forked from switnet/quick-jibri-installer
Secure grafana under jitsi SSL domain
This commit is contained in:
parent
40f78f1477
commit
c2e50eebee
35
grafana.sh
35
grafana.sh
|
@ -11,6 +11,9 @@
|
||||||
|
|
||||||
MAIN_TEL="/etc/telegraf/telegraf.conf"
|
MAIN_TEL="/etc/telegraf/telegraf.conf"
|
||||||
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
|
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
|
||||||
|
GRAFANA_INI="/etc/grafana/grafana.ini"
|
||||||
|
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
|
||||||
|
WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
|
||||||
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
||||||
PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
|
PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
|
||||||
|
|
||||||
|
@ -105,18 +108,36 @@ sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobr
|
||||||
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
|
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
|
||||||
systemctl restart jitsi-videobridge2
|
systemctl restart jitsi-videobridge2
|
||||||
|
|
||||||
|
echo "
|
||||||
|
# Setup Grafana nginx domain
|
||||||
|
"
|
||||||
|
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
|
||||||
|
sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
|
||||||
|
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
|
||||||
|
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
|
||||||
|
sed -i "s|;enforce_domain =.*|enforce_domain = true|" $GRAFANA_INI
|
||||||
|
sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI
|
||||||
|
sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI
|
||||||
|
systemctl restart grafana-server
|
||||||
|
|
||||||
|
if [ -f $WS_CONF ]; then
|
||||||
|
sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF
|
||||||
|
sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF
|
||||||
|
sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
|
||||||
|
systemctl reload nginx
|
||||||
|
else
|
||||||
|
echo "No app configuration done to server file, please report to:
|
||||||
|
-> https://github.com/switnet-ltd/quick-jibri-installer/issues"
|
||||||
|
fi
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
# Setup Grafana credentials.
|
# Setup Grafana credentials.
|
||||||
"
|
"
|
||||||
# Reset Grafana admin password
|
|
||||||
#grafana-cli admin reset-admin-password $GRAFANA_PASS
|
|
||||||
set -x
|
|
||||||
curl -X PUT -H "Content-Type: application/json" -d "{
|
curl -X PUT -H "Content-Type: application/json" -d "{
|
||||||
\"oldPassword\": \"admin\",
|
\"oldPassword\": \"admin\",
|
||||||
\"newPassword\": \"$GRAFANA_PASS\",
|
\"newPassword\": \"$GRAFANA_PASS\",
|
||||||
\"confirmNew\": \"$GRAFANA_PASS\"
|
\"confirmNew\": \"$GRAFANA_PASS\"
|
||||||
}" http://admin:admin@localhost:3000/api/user/password
|
}" http://admin:admin@localhost:3000/api/user/password
|
||||||
set +x
|
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
# Create InfluxDB datasource
|
# Create InfluxDB datasource
|
||||||
|
@ -145,9 +166,13 @@ for d in "${ds[@]}"; do
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards.
|
Go check:
|
||||||
|
http://$DOMAIN/grafana/
|
||||||
|
(emphasis on the trailing \"/\") to review configuration and dashboards.
|
||||||
|
|
||||||
User: admin
|
User: admin
|
||||||
Password: $GRAFANA_PASS
|
Password: $GRAFANA_PASS
|
||||||
|
|
||||||
Please save it somewhere safe.
|
Please save it somewhere safe.
|
||||||
"
|
"
|
||||||
|
read -n 1 -s -r -p "Press any key to continue..."$'\n'
|
||||||
|
|
Loading…
Reference in New Issue