Categoria Tutorial

  • Início   /  
  • Arquivo por categoria "Tutorial"

Tutorial Proxy Reverso com Nginx no Debian 12 (bookwork) com Certificado Digital (certbot)

Para instalar e configurar o Proxy Reverso no Debian 12 (bookworm) proceda com os seguintes passos:

1º – Instalar nginx

apt install nginx certbot python3-certbot-nginx -y

2ª Crei um Vhost em /etc/nginx/sites-enabled

cd /etc/nginx/sites-enabled
vim site01.conf

server {
  server_name app.site01.com;
  set $upstream 127.0.0.1:5000;

  underscores_in_headers on;
  location /.well-known {
    alias /var/www/ssl-proof/.well-known;
  }

  location / {
    proxy_pass_header Authorization;
    proxy_pass http://$upstream;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on; # Optional

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_http_version 1.1;
    proxy_set_header Connection “”;
    proxy_buffering off;

    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_redirect off;
  }
}

Para checar as sintaxes do arquivo de configuração, execute:

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

3º Gerando Certificados

certbot --nginx -d site01.com -d app.site01.com

 

Instalando uma aplicação NodeJS no Debian 12 (bookworm)

Para instalar uma aplicação em NodeJS no Debian 12 (bookworm) pressiga com os seguintes passos.

1º Download e instalação do Node Source

Em https://github.com/nodesource/distributions selecione a versão desejada, nesse caso usaremos versão 20 para Debian

Using Debian, as root

curl -fsSL https://deb.nodesource.com/setup_20.x | bash - &&\
apt-get install -y nodejs

2ª Confira a versão

nodejs --version

3º Atualize o NPM

npm install npm@latest
npm install -g [email protected]

4ª Após acessar o diretório com aplicação NodeJS, execute:

1 –  Para instalar as dependências

npm install

2 –  Para buildar os fontes

npm run build

3 –  Para executar aplicação

npm run start

5º Para configurar a aplicação como serviço, instale o PM2

npm install pm2 -g

6ª Adicionando a plicação no PM2 e Configurando ao AutoStartup

1- De dentro do diretório da aplicação, execute:

pm2 start 'npm run start' --name Frontend
pm2 list
pm2 save
pm2 startup
pm2 save
pm2 examples (para maiores informações)

 

 

Como instalar MySql 8 no Debian 12 (bookworm)

Como instalar MySql 8 no Debian 12.

Para realizar a instalação siga os seguintes passos;

1 º Realizar o update e se necessário, instalar o wget

apt update
apt install wget -y

2 º Realizar o download do repositório do MySql e instalação do mesmo.

wget https://repo.mysql.com//mysql-apt-config_0.8.29-1_all.deb
apt install ./mysql-apt-config_0.8.29-1_all.deb -y
apt update

Ps. Sinta-se avontade para baixar o resitório mais recente no site da MySQl

https://dev.mysql.com/downloads/

Em Configuring mysql-apt-config:

  1. Selecione Mysql Server e Cluster
  2. Confirme MySql Server
  3. Confirme com OK
  4. Confirme com OK

Caso precise refazer alguma configuração execute:

dpkg-reconfigure mysql-apt-config

Instale o MySql

apt update
apt install mysql-server -y

3º Configure os serviços

systemctl enable --now mysql
systemctl status mysql

4º Execute o Secure Instalations

mysql_secure_installation

 

Press y|Y for Yes, any other key for No: Y
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y

 

 

Como instalar Chatwoot via Docker + Codechat + API Whatsapp

Passo 1  – Instalação Docker

  • Remover possíveis versões anteriores
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
  • Add Docker’s official GPG key
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
  • Add the repository to Apt sources
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  • Instalação docker
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

Passo 2 – Instalação do Chatwoot via Docker Compose

  • Download the env file template
  • Download the Docker compose template
  • Rename .env file
cd /root
mkdir chatwoot
wget -O .env https://raw.githubusercontent.com/chatwoot/chatwoot/develop/.env.example
wget -O docker-compose.yaml https://raw.githubusercontent.com/chatwoot/chatwoot/develop/docker-compose.production.yaml
  • Ajustando o .env file
  • Atenção para senha do postgres
Main
SECRET_KEY_BASE - criar senha segura
FRONTEND_URL=https://app.sacbr.com.br
DEFAULT_LOCALE=pt_BR

Postgres
    POSTGRES_HOST=postgres
    POSTGRES_USERNAME=postgres
    POSTGRES_PASSWORD=908AS7DF89ASIUAFSDAS89034K
    RAILS_ENV=development
Mail
    MAILER_SENDER_EMAIL=SacBR <[email protected]>
    SMTP_DOMAIN=smtp.gmail.com
    SMTP_ADDRESS=smtp.gmail.com
    SMTP_PORT=465
    SMTP_USERNAME=sacbr{at}sacbr.com.br
    SMTP_PASSWORD=Senha123
    SMTP_AUTHENTICATION=plain
    SMTP_ENABLE_STARTTLS_AUTO=true
    SMTP_OPENSSL_VERIFY_MODE=peer
    SMTP_SSL=true
  • Ajustando o docker-compose.yml
  • Atenção para senha do postgres
version: '3'
services:
  base: &base
    image: chatwoot/chatwoot:latest
    env_file: .env ## Change this file for customized env variables
    volumes:
      - ./data/storage:/app/storage

  rails:
    <<: *base
    depends_on:
      - postgres
      - redis
    ports:
      - '127.0.0.1:3000:3000'
    environment:
      - NODE_ENV=production
      - RAILS_ENV=production
      - INSTALLATION_ENV=docker
    entrypoint: docker/entrypoints/rails.sh
    command: ['bundle', 'exec', 'rails', 's', '-p', '3000', '-b', '0.0.0.0']

  sidekiq:
    <<: *base
    depends_on:
      - postgres
      - redis
    environment:
      - NODE_ENV=production
      - RAILS_ENV=production
      - INSTALLATION_ENV=docker
    command: ['bundle', 'exec', 'sidekiq', '-C', 'config/sidekiq.yml']

  postgres:
    image: postgres:12
    restart: always
    ports:
      - '5432:5432'
    volumes:
      - ./data/postgres:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=chatwoot
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=SENHA SUPER SEGURA AQUI

  redis:
    image: redis:alpine
    restart: always
    command: ["sh", "-c", "redis-server --requirepass \"$REDIS_PASSWORD\""]
    env_file: .env
    volumes:
      - ./data/redis:/data
    ports:
      - '127.0.0.1:6379:6379'
  • Preparar banco de dados
docker compose run --rm rails bundle exec rails db:chatwoot_prepare
  • Levantando o serviço
docker compose up -d
  • Instalando Nginx e Configurando Proxy Reverso
sudo apt-get install nginx
cd /etc/nginx/sites-enabled
vim yourdomain.com.conf
  • Configurando Virtual Host
  • Em server name: chatwoot.minhaempresa.com.br
server {
  server_name <yourdomain.com>;

  # Point upstream to Chatwoot App Server
  set $upstream 127.0.0.1:3000;

  # Nginx strips out underscore in headers by default
  # Chatwoot relies on underscore in headers for API
  # Make sure that the config is set to on.
  underscores_in_headers on;
  location /.well-known {
    alias /var/www/ssl-proof/chatwoot/.well-known;
  }

  location / {
    proxy_pass_header Authorization;
    proxy_pass http://$upstream;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on; # Optional

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_http_version 1.1;
    proxy_set_header Connection “”;
    proxy_buffering off;

    client_max_body_size 0;
    proxy_read_timeout 36000s;
    proxy_redirect off;
  }
  listen 80;
}
  • Checando as configurações
nginx -t
systemctl reload nginx
  • Instalando Certbot e gerando certififcado
apt  install certbot
apt install python3-certbot-nginx
mkdir -p /var/www/ssl-proof/chatwoot/.well-known
certbot --webroot -w /var/www/ssl-proof/chatwoot/ -d yourdomain.com -i nginx
  • Ao chegar nessa etapa do processo de instalação do Chatwoot deverá estar rodando na porta 3000.
  • O nginx deverá estar rodando nas portas 80 e 443.
  • Proxy reverso deverá estar funcional e buscando chatwoot no localhost.
  • Crie sua conta.
  • Faça Login para seguir adiante.

Passo 3 – Instalando NodeJS versão 16 (Obrigatório)

–> Adicionar repositório

sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

–> Instalar versão 16

NODE_MAJOR=16
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list

Passo 4 – Instalar Codechat

git clone https://github.com/w3nder/chatwoot-codechat.git
mv chatwoot-codechat/ codechat
cd codechat
mv .env.example .env

–> Pegar token do usuário dentro do Chatwoot e atualizar
–> Gerar uma chave particular e colocar no CODECHAT_API_KEY Ex: ” 301803677cd97069a55a79038fb0a2ebd4be1e49 ”
–> Se desejar assinar as mensagens como o nome de usuário mude para TOSIGN=true
–> Se desejar receber mensagens enviadas fora do chatwoot mude para IMPORT_MESSAGES_SENT=false

####################################  EXEMPLO ############################
        PORT = 1234
        CHATWOOT_TOKEN = wV7yJG7q28h3RdQY7m4sDzVM
        CHATWOOT_BASE_URL = http://localhost:3000
        CODECHAT_BASE_URL = http://localhost:8080
        CODECHAT_API_KEY = 301803677cd97069a55a79038fb0a2ebd4be1e49
        TOSIGN=true
        IMPORT_MESSAGES_SENT=true
####################################  EXEMPLO ############################

Explicando em sequência:

  • Instalar dependências
  • Construir aplicação (bildar)
  • Rodar aplicação, o prompt ficará preso, assim poderá acompanhar os logs.
npm install
npm run build 
npm start

Passo 5 – Instalar API

  • Baixando API
  • Renomeando dev-env.yml para env.yml
cd
git clone https://github.com/code-chat-br/whatsapp-api.git
cd whatsapp-api
mv src/dev-env.yml src/env.yml
  • Ajustar Server Port
  • Ajustar Server URL
  • Habilitar Webhook
  • Ajustar Client
  • Usar chave de acesso configurada no Codechat
vim src/env.yml

Server Port 8080 http
Webhook --> URL: Colocar o link da url webhook: http://0.0.0.0:1234/webhook/codechat
Webhook Enabled: True

Client: Sac BR
--> Autehtication ( PEGAR A CHAVE DO CODECHAT EM cat /root/codechat/.env )

  • Explicando em sequência:

    • Instalar dependências
    • Construir aplicação (bildar)
    • Rodar aplicação, o prompt ficará preso, assim poderá acompanhar os logs.
npm install
npm run build
npm run start

Passo 6 – Instalar PM2

  • Instalar PM2
  • Configurar Codechat como Serviço
  • Configurar API como Serviço
npm install pm2 -g

cd /root/codechat
pm2 start dist/app.js --name codechat

cd /root/whatsapp-api
pm2 start 'npm run start prod' --name whatsapp-api

Passo 7 – Criando caixa de entrada no Chatwoot

  • Configurações
  • Caixa de Entrada
  • Adicionar Caixa de Entrada
  • API
URL: http://192.168.0.254:1234/webhook/chatwoot

PS. Usar endereço IP do Host. Não Usar Localhost - Não Usar 127.0.0.1
  • Criar contato para chamar o bot
  • Contatos
  • Novo Contato
    • Nome: Bot
    • Número: +123456
  • Abrir contato
    • Nova Mensagem
    • Caixa de Entrada: Whatsapp
    • Mensagem: /iniciar

 

  • Comandos do Code Chat
    • /iniciar
      • Este comando irá criar uma nova instância e gerar um QR code
    • /status
      • Este comando irá verificar o status da instância
    • /desconectar
      • Este comando irá desconectar o WhatsApp da instância

Passo 7 – Liberando personalização do chatwoot

  • Instalar PostgreSQL Client
apt install postgresql-client postgresql-client-common
  • Logar no banco de dados
  • Selecionar o chatwoot_production
  • Atualizar update installation_configs set locked = false;
psql -U postgres -h localhost -w
\c chatwoot_production
update installation_configs set locked = false;
\q

