agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-14 05:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Lots of stuff

Browse Source
This commit is contained in:
elAgala
2025-02-03 02:34:53 -03:00
parent 5a7d0a4e14
commit 1ca5805e80
8 changed files with 60 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
images/caddy_full/Dockerfile
View File

@@ -3,8 +3,8 @@ FROM caddy:builder AS builder
# Install xcaddy and build Caddy with plugins # Install xcaddy and build Caddy with plugins
RUN xcaddy build \ RUN xcaddy build \
--with github.com/corazawaf/coraza-caddy \ --with github.com/corazawaf/coraza-caddy/v2@v2.0.0 \
--with github.com/hslatman/caddy-crowdsec-bouncer/http --with github.com/hslatman/caddy-crowdsec-bouncer/http@v0.8.1
# Stage to download OWASP CRS # Stage to download OWASP CRS
FROM alpine:latest AS crs FROM alpine:latest AS crs

5
install.sh
View File

@@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
source ./user/create_user.sh source ./user/create_user.sh
source ./user/create_deploy_user.sh
source ./user/ssh_config.sh source ./user/ssh_config.sh
source ./web/install_caddy.sh source ./web/install_caddy.sh
source ./web/setup_ufw.sh source ./web/setup_ufw.sh
@@ -12,7 +13,6 @@ source ./monitoring/install_prometheus.sh
chmod +x ./user/create_user.sh chmod +x ./user/create_user.sh
chmod +x ./user/ssh_config.sh chmod +x ./user/ssh_config.sh
chmod +x ./web/install_nginx.sh
chmod +x ./web/setup_ufw.sh chmod +x ./web/setup_ufw.sh
chmod +x ./docker/install_docker.sh chmod +x ./docker/install_docker.sh
chmod +x ./utils/install_vim.sh chmod +x ./utils/install_vim.sh
@@ -34,7 +34,8 @@ setup_ufw
# User # User
create_user $1 create_user $1
config_ssh $1 create_deploy_user
config_ssh "deploy"
# Utils # Utils
install_vim install_vim

7
templates/caddy/full/Makefile
View File

@@ -8,11 +8,16 @@ caddy\:restart:
docker exec caddy caddy reload --config /etc/caddy/Caddyfile docker exec caddy caddy reload --config /etc/caddy/Caddyfile
@echo "Caddy configuration reloaded successfully." @echo "Caddy configuration reloaded successfully."
caddy\:crowdsec-key caddy\:crowdsec-key:
@echo "Generating new CrowdSec API key..." @echo "Generating new CrowdSec API key..."
docker exec crowdsec cscli bouncers add caddy-bouncer docker exec crowdsec cscli bouncers add caddy-bouncer
@echo "\n=== IMPORTANT ===\nCopy the API_KEY from the output above and replace the value of CROWDSEC_API_KEY in your .env file." @echo "\n=== IMPORTANT ===\nCopy the API_KEY from the output above and replace the value of CROWDSEC_API_KEY in your .env file."
caddy\:generate-password:
@echo "Generating new password..."
docker exec -it caddy caddy hash-password
@echo "\n=== IMPORTANT ===\nCopy the password from the output above and replace the value of PROMETHEUS_PASSWORD in your Caddyfile."
caddy\:logs: caddy\:logs:
@echo "Showing Caddy logs..." @echo "Showing Caddy logs..."
docker compose logs -f caddy docker compose logs -f caddy

8
templates/caddy/full/caddy/Caddyfile
View File

@@ -42,11 +42,17 @@
# reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT} # reverse_proxy * http://{CONTAINER_NAME}:{CONTAINER_PORT}
# } # }
# Example: Bypassing WAF for given API path (Useful for allowing prometheus query) # Example: Bypassing WAF for given API path
# NEEDED FOR PROMETHEUS
# api.example2.com { # api.example2.com {
# basic_auth {
# agala {$PROMETHEUS_PASSWORD}
# }
#
# @waf { # @waf {
# not path /api/v1/* # not path /api/v1/*
# } # }
#
# handle @waf { # handle @waf {
# coraza_waf { # coraza_waf {
# directives ` # directives `

2
templates/caddy/full/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
crowdsec: crowdsec:
image: crowdsecurity/crowdsec:latest image: crowdsecurity/crowdsec:v1.6.4
container_name: crowdsec container_name: crowdsec
volumes: volumes:
- ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml

18
templates/monitoring/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services: services:
# PORT 9099 # PORT 9099
prometheus: prometheus:
image: prom/prometheus:latest image: prom/prometheus:v3.1.0
container_name: prometheus container_name: prometheus
restart: always restart: always
volumes: volumes:
@@ -12,12 +12,26 @@ services:
# PORT 9100 # PORT 9100
node_exporter: node_exporter:
image: prom/node-exporter:latest image: prom/node-exporter:v1.8.2
container_name: node-exporter container_name: node-exporter
restart: always restart: always
networks: networks:
- monitoring_net - monitoring_net
# PORT 8080
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.49.2
container_name: cadvisor
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
restart: unless-stopped
networks:
- monitoring_net
networks: networks:
monitoring_net: monitoring_net:
external: true external: true

6
templates/monitoring/prometheus.yml
View File

@@ -1,5 +1,5 @@
global: global:
scrape_interval: 5s scrape_interval: 15s
scrape_configs: scrape_configs:
@@ -18,3 +18,7 @@ scrape_configs:
- job_name: 'caddy' - job_name: 'caddy'
static_configs: static_configs:
- targets: ['caddy:2019'] - targets: ['caddy:2019']
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8080']

20
user/create_deploy_user.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
function create_deploy_user() {
username="deploy"
echo "[ USER ]: Starting user $usernname setup"
sudo useradd $username
echo "[ USER ]: Set a password for user [$username]:"
sudo passwd $username
echo "[ USER ]: User [deploy] created succesfully"
echo "[ USER ]: Adding user to groups"
sudo usermod -aG www-data $username
sudo usermod -aG docker $username
echo "[ USER ]: User added to the following groupps (www-data, docker)"
echo "[ USER ]: Setting ownership of /home/$username folder"
sudo chown -R $username:$username /home/$username
echo "[ USER ]: User setup finished"
}