devdatt
/
update_deploy_infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

massive update preparation

This commit is contained in:
devdatt 2025-06-17 17:57:00 +05:30
parent 83dfb87a39
commit 06c996f254
13 changed files with 685 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
cdn_setup/setup.sh → setup_server/account.urmic.org.sh
View File

@ -3,19 +3,8 @@ apt install php-fpm php-cli php-mysql php-zip php-gd php-mbstring php-curl php-x
mkdir /etc/ssl/private; mkdir /etc/ssl/private;
mkdir /var/www/account.urmic.org; mkdir /var/www/account.urmic.org;
mkdir /var/www/cdn.urmic.org;
mkdir /var/www/stream.urmic.org;
cat >> /etc/fail2ban/jail.d/nginx.conf<<EOL
[cdn]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/cdn_error.log
maxretry = 5
bantime = 3600
findtime = 600
cat >> /etc/fail2ban/jail.d/account.conf<<EOL
[account] [account]
enabled = true enabled = true
filter = nginx-http-auth filter = nginx-http-auth
@ -24,17 +13,9 @@ logpath = /var/log/nginx/account_error.log
maxretry = 5 maxretry = 5
bantime = 3600 bantime = 3600
findtime = 600 findtime = 600
[stream]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/stream_error.log
maxretry = 5
bantime = 3600
findtime = 600
EOL EOL
cat >> /etc/ssl/private/bundle.crt<<EOL cat >> /etc/ssl/private/bundle.crt<<EOL
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIGlzCCBP+gAwIBAgIRAKfsciVkCheKiiJ6JWprPmIwDQYJKoZIhvcNAQEMBQAw MIIGlzCCBP+gAwIBAgIRAKfsciVkCheKiiJ6JWprPmIwDQYJKoZIhvcNAQEMBQAw
@ -215,65 +196,6 @@ hDQRnrMAG/JH8/UBdwsyt+hRhlInxAl6gA85IAyGtUF0WKCsNuyCHUH7zlkAUrhL
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
EOL EOL
cat >> /etc/nginx/sites-available/cdn.urmic.org<<EOL
server {
listen 80;
listen [::]:80;
server_name cdn.urmic.org;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cdn.urmic.org;
root /var/www/cdn.urmic.org;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/private/bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Limit Request Methods
if (\$request_method !~ ^(GET|HEAD|POST)$) {
return 444;
}
# Apply rate limiting (defined in nginx.conf)
limit_req zone=cdnlimit burst=25 nodelay;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Adjust PHP version if different
}
# Deny access to hidden files
location ~ /\.(?!well-known).* {
deny all;
}
# Block common bots and scanners
if (\$http_user_agent ~* (wget|curl|bot|scanner|spider|python|libwww-perl)) {
return 403;
}
access_log /var/log/nginx/cdn_access.log;
error_log /var/log/nginx/cdn_error.log;
}
EOL
cat >> /etc/nginx/sites-available/account.urmic.org<<EOL cat >> /etc/nginx/sites-available/account.urmic.org<<EOL
server { server {
@ -336,69 +258,15 @@ server {
} }
EOL EOL
cat >> /etc/nginx/sites-available/stream.urmic.org<<EOL
server {
listen 80;
server_name stream.urmic.org;
# Redirect HTTP to HTTPS
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
server_name stream.urmic.org;
ssl_certificate /etc/ssl/private/bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Proxy all requests to Icecast
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_buffering off;
}
access_log /var/log/nginx/stream_access.log;
error_log /var/log/nginx/stream_error.log;
}
EOL
ln -s /etc/nginx/sites-available/account.urmic.org /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/account.urmic.org /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/cdn.urmic.org /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/stream.urmic.org /etc/nginx/sites-enabled/
cat >> /var/www/account.urmic.org/index.php<<EOL cat >> /var/www/account.urmic.org/index.php<<EOL
<?php <?php
phpinfo(); phpinfo();
EOL EOL
cat >> /var/www/cdn.urmic.org/index.php<<EOL
<?php
phpinfo();
EOL
cat >> /var/www/stream.urmic.org/index.php<<EOL
<?php
phpinfo();
EOL
systemctl restart nginx; systemctl restart nginx;
systemctl enable fail2ban systemctl enable fail2ban
systemctl restart fail2ban systemctl restart fail2ban

