linuxonazure

apache apache-python apache-secure autofs btrfs cdn-django couchdb create delete dhcp dns-bind dns-unbound dotnetcore elasticsearch elasticsearch-secure elasticsearch-secure-nodes hypervcreate iscsi lvm-ext4 lvm-ext4-snapshot lvm-striping lvm-xfs mariadb mongodb mongodb-secure multi nfs nfs4 ntp openldap postfix public-private pxe python-uwsgi-nginx quota quota-xfs raid-crypto-lvm readme redeploy redis samba samba-azure secure-sshd simple simple-managed-disks squid vsftpd

elasticsearch-secure/install.sh

raw link view readme
1 semanage port -a -t http_port_t -p tcp 9200
2
3 yum install firewalld -y
4 systemctl start firewalld
5 systemctl enable firewalld
6 firewall-cmd --permanent --zone=public --add-interface=eth0
7 firewall-cmd --permanent --add-service=http --zone=public
8 firewall-cmd --reload
9
10 yum install java-1.8.0-openjdk.x86_64 -y
11
12 rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
13
14 cat > /etc/yum.repos.d/elasticsearch.repo << EOF
15 [elasticsearch-5.x]
16 name=Elasticsearch repository for 5.x packages
17 baseurl=https://artifacts.elastic.co/packages/5.x/yum
18 gpgcheck=1
19 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
20 enabled=1
21 autorefresh=1
22 type=rpm-md
23 EOF
24
25 yum install elasticsearch -y
26
27 cat > /etc/elasticsearch/elasticsearch.yml << EOF
28 cluster.name: my-search-cluster
29 node.name: search01
30 network.host: 127.0.0.1
31 EOF
32
33 systemctl start elasticsearch
34 systemctl enable elasticsearch
35
36 yum install httpd-tools -y
37
38 htpasswd -b -c /srv/elastic-password dbetz mypassword
39 semanage fcontext -at httpd_sys_content_t "/srv(/.*)?"
40
41 openssl req -nodes -new -x509 -keyout /srv/es.key -out /srv/es.crt << EOF
42
43
44
45
46
47
48
49
50
51 EOF
52
53 cat > /srv/dhparam.pem <<\EOF
54 -----BEGIN DH PARAMETERS-----
55 MIIBCAKCAQEAiUOr3waTs41R0De+e7aqfWUexnfdyXxbntDgkwKvVlDLRVzuM/P/
56 TRppta7SNj+whJXTKeLgitNFfnRChuvlj0/I7ROCxNSPwi6nKtAYd+PJWI1kqsSB
57 yjisRJIJbihnSxy1Hy81Q51VUdy9AYSsN1SnJuWixiONjEAQPB+0Sf8HmoL42RZn
58 gMaPCJOBd/VWkElDZ+RQ0WLfz0K7cuv6KqEIWFoLkCkCofBvdqofFJ4YeNQehgbj
59 4I1N3ldeM9L8fVYY1lhdCtPiJJrmItx35sJKrNs/Hv1Ow0xmnAnVaAYpyBHkamDj
60 bVPcG+tO5ibhw/kY5g/jUvSFATg9qvTBKwIBAg==
61 -----END DH PARAMETERS-----
62 EOF
63
64 restorecon -R /srv
65
66 cat > /etc/yum.repos.d/nginx.repo << EOF
67 [nginx]
68 name=nginx repo
69 baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
70 gpgcheck=0
71 enabled=1
72 EOF
73
74 yum install nginx -y
75
76 export PUBLIC_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
77
78 mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.disabled
79 cat > /etc/nginx/conf.d/elasticsearch.conf << EOF
80 upstream elastic {
81 server 127.0.0.1:9200;
82 }
83 server {
84 #listen $PUBLIC_IP:80;
85 # uncomment stuff to switch to https (and comment above line)
86 listen $PUBLIC_IP:443 ssl http2;
87
88 #server_name azurelab.domain.net;
89
90 ssl on;
91 ssl_certificate /srv/es.crt;
92 ssl_certificate_key /srv/es.key;
93 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
94 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
95 ssl_prefer_server_ciphers on;
96 ssl_dhparam /srv/dhparam.pem;
97 add_header Strict-Transport-Security max-age=15552000;
98
99 location ~ /_count {
100 proxy_pass http://elastic;
101 proxy_http_version 1.1;
102 proxy_set_header Connection "Keep-Alive";
103 proxy_set_header Proxy-Connection "Keep-Alive";
104 }
105
106 location ~ /_search {
107 proxy_pass http://elastic;
108 proxy_http_version 1.1;
109 proxy_set_header Connection "Keep-Alive";
110 proxy_set_header Proxy-Connection "Keep-Alive";
111 }
112
113 location ~ /_ {
114 limit_except OPTIONS {
115 auth_basic "Restricted Access";
116 auth_basic_user_file /srv/elastic-password;
117 }
118
119 proxy_pass http://elastic;
120 proxy_http_version 1.1;
121 proxy_set_header Connection "Keep-Alive";
122 proxy_set_header Proxy-Connection "Keep-Alive";
123 }
124
125 location / {
126 limit_except GET HEAD {
127 auth_basic "Restricted Access";
128 auth_basic_user_file /srv/elastic-password;
129 }
130
131 proxy_pass http://elastic;
132 proxy_http_version 1.1;
133 proxy_set_header Connection "Keep-Alive";
134 proxy_set_header Proxy-Connection "Keep-Alive";
135 }
136 }
137 EOF
138
139 systemctl start nginx
140 systemctl enable nginx
141
142 wget https://linux.azure.david.betz.space/raw/elasticsearch-secure/setup_data_generation.sh -O /root/setup_data_generation.sh
143 chmod +x /root/setup_data_generation.sh
144
apache apache-python apache-secure autofs btrfs cdn-django couchdb create delete dhcp dns-bind dns-unbound dotnetcore elasticsearch elasticsearch-secure elasticsearch-secure-nodes hypervcreate iscsi lvm-ext4 lvm-ext4-snapshot lvm-striping lvm-xfs mariadb mongodb mongodb-secure multi nfs nfs4 ntp openldap postfix public-private pxe python-uwsgi-nginx quota quota-xfs raid-crypto-lvm readme redeploy redis samba samba-azure secure-sshd simple simple-managed-disks squid vsftpd