#!/bin/bash set -e DOMAIN=$1 ACME_EMAIL=$2 if [[ "$EUID" -ne 0 ]]; then echo -e "\e[31m[FATAL]\e[39m Currently this script requires being ran as root user - please try again as root." exit 1 fi echo -e "\n\nINSTALL LOG FOR Uberbringer: $(date --rfc-3339=seconds)\n" >> /var/log/uberbringer-install.log info() { echo -e "\e[34m[INFO]\e[39m $1" echo "[INFO] $1" >> /var/log/uberbringer-install.log } debug() { if [[ ! -z "$DEBUG" ]]; then echo -e "\e[96m[DEBUG]\e[39m $1" fi echo "[DEBUG] $1" >> /var/log/uberbringer-install.log } warn() { echo -e "\e[33m[WARNING]\e[39m $1" echo "[WARNING] $1" >> /var/log/uberbringer-install.log } fatal() { echo -e "\e[31m[FATAL]\e[39m $1" echo "[FATAL] $1" >> /var/log/uberbringer-install.log exit 1 } create_jwt(){ jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//) payload=$(echo -n '{"user_id":"uberbringer"}' | base64 | sed s/\+/-/g |sed 's/\//_/g' | sed -E s/=+$//) secret=$(openssl rand -base64 32) hexsecret=$(echo -n "$secret" | xxd -p | paste -sd "") hmac_signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$hexsecret -binary | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//) JWT_TOKEN="${jwt_header}.${payload}.${hmac_signature}" } install_nginx(){ info "Installing nginx..." mkdir -p /etc/nginx/includes cat < /etc/nginx/includes/letsencrypt-webroot location / { alias /var/www/$DOMAIN/; } EOT rm /etc/nginx/sites-enabled/default || true rm /etc/nginx/sites-available/default || true cat < /etc/nginx/sites-available/default.conf server { listen 80; listen [::]:80; server_name $DOMAIN; include includes/letsencrypt-webroot; } EOT ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf || true systemctl enable nginx debug "Starting Nginx..." systemctl restart nginx } install_acmesh() { mkdir -p /etc/letsencrypt/live/$DOMAIN > /dev/null 2>&1 info "Installing Acme.sh..." curl https://get.acme.sh | sh -s email=$ACME_EMAIL info "Issuing SSL Certificate..." /root/.acme.sh/acme.sh --issue -w /var/www/$DOMAIN --keypath /etc/letsencrypt/live/$DOMAIN/privkey.pem --fullchainpath /etc/letsencrypt/live/$DOMAIN/fullchain.pem -d $DOMAIN --reloadcmd "systemctl restart nginx" --force info "Enabling Acme.sh Automatic Upgrade..." /root/.acme.sh/acme.sh --upgrade --auto-upgrade || true cat < /etc/nginx/sites-available/reverse-proxy.conf server { listen 443; listen [::]:443; server_name $DOMAIN; ssl on; ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AES128:EECDH+AES256:+SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RSA+3DES:!DSS'; ssl_prefer_server_ciphers on; # Set the access log location error_log /var/log/nginx/default_error.log; access_log /var/log/nginx/default_access.log; location / { # Set the proxy headers proxy_redirect off; proxy_pass_request_headers on; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$http_host; proxy_set_header Referer \$http_referer; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; # Configure which address the request is proxied to proxy_pass http://127.0.0.1:8080/; proxy_read_timeout 90; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "origin"; } } EOT ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf || true debug "Restarting Nginx..." systemctl restart nginx > /dev/null 2>&1 } install_uberbringer(){ info "Installing Uberbringer web service..." mkdir -p /etc/uberbringer > /dev/null 2>&1 info "Creating Uberbringer config..." cat < /etc/uberbringer/config.toml [webserver] bind_ip = "127.0.0.1" port = 8080 [api] secret = "$secret" EOT info "Downloading uberbringer_linux_amd64..." wget -O uberbringer_linux_amd64.tar https://git.anomalous.dev/57_Wolve/uberbringer/releases/download/latest/uberbringer_linux_amd64.tar || true tar xvf uberbringer_linux_amd64.tar -C /usr/local/bin/ rm uberbringer_linux_amd64.tar.gz > /dev/null 2>&1 || true chmod u+x /usr/local/bin/uberbringer info "Creating uberbringer.service..." cat < /etc/systemd/system/uberbringer.service [Unit] Description=Uberbringer Daemon Wants=network-online.target After=network.target network-online.target [Service] User=root WorkingDirectory=/etc/uberbringer LimitNOFILE=4096 PIDFile=/var/run/uberbringer/daemon.pid ExecStart=/usr/local/bin/uberbringer Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target EOT systemctl daemon-reload > /dev/null 2>&1 || true systemctl enable uberbringer > /dev/null 2>&1 || true debug "Starting Uberbringer Web Service..." systemctl start uberbringer > /dev/null 2>&1 || true } main() { info "Script loaded, starting the install process..." info "Installing curl, socat, xxd, and nginx..." apt install -y nginx curl openssl xxd socat > /dev/null 2>&1 if [[ ! -x "$(command -v nginx)" ]]; then fatal "Couldn't find curl installed on the system - please install it first and rerun the script." fi if [[ ! -x "$(command -v openssl)" ]]; then fatal "Couldn't find openssl installed on the system - please install it first and rerun the script." fi if [[ ! -x "$(command -v curl)" ]]; then fatal "Couldn't find curl installed on the system - please install it first and rerun the script." fi if [[ ! -x "$(command -v socat)" ]]; then fatal "Couldn't find socat installed on the system - please install it first and rerun the script." fi create_jwt install_nginx install_acmesh install_uberbringer info "Uberbringer Service is now installed, install script finished." echo -e "\e[34m[INFO]\e[39m API Token: $JWT_TOKEN" } main