266
setup_server/cdn.urmic.org.sh Normal file
View File

@ -0,0 +1,266 @@
apt install nginx fail2ban -y;
apt install php-fpm php-cli php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath -y
mkdir /etc/ssl/private;
mkdir /var/www/cdn.urmic.org;
cat >> /etc/fail2ban/jail.d/cdn.conf<<EOL
[cdn]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/cdn_error.log
maxretry = 5
bantime = 3600
findtime = 600
EOL
cat >> /etc/ssl/private/bundle.crt<<EOL
-----BEGIN CERTIFICATE-----
MIIGlzCCBP+gAwIBAgIRAKfsciVkCheKiiJ6JWprPmIwDQYJKoZIhvcNAQEMBQAw
YDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBQdWJsaWMgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBIERWIFIz
NjAeFw0yNTA2MTQwMDAwMDBaFw0yNjA2MTQyMzU5NTlaMBgxFjAUBgNVBAMTDWNk
bi51cm1pYy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJjz97
Q0FEsQmaczaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3
792ENwhgIRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+
Ydv+xXph3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQ
kEI/vZWqThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvW
lrd9nPCt1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC
5wbokg4C53i9nd+fAgMBAAGjggMSMIIDDjAfBgNVHSMEGDAWgBRowBIWGA6vzvaH
pjJXo0ZRXcsHJzAdBgNVHQ4EFgQUEcG11BpxNF+JQV5UhtL5gdTeGyowDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYX
aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4
MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1
YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FEVlIzNi5jcnQwIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFo
AWYAdgCWl2S/VViXrfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZdsLUXYAAAE
AwBHMEUCIQCcACsQTKLkAlsDvB4dMjIcLbGTcNMoLO0WqfBLsdzLBgIgLHi/p8ln
5M+iitGp8w0IkAkyHLHIeXm06zwvymmDX3IAdQAZhtTHKKpv/roDb3gqTQGRqs4t
cjEPrs5dcEEtJUzH1AAAAZdsLUW8AAAEAwBGMEQCIBRvDR4MLOgSfX1R6I4gywme
H3HR1zgSJ2cwX7Hp70w9AiAR3jY2cullIDsZa87/jEQY+Z8Uj9X0HFNBeM9DOCJL
+AB1AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4hAAABl2wtRbgAAAQD
AEYwRAIgTsvGnb93NiOa+Atg/gEj6vVuHdVwmK7E4BKnBfYmYpwCIDKN58QMd5XZ
7feKLhBHFXdosKiS/UAYuTfPpEoEbARBMD0GA1UdEQQ2MDSCDWNkbi51cm1pYy5v
cmeCEWFjY291bnQudXJtaWMub3JnghBzdHJlYW0udXJtaWMub3JnMA0GCSqGSIb3
DQEBDAUAA4IBgQB+Myp/1oM3PdbzgYgihyYN6nsGAiX9Bri5xzJe+ey/70gYgzzs
vJ7ZWzCXXanoRs8idIFJUUuj+runqY2zVbU6gHEflWAKmyIwiM9+XRSoF3SUb3yh
vf2mS+FZzazu3IXD24G+FpUsNjMHiDv+Ck9awZfzckAGlRLH3EghpZ4g4ADNBdXN
K4c92/g5yCIhu16go//1VC3OV9xWRDEix1xNoxIPMM8wTCCZY6Rq86DDBbKLeayx
blboVuXaexIclTbLcrWZ0x/mkXMzRuFz2MMPKd+z6N6j4lOGsotPLqUbskoqgf+k
kxUizk1OlHEsoHakTFxguIWlnHH3r1NnOEb3dOukMsH+IyLOv4M8t1ADQ5E26vLQ
883ZK5ON9xFR8Vq6jVc6CNRbtFqBInhQHpzazJZ7h+6xpYfgCMUuwzKOllxErS6R
yLWcYzt2qt9cpab8C/DuUqdj5LQLdmSBnO529GERt2HHqE7fcAISA7ycCPCGb/Mi
ef0pPfxF87jbdzo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf
MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD
Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw
HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY
MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp
YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B
AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq
RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH
12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja
EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm
M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv
38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB
pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn
2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN
xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk
lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw
DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw
VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv
UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH
AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp
Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA
YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8
ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d
q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF
h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH
5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD
4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd
unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536
WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l
7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW
r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh
JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGlTCCBH2gAwIBAgIRANJ/u8HeNZ5SFq1hSVhgmcQwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIx
MDMyMjAwMDAwMFoXDTM4MDExODIzNTk1OVowXzELMAkGA1UEBhMCR0IxGDAWBgNV
BAoTD1NlY3RpZ28gTGltaXRlZDE2MDQGA1UEAxMtU2VjdGlnbyBQdWJsaWMgU2Vy
