From c2e50eebeeb8a3b7468ec5cb92f32d0b55faddd8 Mon Sep 17 00:00:00 2001
From: Luis Guzman <ark@switnet.org>
Date: Sat, 4 Jul 2020 07:15:34 -0500
Subject: [PATCH] Secure grafana under jitsi SSL domain

---
 grafana.sh | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/grafana.sh b/grafana.sh
index 05bf1fb..963ee8a 100644
--- a/grafana.sh
+++ b/grafana.sh
@@ -11,6 +11,9 @@
 
 MAIN_TEL="/etc/telegraf/telegraf.conf"
 TEL_JIT="/etc/telegraf/telegraf.d/jitsi.conf"
+GRAFANA_INI="/etc/grafana/grafana.ini"
+DOMAIN=$(ls /etc/prosody/conf.d/ | grep -v localhost | awk -F'.cfg' '{print $1}' | awk '!NF || !seen[$0]++')
+WS_CONF="/etc/nginx/sites-enabled/$DOMAIN.conf"
 GRAFANA_PASS="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
 PUBLIC_IP="$(dig -4 @resolver1.opendns.com ANY myip.opendns.com +short)"
 
@@ -105,18 +108,36 @@ sed -i "s|JVB_OPTS=\"--apis.*|JVB_OPTS=\"--apis=rest,xmpp\"|" /etc/jitsi/videobr
 sed -i "s|TRANSPORT=muc|TRANSPORT=muc,colibri|" /etc/jitsi/videobridge/sip-communicator.properties
 systemctl restart jitsi-videobridge2
 
+echo "
+# Setup Grafana nginx domain
+"
+sed -i "s|;protocol =.*|protocol = http|" $GRAFANA_INI
+sed -i "s|;http_addr =.*|http_addr = localhost|" $GRAFANA_INI
+sed -i "s|;http_port =.*|http_port = 3000|" $GRAFANA_INI
+sed -i "s|;domain =.*|domain = $DOMAIN|" $GRAFANA_INI
+sed -i "s|;enforce_domain =.*|enforce_domain = true|" $GRAFANA_INI
+sed -i "s|;root_url =.*|root_url = http://$DOMAIN:3000/grafana/|" $GRAFANA_INI
+sed -i "s|;serve_from_sub_path =.*|serve_from_sub_path = true|" $GRAFANA_INI
+systemctl restart grafana-server
+
+if [ -f $WS_CONF ]; then
+	sed -i "/Anything that didn't match above/i \ \ \ \ location \~ \^\/(grafana\/|grafana\/login) {" $WS_CONF
+	sed -i "/Anything that didn't match above/i \ \ \ \ \ \ \ \ proxy_pass http:\/\/localhost:3000;" $WS_CONF
+	sed -i "/Anything that didn't match above/i \ \ \ \ }" $WS_CONF
+	systemctl reload nginx
+else
+	echo "No app configuration done to server file, please report to:
+    -> https://github.com/switnet-ltd/quick-jibri-installer/issues"
+fi
+
 echo "
 # Setup Grafana credentials.
 "
-# Reset Grafana admin password
-#grafana-cli admin reset-admin-password $GRAFANA_PASS
-set -x
 curl -X PUT -H "Content-Type: application/json" -d "{
   \"oldPassword\": \"admin\",
   \"newPassword\": \"$GRAFANA_PASS\",
   \"confirmNew\": \"$GRAFANA_PASS\"
 }" http://admin:admin@localhost:3000/api/user/password
-set +x
 
 echo "
 # Create InfluxDB datasource
@@ -145,9 +166,13 @@ for d in "${ds[@]}"; do
 done
 
 echo "
-Go check on http://$PUBLIC_IP:3000 to review configuration and dashboards.
+Go check:
+    http://$DOMAIN/grafana/
+(emphasis on the trailing \"/\") to review configuration and dashboards.
+
 User: admin
 Password: $GRAFANA_PASS
 
 Please save it somewhere safe.
 "
+read -n 1 -s -r -p "Press any key to continue..."$'\n'