Project-Insanity

* Ports must be forwared: 22, 443, 80, 6080, 6081, 6082

Append to

/etc/apt/sources.list

deb http://ftp.debian.org/debian sid main

 sudo apt-get install certbot -t sid
 apt-get install mosh tmux zabbix-agent nginx aptitude websockify
<code>
<code bash /etc/network/interfaces>
auto eth0
iface eth0 inet static
        address 192.168.1.2
        netmask 255.255.255.0
        gateway 192.168.1.254

useradd websockify
sudo certbot certonly --webroot -w /var/www -d status.wew-heim.de
chmod -R g+r+x /etc/letsencrypt/live /etc/letsencrypt/archive
chown -R root:websockify /etc/letsencrypt/live /etc/letsencrypt/archive
sudo cp projects/web-status-wewheim/utils/websockify@.service /usr/lib/systemd/system/

Append last section

/etc/letsencrypt/renewal/status.wew-heim.de.conf

pre_hook = systemctl stop nginx websockify@motor1 websockify@motor2 websockify@pumpensteuerung
post_hook = systemctl start nginx websockify@motor1 websockify@motor2 websockify@pumpensteuerung

/etc/novnc/motor1.conf

Host="192.168.1.121"
Port="5900"
ListeningPort="6082"
CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"

/etc/novnc/motor2.conf

Host="192.168.1.120"
Port="5900"
ListeningPort="6080"
CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"

/etc/novnc/pumpensteuerung.conf

Host="192.168.1.31"
Port="6131"
ListeningPort="6081"
CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"

 systemd enable websockify@motor1 websockify@motor2 websockify@pumpensteuerung
 systemd start websockify@motor1 websockify@motor2 websockify@pumpensteuerung
<code bash /etc/nginx/sites-available/status.wew-heim.de>
# redirect to https
server {
	listen 80;
	listen [::]:80;
	server_name status.wew-heim.de;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	ssl_certificate /etc/letsencrypt/live/status.wew-heim.de/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/status.wew-heim.de/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/status.wew-heim.de/chain.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=15768000;
	ssl_stapling on;
	ssl_stapling_verify on;
	server_name status.wew-heim.de;

	root /var/www;

	location / {
		auth_basic            "Restricted";
		auth_basic_user_file  htpasswd;
		try_files $uri $uri/ =404;
	}

	location ^~ /.well-known {
		allow all;
		#alias /var/lib/letsencrypt/.well-known/;
		default_type "text/plain";
		try_files $uri =404;
	}
}

 sudo ln -s /etc/nginx/sites-available/status.wew-heim.de /etc/nginx/sites-enabled/
 sudo systemctl restart nginx
 sudo htpasswd -c /etc/nginx/htpasswd status meinpasswort

/etc/zabbix/zabbix_agentd.conf

[...]
UserParameter=debiansecurityupdates,/usr/lib/update-notifier/apt-check --human-readable|grep "security update"|cut -d " " -f1
UserParameter=hdd.smart[*],sudo smartctl -A /dev/$1|grep $2|awk '{print $$10}'
UserParameter=hdd.smart.selftest[*],sudo smartctl -H /dev/$1|grep -c PASSED
Server=5.9.99.52

/var/www/config/config.json

{

  "connections": {
    "Motor 1": {
      "Host" : "status.wew-heim.de",
      "Port" : "6082",
      "Password" : "",
      "Encryption" : true
    },
    "Motor 2": {
      "Host" : "status.wew-heim.de",
      "Port" : "6080",
      "Password" : "",
      "Encryption" : true
    },
    "Pumpensteuerung": {
      "Host" : "status.wew-heim.de",
      "Port" : "6081",
      "Password" : "Hm7823w",
      "Encryption" : true
    }
  }

} </code>

= Projektdateien = * Netzwerk heim.odt * Wew-heim.de.tar.gz

Aufträge