dmVyIEF1dGhlbnRpY2F0aW9uIFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAk77VNlJ12AEjoBxHQknuY7a3If3EldVIKyZ8FFMQ2nn9K7ct
pNQs+uoy3UnCub0PSD17WphUr55dMXRPB/xQId2kz2hPGxJjbSWZTCqZ80gwYfqB
fB6nCErcPiscHxhMcao1jK34bug7StnllALWiYQTqm3ITzPMUJY3kjPcX4jnn1TZ
SPCYQ9Zm/Z8XOEPFAVEL1+MjDxRdWxTnS77d9MjaAzfR1jmhIVEwg7Bt1zBOlluR
8HAkq79FgWRDDb0hOi886Z4NyyC1QifM2m+b7mQwkDnNk2WBITG1I1AzNyLjOO34
MTDMRf5i+dFdMnlCh99qzFYZQE3Oqrv5tXZJlPEn+JGlg+UGs2MOgNzgElWApjtm
tDmHLcjw0NEU6eQNTQ72XVdyxTscR1ad4tX7gWGMzE2AkDRbt9cUddzYBEifwMEo
iLTpHMqnsfFWt3tJTFnlIBWohAIp+jiUaZpJBo/NH3kUFxIMg3reH7GX7vmXeCik
yESS6X0mBaZYcpt5E9gRX67FOGI0aLKGMI74kGGeMmz1BzbNokxu7Io27fLmmRVE
cMN8vJw5wLTha/eDJSNX2RKA5UnwdQ/vjescm1QotCE8/HwK/+97a3X/ix2gGQWr
+vgrgULoOLq7+6r9PeDzyt9Ol5cp7fMYVumllqy9w5CYsuD5otSmR0N8bc8CAwEA
AaOCASAwggEcMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1Ud
DgQWBBRWc1hklfmSGrASKgRieaFAFYghSTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYDVR0g
BAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRy
dXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDA1
BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVz
dC5jb20wDQYJKoZIhvcNAQEMBQADggIBADpvBIlq7bMU0cFDT/9P9+BsgCkRgQs0
S6Bf7vJSlWMHwby0VGvxCS0hrbi0K2BINZbEbsVsgpQq04431yyoVn3Hldorgq24
RldRDOOipEZDTFB9wC9HYt1thHF00XeG2C8KC1plwoEzKAIhPvefI/C3cT0CfTXJ
uFjUbKIgSwjNjw6YHtLgoy/hd5+JLUlLco/gzFX/qWbT7tEquOMYpsNKWZj8TLqP
q6zMiG4Na6feEZte6YPXGrMWlTWN341vDedc+yxQqSug79HJUQcOZs7KyDWztmae
QxsPE49UV/8XwrfZtZaYyrs4FpD94Z4Q8dzXGL8+qEJjxgcza7W6PROaClubavd1
VKPm8+aCW77u7SxpR2TFGL6kPdxsKyFijpcunR5V79sUyROfNdzjrAcFWZXK8sbb
9FlnwuVG677JLv+ZVTX5AxLvW5OB4zt5uS+zB62wJ/Wv+jXGAttSAcJec4iFgCWH
Rvdi/jJoSzRLa3nEzx6pFIzclSCnh0u1xCeLcUBypSiPga8W+6PkuoyQq8U9qs9E
oxG5NvrvlyshwUS9yvcZRGw7Ljlx4jJH/BhIPR8kIBCQj1vna9TziZOrw1Of8hDU
bHKFG9Pm8Dp2vbjz/2JH39qvxshPKVllGfq+5klPm7yZRUYTiCMAbqwNdL/nsqF2
Rnnyp58XRStJ
-----END CERTIFICATE-----
EOL
cat >> /etc/ssl/private/server.key<<EOL
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJjz97Q0FEsQma
czaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3792ENwhg
IRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+Ydv+xXph
3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQkEI/vZWq
ThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvWlrd9nPCt
1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC5wbokg4C
53i9nd+fAgMBAAECggEAF7LFgn8mWea829GHDUP5zbvGQSyIT9Jp2SfNwFKhwq/S
ujzN0idX+m28ml7tP5XR2S7eP2uu7mAwFmldXJvlvOIJqaH9JldWDVL4gluNVWfQ
QrujNlA3OEXkNNSommy0IY7hIs1LuflLCd2PGhlmLyhqLWZnj9tqqRaucWr+RgGk
47453Cw0eoklhujPSw3dQnV5tQp6ATzOxmCTp7o7rgU6JXC3FUFSqbgCtPMO0kj7
p7cAtM5hAFhViNRospmUiYhv0pilvlaIRKs1mc0O76ppnX1fLQqUSYBRylhAjeVN
C1RENbRwe+jnQ6zfpv6OBuqIDpsvZW25TqN3ke1/hQKBgQDvI8HSxX3JUcOWAjqo
19XC4TEtWpGtaMHTCm897HmZdb6vRrJBMNPR66oT9zOAmkneql1YGT9IbBcPG2uQ
AhWBu4Epid7hBjyLfD0Xy83iCfkc8tGcVTcKau7oF+qoOa0nkP7FJaxx5C+XKUcv
HWiMezIgukJ+IOEUO68FteUb/QKBgQDXxTSm0W9LPlnQD/gLdrj3jPuzor1hND8n
GfQUsnSOMdbWa9tQOs2e41FPlK9UB6lJHYXfthB0VPzRVG9BX1/vDz69FjM7v0dT
Ml8NpqQ3SGsCBmKItSyKBh9ZstH+Z3FDVdZt9pNaDMKWDWAE//yHOpjEcacTZjpD
EqCt/OfGywKBgBWKI/gnH7hVbAeD9eKlZjSicfqC0OJMsEChDPoH5cAD0gQZmw6y
JjIfRvd7aaEoxISQ1c2MoJ2WVtFeh+a1uVgxGmYya+fa1vM9YodVLRsyCMUpveWV
61o93Xz8Qn+ailUpAzmgthKgGgVEi4vb20HkCtTV0g1oSr22zoH2K0fFAoGBANJW
hQgl3Bd+lbD1EDmkp5Vy0x9/gpvSgcnNTBotCOBhB2yJQgdI+49rS6WHbQ8+VLFY
3VuCsTGmc7pgVABnSC7ULrXHgXQ59/7LeMvm6eiWaPJVZRKdguieJUucvYcCMfCR
KfKST3yWOc5rBXJ6VSNCZRADNvr7Scp+yzIw+4TXAoGAA9/CSnYr1/ifU1NjDOQ3
hDQRnrMAG/JH8/UBdwsyt+hRhlInxAl6gA85IAyGtUF0WKCsNuyCHUH7zlkAUrhL
1d756qZ7URF4GbvGAQctzst6RbgUBAJTocm4AZg6+GLh8FzAt1ynJkZ7a4TtEy4u
/t5OaZy7FsC5O6LpMGFK318=
-----END PRIVATE KEY-----
EOL
cat >> /etc/nginx/sites-available/cdn.urmic.org<<EOL
server {
listen 80;
listen [::]:80;
server_name cdn.urmic.org;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cdn.urmic.org;
root /var/www/cdn.urmic.org;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/private/bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Limit Request Methods
if (\$request_method !~ ^(GET|HEAD|POST)$) {
return 444;
}
# Apply rate limiting (defined in nginx.conf)
limit_req zone=cdnlimit burst=25 nodelay;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Adjust PHP version if different
}
# Deny access to hidden files
location ~ /\.(?!well-known).* {
deny all;
}
# Block common bots and scanners
if (\$http_user_agent ~* (wget|curl|bot|scanner|spider|python|libwww-perl)) {
return 403;
}
access_log /var/log/nginx/cdn_access.log;
error_log /var/log/nginx/cdn_error.log;
}
EOL
ln -s /etc/nginx/sites-available/cdn.urmic.org /etc/nginx/sites-enabled/
cat >> /var/www/cdn.urmic.org/index.php<<EOL
<?php
phpinfo();
EOL
systemctl restart nginx;
systemctl enable fail2ban
systemctl restart fail2ban

