Secure grafana under jitsi SSL domain

This commit is contained in:
Luis Guzmán 2020-07-04 07:15:34 -05:00
parent 40f78f1477
commit c2e50eebee
1 changed files with 30 additions and 5 deletions

View File

@ -11,6 +11,9 @@
MAIN_TEL="/etc/telegraf/telegraf.conf" MAIN_TEL="/etc/telegraf/telegraf.conf"
TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf" TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
GRAFANA_INI="/etc/grafana/grafana.ini"
DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)" GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)" PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
@ -105,18 +108,36 @@ sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobr
sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
systemctl restart jitsi-videobridge2 systemctl restart jitsi-videobridge2
echo "
# Setup Grafana nginx domain
"
sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
sed -i "s|;enforce_domain =.*|enforce_domain = true|" $GRAFANA_INI
sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI
sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI
systemctl restart grafana-server
if [ -f $WS_CONF ]; then
sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF
sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF
sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
systemctl reload nginx
else
echo "No app configuration done to server file, please report to:
-> https://github.com/switnet-ltd/quick-jibri-installer/issues"
fi
echo " echo "
# Setup Grafana credentials. # Setup Grafana credentials.
" "
# Reset Grafana admin password
#grafana-cli admin reset-admin-password $GRAFANA_PASS
set -x
curl -X PUT -H "Content-Type: application/json" -d "{ curl -X PUT -H "Content-Type: application/json" -d "{
\"oldPassword\": \"admin\", \"oldPassword\": \"admin\",
\"newPassword\": \"$GRAFANA_PASS\", \"newPassword\": \"$GRAFANA_PASS\",
\"confirmNew\": \"$GRAFANA_PASS\" \"confirmNew\": \"$GRAFANA_PASS\"
}" http://admin:admin@localhost:3000/api/user/password }" http://admin:admin@localhost:3000/api/user/password
set +x
echo " echo "
# Create InfluxDB datasource # Create InfluxDB datasource
@ -145,9 +166,13 @@ for d in "${ds[@]}"; do
done done
echo " echo "
Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards. Go check:
http://$DOMAIN/grafana/
(emphasis on the trailing \"/\") to review configuration and dashboards.
User: admin User: admin
Password: $GRAFANA_PASS Password: $GRAFANA_PASS
Please save it somewhere safe. Please save it somewhere safe.
" "
read -n 1 -s -r -p "Press any key to continue..."$'\n'