Linux and DevOps with Vijay

Login to any of your server ( this method does not requires to run commands from a working apache or nginx web server hence you can even run these commands from your workstation line client machine) Create a cloudflare credentials file need your email id and api key of cloudflare login you can get cloudflare api key from login into cloudflare account and nevigating to myprofile -> api tokens -> api keys -> global api key -> view # vim .cloudflarecredentials.ini paste content as bellow # Cloudflare API credentials used by Certbot dns_cloudflare_email = [email protected] dns_cloudflare_api_key = 0123456789abcdef0123456789abcdef01234567 use your mail id and api key in above file save and make it secure # chmod 400 .cloudflarecredentials.ini Now install required package # yum -y install python2-certbot-dns-cloudflare Now run bellow command # certbot certonly --dns-cloudflare --dns-cloudflare-credentials .cloudflarecredentials.ini -d *.mydomain.com replace *.mydomain.com 

Sed & Awk is one of my favorite command when it comes to file data processing using cli. Here is a simple example in which we want to display all columns but except the first one. case - want to save output of history command without numeric serial. $ history | awk '{first = $1; $1 = ""; print $0 }' > history.txt And done.

Login to centos 7 box Install openssl if not present # yum install -y openssl create few directories if not present # mkdir certs newcerts private crl change your directory now # cd /etc/pki/CA create a file # touch index.txt create a seriol file with 01 series index # echo 01 > serial create a randam rand file for certificates # openssl rand -out private/.rand 1000 Create your CA key fill alll the information required with passphrase # openssl genrsa -aes256 -out private/cakey.pem 1024 Create request with this key # openssl req -new -key private/cakey.pem -out private/ca.csr -subj "/C=CN/ST=Maharashtra/L=Pune/O=MyLab/OU=security/CN=mylabadmin" create your CA certificate # openssl x509 -req -days 365 -sha1 -extensions v3_ca -signkey private/cakey.pem -in private/ca.csr -out certs/ca.cer create a server key now # openssl genrsa -aes256 -out private/server-key.pem 1024 create server configuration file with all information prefilled. # vim myserver.conf content will be as bel

Package used         : shellinabox , nginx Repository used        : epel-release Linux distro used    : Centos 7.6 nginx reverse proxy server ip : 192.168.1.65 shellinabox web ssh server ip : 192.168.1.111 login to web ssh server first install epel-repo # yum install epel-release -y install shellinabox package # yum -y install shellinabox start and enable shellinaboxd service # systemctl enable shellinaboxd && systemctl start shellinaboxd By default shellinaboxd service starts with ssl port 4200 for us to run this in a reverse proxy environment need to make this as insecure hence the encryption will be done by nginx to end user. edit file /etc/sysconfig/shellinabox  like bellow- USER=shellinabox GROUP=shellinabox CERTDIR=/var/lib/shellinabox PORT=4200 OPTS="--disable-ssl-menu -s /:LOGIN" OPTS="-t -s /:SSH:192.168.1.111" save file exit and restart service # systemctl restart shellinaboxd Now open firewall for listening port 4200 from nginx proxy server only #

Domain for web access to cockpit : cockpit.mylab.local cockpit server ip : 192.168.1.61 nginx server ip   : 192.168.1.65 Linux distro using is Centos 7.6 Login to cockpit server Create a file [root@repo ~]# vim /etc/cockpit/cockpit.conf content will be like [WebService] Origins = https://cockpit.mylab.local wss://cockpit.mylab.local ProtocolHeader = X-Forwarded-Proto AllowUnencrypted = true save and restart cockpit # systemctl restart cockpit now  login to your nginx webserver and install nginx # yum install nginx -y create a new file vim /etc/nginx/conf.d/cockpit.conf paste content as bellow server {     listen         80;     listen         443 ssl http2;     server_name    cockpit.mylab.local;     ssl_certificate /etc/ssl/certs/cockpit-selfsigned.crt;     ssl_certificate_key  /etc/ssl/private/cockpit-selfsigned.key;     location / {         proxy_pass http://192.168.1.61:9090;         proxy_set_header Host $host;         proxy_http_version 1.1;