18
setup_server/deploy.sh Normal file
View File

@ -0,0 +1,18 @@
cdn_ips=("172.16.99.182" "172.16.99.183" "172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187")
for ip in "${cdn_ips[@]}"; do
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip 'bash -s' < ./cdn.urmic.org.sh
echo "Current ip: $ip"
done
account_ips=("172.16.99.182" "172.16.99.183" "172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187")
for ip in "${account_ips[@]}"; do
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip 'bash -s' < ./account.urmic.org.sh
echo "Current ip: $ip"
done
stream_ips=("172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187")
for ip in "${stream_ips[@]}"; do
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip 'bash -s' < ./stream.urmic.org.sh
echo "Current ip: $ip"
done

0
id_rsa → setup_server/id_rsa
View File

253
setup_server/stream.urmic.org.sh Normal file
View File

@ -0,0 +1,253 @@
apt install nginx fail2ban -y;
apt install php-fpm php-cli php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath -y
mkdir /etc/ssl/private;
mkdir /var/www/stream.urmic.org;
cat >> /etc/fail2ban/jail.d/stream.conf<<EOL
[stream]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/stream_error.log
maxretry = 5
bantime = 3600
findtime = 600
EOL
cat >> /etc/ssl/private/bundle.crt<<EOL
-----BEGIN CERTIFICATE-----
MIIGlzCCBP+gAwIBAgIRAKfsciVkCheKiiJ6JWprPmIwDQYJKoZIhvcNAQEMBQAw
YDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBQdWJsaWMgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBIERWIFIz
NjAeFw0yNTA2MTQwMDAwMDBaFw0yNjA2MTQyMzU5NTlaMBgxFjAUBgNVBAMTDWNk
bi51cm1pYy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJjz97
Q0FEsQmaczaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3
792ENwhgIRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+
Ydv+xXph3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQ
kEI/vZWqThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvW
lrd9nPCt1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC
5wbokg4C53i9nd+fAgMBAAGjggMSMIIDDjAfBgNVHSMEGDAWgBRowBIWGA6vzvaH
pjJXo0ZRXcsHJzAdBgNVHQ4EFgQUEcG11BpxNF+JQV5UhtL5gdTeGyowDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYX
aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4
MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1
YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FEVlIzNi5jcnQwIwYIKwYBBQUHMAGG
F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFo
AWYAdgCWl2S/VViXrfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZdsLUXYAAAE
AwBHMEUCIQCcACsQTKLkAlsDvB4dMjIcLbGTcNMoLO0WqfBLsdzLBgIgLHi/p8ln
5M+iitGp8w0IkAkyHLHIeXm06zwvymmDX3IAdQAZhtTHKKpv/roDb3gqTQGRqs4t
cjEPrs5dcEEtJUzH1AAAAZdsLUW8AAAEAwBGMEQCIBRvDR4MLOgSfX1R6I4gywme
H3HR1zgSJ2cwX7Hp70w9AiAR3jY2cullIDsZa87/jEQY+Z8Uj9X0HFNBeM9DOCJL
+AB1AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4hAAABl2wtRbgAAAQD
AEYwRAIgTsvGnb93NiOa+Atg/gEj6vVuHdVwmK7E4BKnBfYmYpwCIDKN58QMd5XZ
7feKLhBHFXdosKiS/UAYuTfPpEoEbARBMD0GA1UdEQQ2MDSCDWNkbi51cm1pYy5v
cmeCEWFjY291bnQudXJtaWMub3JnghBzdHJlYW0udXJtaWMub3JnMA0GCSqGSIb3
DQEBDAUAA4IBgQB+Myp/1oM3PdbzgYgihyYN6nsGAiX9Bri5xzJe+ey/70gYgzzs
vJ7ZWzCXXanoRs8idIFJUUuj+runqY2zVbU6gHEflWAKmyIwiM9+XRSoF3SUb3yh
vf2mS+FZzazu3IXD24G+FpUsNjMHiDv+Ck9awZfzckAGlRLH3EghpZ4g4ADNBdXN
K4c92/g5yCIhu16go//1VC3OV9xWRDEix1xNoxIPMM8wTCCZY6Rq86DDBbKLeayx
blboVuXaexIclTbLcrWZ0x/mkXMzRuFz2MMPKd+z6N6j4lOGsotPLqUbskoqgf+k
kxUizk1OlHEsoHakTFxguIWlnHH3r1NnOEb3dOukMsH+IyLOv4M8t1ADQ5E26vLQ
883ZK5ON9xFR8Vq6jVc6CNRbtFqBInhQHpzazJZ7h+6xpYfgCMUuwzKOllxErS6R
yLWcYzt2qt9cpab8C/DuUqdj5LQLdmSBnO529GERt2HHqE7fcAISA7ycCPCGb/Mi
ef0pPfxF87jbdzo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf
MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD
Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw
HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY
MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp
YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B
AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq
RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH
12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja
EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm
M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv
38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB
pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn
2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN
xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk
lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw
DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw
VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv
UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH
AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp
Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA
YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8
ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d
q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF
h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH
