Vedat Kamer vedatkamer

## zimbra-proxy-control-to-deny-access-via-external-ip.sh
#!/bin/bash

configfile="/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template"
[ -e /opt/zimbra/conf/nginx/external_ip.txt ] && ipaddress="$(cat /opt/zimbra/conf/nginx/external_ip.txt)" || ipaddress="$(curl -fsSL ifconfig.co)"
crtfile="/opt/zimbra/ssl/zimbra/server/server.crt"
keyfile="/opt/zimbra/ssl/zimbra/server/server.key"

pattern="server(\n|\s)?{\n\s+listen\s*443\sssl\shttp2;\n\s+server_name\s+$ipaddress;\n\s+ssl_certificate\s+${crtfile//\//\\/};\n\s+ssl_certificate_key\s+${keyfile//\//\\/};\n\s+location\s+\/\s+\{\n\s*return 200 \'Hello World!\';\n\s+\}\n}"

block="

## zpush-control-for-zimbra.sh
#!/bin/bash

FILE='/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template'

if [[ ! -f "/etc/nginx-php-fpm.conf" ]]
then
    echo "Zimbra sunucusunda Z-Push kurulu değil."
    exit
fi

## nginx.conf.web.https.default.template
# HTTPS Proxy Default Configuration

${web.strict.servername}# Strict servername enforcing block
${web.strict.servername}# Enabled/disabled through the 'zimbraReverseProxyStrictServerName' configuration item
${web.strict.servername}# The $\{listen.:addresses\} is NOT demarcated with web.strict.servername on purpose.
${web.strict.servername}server {
${web.strict.servername}    ${core.ipboth.enabled}listen                  [::]:${web.https.port} default_server ipv6only=off;
${web.strict.servername}    ${core.ipv4only.enabled}listen                ${web.https.port} default_server;
${web.strict.servername}    ${core.ipv6only.enabled}listen                [::]:${web.https.port} default_server;
${web.strict.servername}    server_name _;

## centos6-asterisk11-freepbx11-install.sh
###########################################################################
# Set some Variable
echo "Set some Variables needed for install time"
brand=FreePBXDistro
version=5.211.65-1
###########################################################################
echo
echo "Moving to Next Step"
echo
###########################################################################

## caddy.sh
# Run as root please

apt install curl
curl -L https://getcaddy.com | bash -s http.awslambda,http.cgi,http.cors,http.expires,http.filemanager,http.filter,http.git,http.hugo,http.ipfilter,http.jwt,http.mailout,http.minify,http.prometheus,http.proxyprotocol,http.ratelimit,http.realip,http.upload,dns,net,hook.service
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
mkdir -p /etc/caddy
chown -R root:www-data /etc/caddy
mkdir -p /etc/ssl/caddy

## openvpn_check.sh
#!/bin/bash
#
# check openvpn
#

# config
DEVICE="tun0"
STATS_FILE="/proc/net/dev"
INTERFACES="$(cat ${STATS_FILE})"
OPENVPN_INIT="/etc/init.d/openvpn"

## gist:b97838cbf70fb87a3fa5
### Keybase proof

I hereby claim:

  * I am vedatkamer on github.
  * I am vedatkamer (https://keybase.io/vedatkamer) on keybase.
  * I have a public key whose fingerprint is F447 0C53 0BE4 D265 A167  E548 69F0 6616 3A99 0514

To claim this, I am signing this object:
	#!/bin/bash

	configfile="/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template"
	[ -e /opt/zimbra/conf/nginx/external_ip.txt ] && ipaddress="$(cat /opt/zimbra/conf/nginx/external_ip.txt)" \|\| ipaddress="$(curl -fsSL ifconfig.co)"
	crtfile="/opt/zimbra/ssl/zimbra/server/server.crt"
	keyfile="/opt/zimbra/ssl/zimbra/server/server.key"

	pattern="server(\n\|\s)?{\n\s+listen\s443\sssl\shttp2;\n\s+server_name\s+$ipaddress;\n\s+ssl_certificate\s+${crtfile//\//\\/};\n\s+ssl_certificate_key\s+${keyfile//\//\\/};\n\s+location\s+\/\s+\{\n\sreturn 200 \'Hello World!\';\n\s+\}\n}"

	block="
	#!/bin/bash

	FILE='/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template'

	if [[ ! -f "/etc/nginx-php-fpm.conf" ]]
	then
	echo "Zimbra sunucusunda Z-Push kurulu değil."
	exit
	fi
	# HTTPS Proxy Default Configuration

	${web.strict.servername}# Strict servername enforcing block
	${web.strict.servername}# Enabled/disabled through the 'zimbraReverseProxyStrictServerName' configuration item
	${web.strict.servername}# The $\{listen.:addresses\} is NOT demarcated with web.strict.servername on purpose.
	${web.strict.servername}server {
	${web.strict.servername} ${core.ipboth.enabled}listen [::]:${web.https.port} default_server ipv6only=off;
	${web.strict.servername} ${core.ipv4only.enabled}listen ${web.https.port} default_server;
	${web.strict.servername} ${core.ipv6only.enabled}listen [::]:${web.https.port} default_server;
	${web.strict.servername} server_name _;
	###########################################################################
	# Set some Variable
	echo "Set some Variables needed for install time"
	brand=FreePBXDistro
	version=5.211.65-1
	###########################################################################
	echo
	echo "Moving to Next Step"
	echo
	###########################################################################
	# Run as root please

	apt install curl
	curl -L https://getcaddy.com \| bash -s http.awslambda,http.cgi,http.cors,http.expires,http.filemanager,http.filter,http.git,http.hugo,http.ipfilter,http.jwt,http.mailout,http.minify,http.prometheus,http.proxyprotocol,http.ratelimit,http.realip,http.upload,dns,net,hook.service
	chown root:root /usr/local/bin/caddy
	chmod 755 /usr/local/bin/caddy
	setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
	mkdir -p /etc/caddy
	chown -R root:www-data /etc/caddy
	mkdir -p /etc/ssl/caddy
	#!/bin/bash
	#
	# check openvpn
	#

	# config
	DEVICE="tun0"
	STATS_FILE="/proc/net/dev"
	INTERFACES="$(cat ${STATS_FILE})"
	OPENVPN_INIT="/etc/init.d/openvpn"
	### Keybase proof

	I hereby claim:

	* I am vedatkamer on github.
	* I am vedatkamer (https://keybase.io/vedatkamer) on keybase.
	* I have a public key whose fingerprint is F447 0C53 0BE4 D265 A167 E548 69F0 6616 3A99 0514

	To claim this, I am signing this object: