From bd76bdf49ed755dc4fda9d2beca9a4b1ca588835 Mon Sep 17 00:00:00 2001
From: 57_Wolve <57_wolve@private.email>
Date: Mon, 13 Jan 2025 02:25:19 +0000
Subject: [PATCH] Add install.sh

---
 install.sh | 223 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 223 insertions(+)
 create mode 100644 install.sh

diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..6e07295
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,223 @@
+#!/bin/bash
+set -e
+
+DOMAIN=$1
+ACME_EMAIL=$2
+
+if [[ "$EUID" -ne 0 ]]; then
+    echo -e "\e[31m[FATAL]\e[39m Currently this script requires being ran as root user - please try again as root."
+    exit 1
+fi
+
+echo -e "\n\nINSTALL LOG FOR Uberbringer: $(date --rfc-3339=seconds)\n" >> /var/log/uberbringer-install.log
+
+info() {
+    echo -e "\e[34m[INFO]\e[39m $1"
+    echo "[INFO] $1" >> /var/log/uberbringer-install.log
+}
+
+debug() {
+    if [[ ! -z "$DEBUG" ]]; then
+        echo -e "\e[96m[DEBUG]\e[39m $1"
+    fi
+    echo "[DEBUG] $1" >> /var/log/uberbringer-install.log
+}
+
+warn() {
+    echo -e "\e[33m[WARNING]\e[39m $1"
+    echo "[WARNING] $1" >> /var/log/uberbringer-install.log
+}
+
+fatal() {
+    echo -e "\e[31m[FATAL]\e[39m $1"
+    echo "[FATAL] $1" >> /var/log/uberbringer-install.log
+    exit 1
+}
+
+create_jwt(){
+    jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+    payload=$(echo -n '{"user_id":"uberbringer"}' | base64 | sed s/\+/-/g |sed 's/\//_/g' |  sed -E s/=+$//)
+    secret=$(openssl rand -base64 32)
+    hexsecret=$(echo -n "$secret" | xxd -p | paste -sd "")
+    hmac_signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$hexsecret -binary | base64  | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+    JWT_TOKEN="${jwt_header}.${payload}.${hmac_signature}"
+}
+
+install_nginx(){
+    info "Installing nginx..."
+
+    mkdir -p /etc/nginx/includes
+
+    cat <<EOT > /etc/nginx/includes/letsencrypt-webroot
+location / {
+  alias /var/www/$DOMAIN/;
+}
+EOT
+
+    rm /etc/nginx/sites-enabled/default || true
+    rm /etc/nginx/sites-available/default || true
+
+    cat <<EOT > /etc/nginx/sites-available/default.conf
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name $DOMAIN;
+
+    include includes/letsencrypt-webroot;
+}
+EOT
+
+    ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf || true
+
+    systemctl enable nginx
+
+    debug "Starting Nginx..."
+    systemctl restart nginx
+}
+
+install_acmesh() {
+    mkdir -p /etc/letsencrypt/live/$DOMAIN > /dev/null 2>&1
+
+    info "Installing Acme.sh..."
+    curl https://get.acme.sh | sh -s email=$ACME_EMAIL
+
+    info "Issuing SSL Certificate..."
+    /root/.acme.sh/acme.sh --issue -w /var/www/$DOMAIN --keypath /etc/letsencrypt/live/$DOMAIN/privkey.pem --fullchainpath /etc/letsencrypt/live/$DOMAIN/fullchain.pem -d $DOMAIN --reloadcmd "systemctl restart nginx" --force
+
+    info "Enabling Acme.sh Automatic Upgrade..."
+    /root/.acme.sh/acme.sh --upgrade --auto-upgrade || true
+
+    cat <<EOT > /etc/nginx/sites-available/reverse-proxy.conf
+server {
+    listen       443;
+    listen  [::]:443;
+    server_name $DOMAIN;
+
+    ssl on;
+    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+    ssl_session_cache  builtin:1000  shared:SSL:10m;
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AES128:EECDH+AES256:+SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RSA+3DES:!DSS';
+    ssl_prefer_server_ciphers on;
+
+    # Set the access log location
+    error_log /var/log/nginx/default_error.log;
+    access_log /var/log/nginx/default_access.log;
+
+    location / {
+
+        # Set the proxy headers
+        proxy_redirect off;
+        proxy_pass_request_headers on;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host \$http_host;
+        proxy_set_header Referer \$http_referer;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+
+        # Configure which address the request is proxied to
+        proxy_pass          http://127.0.0.1:8080/;
+        proxy_read_timeout  90;
+
+        # Security headers
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Referrer-Policy "origin";
+        
+    }
+}
+EOT
+
+    ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf || true
+
+    debug "Restarting Nginx..."
+    systemctl restart nginx > /dev/null 2>&1
+
+}
+
+install_uberbringer(){
+    info "Installing Uberbringer web service..."
+    mkdir -p /etc/uberbringer > /dev/null 2>&1
+
+    info "Creating Uberbringer config..."
+    cat <<EOT > /etc/uberbringer/config.toml
+[webserver]
+    bind_ip = "127.0.0.1"
+    port = 8080
+
+[api]
+    secret = "$secret"
+EOT
+
+   info "Downloading uberbringer_linux_amd64..."
+    wget -O uberbringer_linux_amd64.tar https://git.anomalous.dev/57_Wolve/uberbringer/releases/download/latest/uberbringer_linux_amd64.tar || true
+
+    tar xvf uberbringer_linux_amd64.tar -C /usr/local/bin/
+
+    rm uberbringer_linux_amd64.tar.gz > /dev/null 2>&1 || true
+
+    chmod u+x /usr/local/bin/uberbringer
+
+    info "Creating uberbringer.service..."
+    cat <<EOT > /etc/systemd/system/uberbringer.service
+[Unit]
+Description=Uberbringer Daemon
+Wants=network-online.target
+After=network.target network-online.target
+
+[Service]
+User=root
+WorkingDirectory=/etc/uberbringer
+LimitNOFILE=4096
+PIDFile=/var/run/uberbringer/daemon.pid
+ExecStart=/usr/local/bin/uberbringer
+Restart=on-failure
+StartLimitInterval=600
+
+[Install]
+WantedBy=multi-user.target
+EOT
+
+    systemctl daemon-reload > /dev/null 2>&1 || true
+    systemctl enable uberbringer > /dev/null 2>&1 || true
+
+    debug "Starting Uberbringer Web Service..."
+    systemctl start uberbringer > /dev/null 2>&1 || true
+}
+
+main() {
+    info "Script loaded, starting the install process..."
+
+    info "Installing curl, socat, xxd, and nginx..."
+    apt install -y nginx curl openssl xxd socat > /dev/null 2>&1 
+
+    if [[ ! -x "$(command -v nginx)" ]]; then
+        fatal "Couldn't find curl installed on the system - please install it first and rerun the script."
+    fi
+
+    if [[ ! -x "$(command -v openssl)" ]]; then
+        fatal "Couldn't find openssl installed on the system - please install it first and rerun the script."
+    fi
+
+    if [[ ! -x "$(command -v curl)" ]]; then
+        fatal "Couldn't find curl installed on the system - please install it first and rerun the script."
+    fi
+
+    if [[ ! -x "$(command -v socat)" ]]; then
+        fatal "Couldn't find socat installed on the system - please install it first and rerun the script."
+    fi
+
+    create_jwt
+    install_nginx
+    install_acmesh
+    install_uberbringer
+
+    info "Uberbringer Service is now installed, install script finished."
+    echo -e "\e[34m[INFO]\e[39m API Token: $JWT_TOKEN"
+}
+
+main