5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD
4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd
unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536
WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l
7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW
r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh
JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGlTCCBH2gAwIBAgIRANJ/u8HeNZ5SFq1hSVhgmcQwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIx
MDMyMjAwMDAwMFoXDTM4MDExODIzNTk1OVowXzELMAkGA1UEBhMCR0IxGDAWBgNV
BAoTD1NlY3RpZ28gTGltaXRlZDE2MDQGA1UEAxMtU2VjdGlnbyBQdWJsaWMgU2Vy
dmVyIEF1dGhlbnRpY2F0aW9uIFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEAk77VNlJ12AEjoBxHQknuY7a3If3EldVIKyZ8FFMQ2nn9K7ct
pNQs+uoy3UnCub0PSD17WphUr55dMXRPB/xQId2kz2hPGxJjbSWZTCqZ80gwYfqB
fB6nCErcPiscHxhMcao1jK34bug7StnllALWiYQTqm3ITzPMUJY3kjPcX4jnn1TZ
SPCYQ9Zm/Z8XOEPFAVEL1+MjDxRdWxTnS77d9MjaAzfR1jmhIVEwg7Bt1zBOlluR
8HAkq79FgWRDDb0hOi886Z4NyyC1QifM2m+b7mQwkDnNk2WBITG1I1AzNyLjOO34
MTDMRf5i+dFdMnlCh99qzFYZQE3Oqrv5tXZJlPEn+JGlg+UGs2MOgNzgElWApjtm
tDmHLcjw0NEU6eQNTQ72XVdyxTscR1ad4tX7gWGMzE2AkDRbt9cUddzYBEifwMEo
iLTpHMqnsfFWt3tJTFnlIBWohAIp+jiUaZpJBo/NH3kUFxIMg3reH7GX7vmXeCik
yESS6X0mBaZYcpt5E9gRX67FOGI0aLKGMI74kGGeMmz1BzbNokxu7Io27fLmmRVE
cMN8vJw5wLTha/eDJSNX2RKA5UnwdQ/vjescm1QotCE8/HwK/+97a3X/ix2gGQWr
+vgrgULoOLq7+6r9PeDzyt9Ol5cp7fMYVumllqy9w5CYsuD5otSmR0N8bc8CAwEA
AaOCASAwggEcMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1Ud
DgQWBBRWc1hklfmSGrASKgRieaFAFYghSTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYDVR0g
BAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRy
dXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDA1
BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVz
dC5jb20wDQYJKoZIhvcNAQEMBQADggIBADpvBIlq7bMU0cFDT/9P9+BsgCkRgQs0
S6Bf7vJSlWMHwby0VGvxCS0hrbi0K2BINZbEbsVsgpQq04431yyoVn3Hldorgq24
RldRDOOipEZDTFB9wC9HYt1thHF00XeG2C8KC1plwoEzKAIhPvefI/C3cT0CfTXJ
uFjUbKIgSwjNjw6YHtLgoy/hd5+JLUlLco/gzFX/qWbT7tEquOMYpsNKWZj8TLqP
q6zMiG4Na6feEZte6YPXGrMWlTWN341vDedc+yxQqSug79HJUQcOZs7KyDWztmae
QxsPE49UV/8XwrfZtZaYyrs4FpD94Z4Q8dzXGL8+qEJjxgcza7W6PROaClubavd1
VKPm8+aCW77u7SxpR2TFGL6kPdxsKyFijpcunR5V79sUyROfNdzjrAcFWZXK8sbb
9FlnwuVG677JLv+ZVTX5AxLvW5OB4zt5uS+zB62wJ/Wv+jXGAttSAcJec4iFgCWH
Rvdi/jJoSzRLa3nEzx6pFIzclSCnh0u1xCeLcUBypSiPga8W+6PkuoyQq8U9qs9E
oxG5NvrvlyshwUS9yvcZRGw7Ljlx4jJH/BhIPR8kIBCQj1vna9TziZOrw1Of8hDU
bHKFG9Pm8Dp2vbjz/2JH39qvxshPKVllGfq+5klPm7yZRUYTiCMAbqwNdL/nsqF2
Rnnyp58XRStJ
-----END CERTIFICATE-----
EOL
cat >> /etc/ssl/private/server.key<<EOL
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJjz97Q0FEsQma
czaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3792ENwhg
IRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+Ydv+xXph
3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQkEI/vZWq
ThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvWlrd9nPCt
1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC5wbokg4C
53i9nd+fAgMBAAECggEAF7LFgn8mWea829GHDUP5zbvGQSyIT9Jp2SfNwFKhwq/S
ujzN0idX+m28ml7tP5XR2S7eP2uu7mAwFmldXJvlvOIJqaH9JldWDVL4gluNVWfQ
QrujNlA3OEXkNNSommy0IY7hIs1LuflLCd2PGhlmLyhqLWZnj9tqqRaucWr+RgGk
47453Cw0eoklhujPSw3dQnV5tQp6ATzOxmCTp7o7rgU6JXC3FUFSqbgCtPMO0kj7
p7cAtM5hAFhViNRospmUiYhv0pilvlaIRKs1mc0O76ppnX1fLQqUSYBRylhAjeVN
C1RENbRwe+jnQ6zfpv6OBuqIDpsvZW25TqN3ke1/hQKBgQDvI8HSxX3JUcOWAjqo
19XC4TEtWpGtaMHTCm897HmZdb6vRrJBMNPR66oT9zOAmkneql1YGT9IbBcPG2uQ
AhWBu4Epid7hBjyLfD0Xy83iCfkc8tGcVTcKau7oF+qoOa0nkP7FJaxx5C+XKUcv
HWiMezIgukJ+IOEUO68FteUb/QKBgQDXxTSm0W9LPlnQD/gLdrj3jPuzor1hND8n
GfQUsnSOMdbWa9tQOs2e41FPlK9UB6lJHYXfthB0VPzRVG9BX1/vDz69FjM7v0dT
Ml8NpqQ3SGsCBmKItSyKBh9ZstH+Z3FDVdZt9pNaDMKWDWAE//yHOpjEcacTZjpD
EqCt/OfGywKBgBWKI/gnH7hVbAeD9eKlZjSicfqC0OJMsEChDPoH5cAD0gQZmw6y
JjIfRvd7aaEoxISQ1c2MoJ2WVtFeh+a1uVgxGmYya+fa1vM9YodVLRsyCMUpveWV
61o93Xz8Qn+ailUpAzmgthKgGgVEi4vb20HkCtTV0g1oSr22zoH2K0fFAoGBANJW
hQgl3Bd+lbD1EDmkp5Vy0x9/gpvSgcnNTBotCOBhB2yJQgdI+49rS6WHbQ8+VLFY
3VuCsTGmc7pgVABnSC7ULrXHgXQ59/7LeMvm6eiWaPJVZRKdguieJUucvYcCMfCR
KfKST3yWOc5rBXJ6VSNCZRADNvr7Scp+yzIw+4TXAoGAA9/CSnYr1/ifU1NjDOQ3
hDQRnrMAG/JH8/UBdwsyt+hRhlInxAl6gA85IAyGtUF0WKCsNuyCHUH7zlkAUrhL
1d756qZ7URF4GbvGAQctzst6RbgUBAJTocm4AZg6+GLh8FzAt1ynJkZ7a4TtEy4u
/t5OaZy7FsC5O6LpMGFK318=
-----END PRIVATE KEY-----
EOL
cat >> /etc/nginx/sites-available/stream.urmic.org<<EOL
server {
listen 80;
server_name stream.urmic.org;
# Redirect HTTP to HTTPS
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
server_name stream.urmic.org;
ssl_certificate /etc/ssl/private/bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Proxy all requests to Icecast
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_buffering off;
}
access_log /var/log/nginx/stream_access.log;
error_log /var/log/nginx/stream_error.log;
}
EOL
ln -s /etc/nginx/sites-available/stream.urmic.org /etc/nginx/sites-enabled/
cat >> /var/www/stream.urmic.org/index.php<<EOL
<?php
phpinfo();
EOL
systemctl restart nginx;
systemctl enable fail2ban
systemctl restart fail2ban

