Project-Insanity

Site Tools

Trace:
Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
projects:web:wewheim

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

projects:web:wewheim [2020/11/17 13:01] – old revision restored (2017/07/28 17:44) 78.46.61.245projects:web:wewheim [2021/10/31 10:42] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +* Port forwardings für noVNC websocket in FritzBox eintragen
 +* status.wew-heim.de (eingerichtet von MadWays) geht auf DynDns fritzbox-heim.no-ip.org
 +* http://http.pi/gitlab/onny/web-status-wewheim
 +===== Requirements =====
 +* Ports must be forwared: 22, 443, 80, 6080, 6081, 6082
 +===== Server setup =====
 +Append to
 +<code bash /etc/apt/sources.list>
 +deb http://ftp.debian.org/debian sid main
 +</code>
 +<code bash>
 + sudo apt-get install certbot -t sid
 + apt-get install mosh tmux zabbix-agent nginx aptitude websockify
 +<code>
 +<code bash /etc/network/interfaces>
 +auto eth0
 +iface eth0 inet static
 +        address 192.168.1.2
 +        netmask 255.255.255.0
 +        gateway 192.168.1.254
 +</code>
 +<code bash>
 +useradd websockify
 +sudo certbot certonly --webroot -w /var/www -d status.wew-heim.de
 +chmod -R g+r+x /etc/letsencrypt/live /etc/letsencrypt/archive
 +chown -R root:websockify /etc/letsencrypt/live /etc/letsencrypt/archive
 +sudo cp projects/web-status-wewheim/utils/websockify@.service /usr/lib/systemd/system/
 +</code>
 +Append last section
 +<code bash /etc/letsencrypt/renewal/status.wew-heim.de.conf>
 +pre_hook = systemctl stop nginx websockify@motor1 websockify@motor2 websockify@pumpensteuerung
 +post_hook = systemctl start nginx websockify@motor1 websockify@motor2 websockify@pumpensteuerung
 +</code>
 +<code bash /etc/novnc/motor1.conf>
 +Host="192.168.1.121"
 +Port="5900"
 +ListeningPort="6082"
 +CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
 +KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"
 +</code>
 +<code bash /etc/novnc/motor2.conf>
 +Host="192.168.1.120"
 +Port="5900"
 +ListeningPort="6080"
 +CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
 +KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"
 +</code>
 +<code bash /etc/novnc/pumpensteuerung.conf>
 +Host="192.168.1.31"
 +Port="6131"
 +ListeningPort="6081"
 +CertPath="/etc/letsencrypt/live/status.wew-heim.de/cert.pem"
 +KeyPath="/etc/letsencrypt/live/status.wew-heim.de/privkey.pem"
 +</code>
 +<code>
 + systemd enable websockify@motor1 websockify@motor2 websockify@pumpensteuerung
 + systemd start websockify@motor1 websockify@motor2 websockify@pumpensteuerung
 +<code bash /etc/nginx/sites-available/status.wew-heim.de>
 +# redirect to https
 +server {
 + listen 80;
 + listen [::]:80;
 + server_name status.wew-heim.de;
 + return 301 https://$host$request_uri;
 +}
 +
 +server {
 + listen 443 ssl;
 + listen [::]:443 ssl;
 + ssl_certificate /etc/letsencrypt/live/status.wew-heim.de/fullchain.pem;
 + ssl_certificate_key /etc/letsencrypt/live/status.wew-heim.de/privkey.pem;
 + ssl_trusted_certificate /etc/letsencrypt/live/status.wew-heim.de/chain.pem;
 + ssl_session_timeout 1d;
 + ssl_session_cache shared:SSL:50m;
 + ssl_session_tickets off;
 + ssl_protocols TLSv1.2;
 + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 + ssl_prefer_server_ciphers on;
 + add_header Strict-Transport-Security max-age=15768000;
 + ssl_stapling on;
 + ssl_stapling_verify on;
 + server_name status.wew-heim.de;
 +
 + root /var/www;
 +
 + location / {
 + auth_basic            "Restricted";
 + auth_basic_user_file  htpasswd;
 + try_files $uri $uri/ =404;
 + }
 +
 + location ^~ /.well-known {
 + allow all;
 + #alias /var/lib/letsencrypt/.well-known/;
 + default_type "text/plain";
 + try_files $uri =404;
 + }
 +}
 +</code>
 +<code bash>
 + sudo ln -s /etc/nginx/sites-available/status.wew-heim.de /etc/nginx/sites-enabled/
 + sudo systemctl restart nginx
 + sudo htpasswd -c /etc/nginx/htpasswd status meinpasswort
 +</code>
 +<code bash /etc/zabbix/zabbix_agentd.conf>
 +[...]
 +UserParameter=debiansecurityupdates,/usr/lib/update-notifier/apt-check --human-readable|grep "security update"|cut -d " " -f1
 +UserParameter=hdd.smart[*],sudo smartctl -A /dev/$1|grep $2|awk '{print $$10}'
 +UserParameter=hdd.smart.selftest[*],sudo smartctl -H /dev/$1|grep -c PASSED
 +Server=5.9.99.52
 +</code>
 +<code json /var/www/config/config.json</code>
 +{
 +    "connections": {
 +      "Motor 1": {
 +        "Host" : "status.wew-heim.de",
 +        "Port" : "6082",
 +        "Password" : "",
 +        "Encryption" : true
 +      },
 +      "Motor 2": {
 +        "Host" : "status.wew-heim.de",
 +        "Port" : "6080",
 +        "Password" : "",
 +        "Encryption" : true
 +      },
 +      "Pumpensteuerung": {
 +        "Host" : "status.wew-heim.de",
 +        "Port" : "6081",
 +        "Password" : "Hm7823w",
 +        "Encryption" : true
 +      }
 +    }
 +}
 +</code>
 +
 += Projektdateien =
 +* [[File:Netzwerk heim.odt]]
 +* [[File:Wew-heim.de.tar.gz]]
 +
 +[[Category:Aufträge]]
  
projects/web/wewheim.txt · Last modified: 2021/10/31 10:42 by 127.0.0.1

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki