting https certs'
|
||||
|
||||
sudo certbot certonly --standalone --agree-tos -m ${letsemail} --no-eff-email -d ${meshdomain}
|
||||
sudo certbot certonly --standalone --agree-tos -m ${letsemail} --no-eff-email -d ${rmmdomain}
|
||||
sudo certbot certonly --standalone --agree-tos -m ${letsemail} --no-eff-email -d ${frontenddomain}
|
||||
|
||||
sudo chown -R $USER:$GROUP /home/${USER}/.npm
|
||||
sudo chown -R $USER:$GROUP /home/${USER}/.config
|
||||
|
||||
quasarenv="$(cat << EOF
|
||||
PROD_URL = "https://${rmmdomain}"
|
||||
DEV_URL = "https://api.example.com"
|
||||
APP_URL = "https://app.example.com"
|
||||
DEV_HOST = 0.0.0.0
|
||||
DEV_PORT = 80
|
||||
DEV_URL = "https://${rmmdomain}"
|
||||
EOF
|
||||
)"
|
||||
echo "${quasarenv}" | tee /home/${USER}/rmm/web/.env > /dev/null
|
||||
echo "${quasarenv}" | tee /rmm/web/.env > /dev/null
|
||||
|
||||
print_green 'Installing the frontend'
|
||||
|
||||
cd /home/${USER}/rmm/web
|
||||
cd /rmm/web
|
||||
npm install
|
||||
npm run build
|
||||
sudo mkdir -p /var/www/rmm
|
||||
sudo cp -pvr /home/${USER}/rmm/web/dist /var/www/rmm/
|
||||
sudo cp -pvr /rmm/web/dist /var/www/rmm/
|
||||
sudo chown www-data:www-data -R /var/www/rmm/dist
|
||||
|
||||
nginxfrontend="$(cat << EOF
|
||||
|
|
@ -623,9 +627,9 @@ server {
|
|||
access_log /var/log/nginx/frontend-access.log;
|
||||
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/${frontenddomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${frontenddomain}/privkey.pem;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
@ -644,7 +648,7 @@ echo "${nginxfrontend}" | sudo tee /etc/nginx/sites-available/frontend.conf > /d
|
|||
sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/frontend.conf
|
||||
|
||||
|
||||
print_green 'Restarting Services'
|
||||
print_green 'Enabling Services'
|
||||
|
||||
for i in nginx celery.service celery-winupdate.service celerybeat.service rmm.service
|
||||
do
|
||||
|
|
@ -668,10 +672,25 @@ meshtoken="$(cat << EOF
|
|||
MESH_TOKEN_KEY = "${MESHTOKENKEY}"
|
||||
EOF
|
||||
)"
|
||||
echo "${meshtoken}" | tee --append /home/${USER}/rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null
|
||||
echo "${meshtoken}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null
|
||||
|
||||
print_green 'Restarting all services'
|
||||
for i in nginx celery.service celery-winupdate.service celerybeat.service rmm.service meshcentral.service
|
||||
|
||||
print_green 'Creating meshcentral account and group'
|
||||
|
||||
sudo systemctl stop meshcentral
|
||||
cd /meshcentral
|
||||
|
||||
node node_modules/meshcentral --createaccount ${meshusername} --pass ${MESHPASSWD} --email ${letsemail}
|
||||
node node_modules/meshcentral --adminaccount ${meshusername}
|
||||
|
||||
sudo systemctl start meshcentral
|
||||
sleep 5
|
||||
|
||||
node node_modules/meshcentral/meshctrl.js --url wss://${meshdomain}:443 --loginuser ${meshusername} --loginpass ${MESHPASSWD} AddDeviceGroup --name TacticalRMM
|
||||
MESHEXE=$(node node_modules/meshcentral/meshctrl.js --url wss://${meshdomain}:443 --loginuser ${meshusername} --loginpass ${MESHPASSWD} GenerateInviteLink --group TacticalRMM --hours 8)
|
||||
|
||||
print_green 'Restarting services'
|
||||
for i in celery.service celery-winupdate.service celerybeat.service rmm.service
|
||||
do
|
||||
sudo systemctl restart ${i}
|
||||
done
|
||||
|
|
@ -684,8 +703,10 @@ sudo systemctl restart salt-api
|
|||
printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
|
||||
printf >&2 "\n\n"
|
||||
printf >&2 "${YELLOW}Installation complete!${NC}\n\n"
|
||||
printf >&2 "${YELLOW}Access your rmm at: ${GREEN}https://${frontenddomain}${NC}\n"
|
||||
printf >&2 "${YELLOW}Download the meshagent 64 bit EXE from: ${GREEN}${MESHEXE}${NC}\n\n"
|
||||
printf >&2 "${YELLOW}Access your rmm at: ${GREEN}https://${frontenddomain}${NC}\n\n"
|
||||
printf >&2 "${YELLOW}Django admin url: ${GREEN}https://${rmmdomain}/${ADMINURL}${NC}\n\n"
|
||||
printf >&2 "${YELLOW}MeshCentral password: ${GREEN}${MESHPASSWD}${NC}\n\n"
|
||||
printf >&2 "${YELLOW}Please refer to the github README for next steps${NC}\n\n"
|
||||
printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
|
||||
printf >&2 "\n"
|
||||
|
|
|
|||
Loading…
Reference in New Issue