93
update_deployed/id_rsa Normal file
View File

@ -0,0 +1,93 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAEFwAAAAdzc2gtcn
NhAAAAAwEAAQAABAEAqzNtPyq3XR4enbgFQbAY2fjeBeo5REbClntAZ5PpV4q5mYhh4Mfv
H2V0fNaD5dHhwYDXTbOegiJwDRS411NdW5PHgQ7Oe/WI7rJsMn/19cVqN7p9sllj92JPqf
sQgRvdiXBY6g+/JvFk36SRJ73Ywa9iH8dHxXABzNRqbQY6W0Tr2Ts25cVadzh98oXbBJKH
47HOtUMCl5F85j8LHQHA+Rmeag8K8lDwK05mpACx0bCHArBMxhO8IF5i+NoUt+FTI6CK39
k9E5h7AMKmkxDWGFFe4L/TbXyrmNkyiKVssYMURr/6edq4cLhkwJQfCwE/MzEvOtiF4vGX
3frBXH6AOlZqaEv2ylLcY2Hh1ekYWm9nG/XH/TvLrlD38PWjgrBhFaqdmiJbpx/XIhY0G6
FmTPC8JvpnIjB1mMQ6mNUrZhcG7Vu9WrsG6yCAkvoxTuoBexbTmnNNhR5OLU7LYhg1ggR9
rDHVAX6xoxtPFmL2CqPFGhd0swyGPgiQMur3GPJ8H0LR+WTA4BxqfE6d0slZyqaxxB9Spc
b8qt8o3TjdMngQqXOyLicBL1fYF87RbXrqgjzD18U1mqV59ltM/QBYu4MBt8EzqF2VaXGF
9/XWyFmXOKh0AztvnK87iQoJjkOMpE2cb6VA0ARCVXufwupfPWVqicS2JUloBoUGztL50O
lfq1vzBRSwujAVuIqeKqE7UErydJ8joFYtE99V90fHd6TGTVNe+9+2yAWPQ2NLginngy2u
lmHpzgiBYBgGk4Bjifnd3GiS40lXD6c1NsJdU/R3tbmXK5FgpbnsgKnYUgU5TrA6GbRu4c
mj/GcBiL7F0F/344hkD0FyJOKpQt/SKDjhxoy10LjoRaksWOskpwFLw1TDDP3qQzULYaDA
8ASFL6Aym2vV7eIuh+I27TP9eB4NCHBOaf5LBaG++xLYHHYETYaKr1Re2fWPH1ulzqYGT6
7ncBBWvSsuSoLAFUHlupOjeX2O9RHYbLvYmR2WCErhlSt7Osf9lIOwFRcBHNDVMZSWKtbB
9IALUkfoK1Lg+3Y+dMzenFQhd6kd+sRVnAxIgpyc7yENCvWS7Wps5nTxPxuiq3UDNKvh0A
OeAF3vwdzFMwrfMVMxtolXZcDfvpavOfTa2dgjc9Tli7+c6R9IuxXWCGK7HuD/FvcyDqJS
w7PEWyDaUrDHAbihVyfthtzKr0F4ma3O0FtJ9IAp+MnpoVUHlskedAGrvwjIhkNlGofKCI
MPaJSMOqSnkY38mlwsA1oEsrIJToVgKBp1/u/WxFEFODl4dnNMPY5ElZj4bj1WnB+86z12
FO/jSTAJjjvB0J9Zq22H+M7rkbZ2bRJuo0LvsV9U6IH1MwrcZVX8IwAADkCEhJF9hISRfQ
AAAAdzc2gtcnNhAAAEAQCrM20/KrddHh6duAVBsBjZ+N4F6jlERsKWe0Bnk+lXirmZiGHg
x+8fZXR81oPl0eHBgNdNs56CInANFLjXU11bk8eBDs579Yjusmwyf/X1xWo3un2yWWP3Yk
+p+xCBG92JcFjqD78m8WTfpJEnvdjBr2Ifx0fFcAHM1GptBjpbROvZOzblxVp3OH3yhdsE
kofjsc61QwKXkXzmPwsdAcD5GZ5qDwryUPArTmakALHRsIcCsEzGE7wgXmL42hS34VMjoI
rf2T0TmHsAwqaTENYYUV7gv9NtfKuY2TKIpWyxgxRGv/p52rhwuGTAlB8LAT8zMS862IXi
8Zfd+sFcfoA6VmpoS/bKUtxjYeHV6Rhab2cb9cf9O8uuUPfw9aOCsGEVqp2aIlunH9ciFj
QboWZM8Lwm+mciMHWYxDqY1StmFwbtW71auwbrIICS+jFO6gF7FtOac02FHk4tTstiGDWC
BH2sMdUBfrGjG08WYvYKo8UaF3SzDIY+CJAy6vcY8nwfQtH5ZMDgHGp8Tp3SyVnKprHEH1
Klxvyq3yjdON0yeBCpc7IuJwEvV9gXztFteuqCPMPXxTWapXn2W0z9AFi7gwG3wTOoXZVp
cYX39dbIWZc4qHQDO2+crzuJCgmOQ4ykTZxvpUDQBEJVe5/C6l89ZWqJxLYlSWgGhQbO0v
nQ6V+rW/MFFLC6MBW4ip4qoTtQSvJ0nyOgVi0T31X3R8d3pMZNU17737bIBY9DY0uCKeeD
La6WYenOCIFgGAaTgGOJ+d3caJLjSVcPpzU2wl1T9He1uZcrkWClueyAqdhSBTlOsDoZtG
7hyaP8ZwGIvsXQX/fjiGQPQXIk4qlC39IoOOHGjLXQuOhFqSxY6ySnAUvDVMMM/epDNQth
oMDwBIUvoDKba9Xt4i6H4jbtM/14Hg0IcE5p/ksFob77EtgcdgRNhoqvVF7Z9Y8fW6XOpg
ZPrudwEFa9Ky5KgsAVQeW6k6N5fY71Edhsu9iZHZYISuGVK3s6x/2Ug7AVFwEc0NUxlJYq
1sH0gAtSR+grUuD7dj50zN6cVCF3qR36xFWcDEiCnJzvIQ0K9ZLtamzmdPE/G6KrdQM0q+
HQA54AXe/B3MUzCt8xUzG2iVdlwN++lq859NrZ2CNz1OWLv5zpH0i7FdYIYrse4P8W9zIO
olLDs8RbINpSsMcBuKFXJ+2G3MqvQXiZrc7QW0n0gCn4yemhVQeWyR50Aau/CMiGQ2Uah8
oIgw9olIw6pKeRjfyaXCwDWgSysglOhWAoGnX+79bEUQU4OXh2c0w9jkSVmPhuPVacH7zr
PXYU7+NJMAmOO8HQn1mrbYf4zuuRtnZtEm6jQu+xX1TogfUzCtxlVfwjAAAAAwEAAQAABA
AvDLwaXwfznGJ3n+o56kZ6KQ4DfCJu5C94IblKffjj6Skmy7dyih/qdfx0jpPDJlIv1tPU
8+c9Bm/a+HXwH2YJ0+xBSKtwn8MZLonTux0ChVWyqRsAV9bEVw1jvq8DfH/+1JRrBxbWgg
Lh/50w2djnKecCqsbLuQOVok75VXvWN3PFyKNGtF0vZKQgca8Ga6rS5bvUTu04cHBt6qeI
OkIpc2P469drTtkiXbKRoes8oJIKKB+BVE0gbDAxCeYlvtQVd3qTGGXTq9UqGVSkGD1ug3
Zat/1IGroiEJb1vNjJVCfPZdVVhcmomNR/pHV/lcEjtYGwX280NocxJ0favp1I6xTlQvM5
GVqeKXliS2Q4/mLM6Vgj/Tn11yS84RUlxol35eLYSFb98B80q/t4GHw/6u0anTiYyc6XxF
4CQJtjvDJYKx04ASxelBkhy4aflGoBxP00djm4uuJrSztT4ylZaRiMqUlL1uDE3a13jozl
0apKiGW3C1sdU0cl5zMvdPytrrR8ILdtIAIX1ZdEJbf6nKNALgeNrckkwJ2/ZnBL/Xk+yK
AQVQHbW/30VQ9zUhN+5WpBM16O+KkzDlZzNZQtPEzNjlg/DjEQwHU79yEnAJAxrwHrHXuI
CRSIjeygX2oYgYfbmwPb5z+/tHDspXK1Mdj8scYJK0peeFKtpoenZPghChWkh8fZwaX1nK
PoTHZKQ6fExi+Yr9dmUhHmcCy7DI3zXhE0KOWIQl503tDWH8AjRaj70nNZ6iFL6wsOIvyn
WDUyISiRDu1iBEl1EpF4esu6S05ct9zG5YQmwtU1pxs6WWMsmBWgYRI0B4c38Psr8pKXSl
ddHsg/RMLarz5CFbkJQlJi7Wu5yfpZ1aXPinx1h/yDt253xJA5GMJ10WS/KyIlBByRiiNX
R/MEWj9RHRsADRJAcIcBl37fv7TteVbLHIhiVG0nKWKHfFdgcFxFQIE11l1GRW11J0t4w2
xMVO5IP9/0IQs1KslOorK9EUIbf8mFGFhWKxjgX8q20/MLSz35OkiuxPx7lgHvLB226zCj
pQBCd+GXjeoK3m4eJYmJiPDlOxBFm0kWUq5u5X5YhYcv17S+L7HfZo3z83ixe70PCPGyT7
9w8rkxlasKHE/nnSutqPErAkXS9MA9PTuxpVfAbF2gj7VBKC3emLzUnDgSdodyZPXw5Mbh
XEjg+O20t9paDGRumX0HrWF85V5K0JoPb1hQzt1ieyyYNprmgZX3x6EeqaJO3zWDg6rSxn
68KeNWgfLeYDVCrhscdhc4bAPq7XwTVmBDhgQNd1bjjkU4scImVVs0gOingpDFrCHLQfWy
GiiOkdoRZ5bit8N64pEKE0MSSwSajwRzf3jhAAACAHAQagmMU9IoXB8hemhwiaZgBB9Sbk
XBieDPntTVztod44HFk+VFKPuB1XdfY/TggZRVqeJkyF/s1pDu4wwmY9BPGYDp4bHAb+fo
bYtp5WKGsopiIGXR0ocPSuAlA9f1LdiUl29UjHwBP6iUpHIg4lM9KP5ZK06C6rNxkUdcGm
uB6Afq0Wk14lZZzaOR4Sc7dK4Txa0LN7i9nxtl7oh3HDd9dNuoZKHMXXQ+txDdpHl15jpW
moHqlwQo7Dzg3TjHXBJnh2pSRYvM6DKAX22wNAByMBjhcM/84kaVdSTukeDZNJZuk7ekph
Xn1p7HVF6K7QMp6TR5eiHJn+WMCiZV6vqJ0V8OkY4zfktCvSEyfyvAe/9tu+1GQJe7TvTC
RenDtgqU9kPonwV9Xa+VvngFg/zx003vDeYaNREbnOtrxH7TpeBn2dtBUAn/taoPHx3EU+
CVXeXmiJZSf0VdLc5JisjB/p41nUpmTlkAkycBHFotl51J7T2JUTtZDIGH3Kz8NboXrVFp
uSDPPiu1XkkJsxHKirYFasgr/BOH4sb+e/rzJyqoVTtUQ9xMPR8K4+EVUm099IftrPO78z
PXTjiI7BxeUe44JqKjXeB/rwd9NujsKn2c14egcggpXdbGqc545DIyfOr5OYOquVBsP6GG
Fs4/ealF/ypsq6kFWPKrijrYAAACAQDmS3c36FWOQ1mRRqvOFTi6/hmzvvjXTu0RGNrYpP
R8/CYhhGdsw0L5/VrkbVTyzCO3l3kRiQtNKa0C0eDRWlIWdjEz/NerRUGm8uPCEWKHfmli
XnloW0y6lanUrBVF4dwReJvNM5BfALcas3iDkZKLeppHW1Xm/CU7yxM52rndE5/9gZoQ2S
inYrBw/b03BzybZYge00rdzvo5zovb0U2bxYg/5iV9Q4BRLQcTrhj3u79pQQbktWMn1vbX
YGZIXBMvjpWPuUUs95Otkiv/e8MN+5PjbBsf3y1kvJPecrXNBX273AoukuhUMXJD9iRaOo
FYEhKU8ek3Y2MGyaIAFRtqz71073Gq4yZk6raBQqvgXoKm16lN+I8oMMLbCSFqwpW2FnAG
KbXdl0o/prqT6qn+CdreKUSfwFPNlOLx/jx7fH/oF5MiPfn9Bynk1Yer8JvwEFE6RJRNCV
dEMQ8IsnV1xMy/D0D1ILsz9ARm3dFmnvrDZHNAdglbP3HkHxVxFZ/wA/8GUwp+oOGdLWBO
zudS9vTEE6n89t8ac/90lwWEMYAZUaydyED4G7r8GUxLA3Q23VFldWRJxmy8imcErEhC65
GVRivMypWH2G542ea0lvcFzkGaT+MJL38vpAxeZHRsPuaV2LVnbImEL3GyD53vdYWb2iGg
rTHsZ+wOtn9o0QAAAgEAvk9jdpvH+/dgymoSpGgDFE1VBRw3EmnzfbXj850WZdN48a5ifj
/qpW/FwyqUf4ApJhWqsFVArY0KVQI4we9QAR2M7jxRi42bO323/KgnGfHaVcihsU7D88kp
XTPlhL5b8Tirm3odQ8tt8w+DQvkA46Isch9RBi+ie3wX3ZkZKn2B8wXyxwFChknPjaJGiX
HE4062ZYxEQGMv8gdkJ+36de+ILHhEQ0sZUgrF13EBahBk5GCTaNwQ4ENl5DCBQeplwVaG
KJaszUlom8PPguR+adRCChuzVT8lJgFWGvxZkQdHeQueGXjY1fE04QOgI0nxSjkA68l2RS
d0ymQxfQxyULWGjKpbNoWFqm7d5E/w/+qHxk7BopWyLr35KDJ1JmVfNZttaShRKt2UoXEh
vn7bWVilgMo9LB9pdhqhIPqBlduxdHhwPLZhWoo+p6WEbP0ijwIcOZgc86dnWIj5npqQSI
YgP6Q0UkRmfwK/o4nBev+udjrS0DcwPFSUjBhYYocD/Yow4KGYEEDJ29YkbjaCPxuIEDqv
BJrPca1i25yHwkdNMA/ys6iAtP1N+8QVUHKoM+C0laAgWEQDJ0cQcd5/q6ICFGlBsSytWO
nnMHjNR6bRhrPQiPivsu2nb5IMJCU7T2F8B/nk0cCAAus/1LEp33dWKq74RNFvSpgK0a8R
ErMAAAAHZGV2QHR1ZgECAwQ=
-----END OPENSSH PRIVATE KEY-----

0
id_rsa.pub → update_deployed/id_rsa.pub
View File

0
incert_ssh.sh → update_deployed/incert_ssh.sh
View File

0
update.sh → update_deployed/update_all.sh
View File

16
update_deployed/update_channel.sh Normal file
View File

@ -0,0 +1,16 @@
# update channels.urmic.org
channel_rtmp_ips=("172.16.99.181" "172.16.99.182" "172.16.99.183" "172.16.99.184" "172.16.99.185" "172.16.99.186" "172.16.99.187")
CHANNEL_URMIC_ORG=$(cat <<EOF
rm -rf channel.urmic.org
echo "Pulling latest changes from remote Git..."
git clone https://devdatt:$1@git.dbhatt.org/serverwa/channel.urmic.org.git
cd channel.urmic.org
cp nginx.conf /etc/nginx/
systemctl reload nginx
rm -rf channel.urmic.org
EOF
)
for ip in "${channel_rtmp_ips[@]}"; do
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$CHANNEL_URMIC_ORG"
echo "Current ip: $ip"
done

12
update_deployed/update_streamer_main_icecast.sh Normal file
View File

@ -0,0 +1,12 @@
# update streamer.urmic.org
STREAMER_URMIC_ORG=$(cat <<EOF
rm -rf streamer.urmic.org
echo "Pulling latest changes from remote Git..."
git clone https://devdatt:$1@git.dbhatt.org/serverwa/streamer.urmic.org.git
cd streamer.urmic.org
cp icecast.xml /etc/icecast2/
systemctl reload icecast2
rm -rf streamer.urmic.org
EOF
)
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$STREAMER_URMIC_ORG"

16
update_deployed/update_uplink1_push Normal file
View File

@ -0,0 +1,16 @@
# uplink1.urmic.org
uplink1_rtmp_ips=("37.27.21.27" "185.193.19.223" "137.59.95.164")
UPLINK1_RTMP=$(cat <<EOF
rm -rf uplink1.urmic.org
echo "Pulling latest changes from remote Git..."
git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink1.urmic.org.git
cd uplink1.urmic.org
cp nginx.conf /etc/nginx/
systemctl reload nginx
rm -rf uplink1.urmic.org
EOF
)
for ip in "${uplink1_rtmp_ips[@]}"; do
ssh -i id_rsa -o StrictHostKeyChecking=no root@$ip "$UPLINK1_RTMP"
echo "Current ip: $ip"
done

7
update_deployed/update_uplink_main Normal file
View File

@ -0,0 +1,7 @@
# uplink main uplink
rm -rf uplink.urmic.org
git clone https://devdatt:$1@git.dbhatt.org/serverwa/uplink.urmic.org.git
cd uplink.urmic.org
cp nginx.conf /etc/nginx/
rm -rf uplink.urmic.org
systemctl reload nginx