 

| Tutorial | Como instalar n8n via docker com proxy Reverso- Passo a Passo

INSTALAR N8N VIA DOCKER

Referência

https://docs.n8n.io/hosting/installation/server-setups/docker-compose/#5-create-docker-compose-file

Passo 1

cd /root
mkdir n8n
vim docker-compose.yml

Ler mais

e2guardian CentOS 7 com SSL MITM

Preparando o Ambiente

yum groupinstall ‘Development Tools’
yum install zlib-devel pcre-devel openssl-devel git vim bash-completion wget xz-devel bzip2-devel openldap-devel gd gd-devel

Desabilitando Firewall

systemctl disable firewalld
systemctl stop firewalld

Desabilitando SElinux

vim /etc/selinux/config
SELINUX=disabled

Baixando o Instalador

git clone https://github.com/e2guardian/e2guardian.git
cd e2guardian

Compilando e Instalando

./autogen.sh
./configure ‘–prefix=/usr’ ‘–enable-clamd=yes’ ‘–with-proxyuser=e2guardian’ ‘–with-proxygroup=e2guardian’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–enable-icap=yes’ ‘–enable-commandline=yes’ ‘–enable-email=yes’ ‘–enable-ntlm=yes’ ‘–mandir=${prefix}/share/man’ ‘–infodir=${prefix}/share/info’ ‘–enable-pcre=yes’ ‘–enable-sslmitm=yes’ ‘CPPFLAGS=-mno-sse2 -g -O2’

make

make install

Criando os Serviços SystemCTL

cp /usr/share/e2guardian/scripts/e2guardian.service /etc/systemd/system/
cp /usr/share/e2guardian/scripts/e2guardian /etc/logrotate.d/

Necessário criar Log e Setar Permissão

touch /var/log/e2guardian/access.log
useradd e2guardian
chown -R e2guardian:e2guardian /var/log/e2guardian/

Gerando Certificado SSL Para MITM

Crie o diretório /etc/e2guardian/ssl/generatedcerts:

mkdir -p /etc/e2guardian/ssl/generatedcerts

Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:

chmod 777 /etc/e2guardian/ssl/generatedcerts

Crie o arquivo /etc/e2guardian/sslgen.sh e o execute:

#!/bin/bash
openssl genrsa 4096 > ca.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
openssl x509 -in ca.pem -outform DER -out ca.der
openssl genrsa 4096 > cert.key

Execute

chmod +x sslgen.sh

cp /etc/e2guardian/ssl/ca.pem /etc/e2guardian/ssl/ca.crt

Copiar o CA.crt para Maquina Windows
Importar no Diretório de CA Confiáveis

Edite os arquivos:
/etc/e2guardian/e2guardian.conf:

# Enable SSL support
# This must be present to enable MITM and/or Cert checking
# default is off
enablessl = on

#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank – required if ssl_mitm is enabled.
cacertificatepath = ‘/etc/e2guardian/ssl/ca.pem’

#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank – required if ssl_mitm is enabled.
caprivatekeypath = ‘/etc/e2guardian/ssl/ca.key’

#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank – required if ssl_mitm is enabled.
certprivatekeypath = ‘/etc/e2guardian/ssl/cert.key’

#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank – required if ssl_mitm is enabled.
generatedcertpath = ‘/etc/e2guardian/ssl/generatedcerts/’

Edite o arquivo e2guardianf1.conf e Habilite

sslmitm = on

Adicione alguns sites para teste

/etc/e2guardian/lists/bannedsitelist:

#List other sites to block:
# badboys.com
xxxbucetas.net
bucetas.b-cdn.net
xvideos.blog

Habilite e inicie o serviço e2guardian.service:

systemctl enable e2guardian.service
systemctl start e2guardian.service

Instale uma Blacklist (Opicional)

cd ~
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
tar -xvzf shallalist.tar.gz
mv BL/ /etc/e2guardian/lists/

chown -R e2guardian:e2guardian /etc/e2guardian/lists/

Instale o SARG (Opicional)

wget https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/sarg-2.4.0.tar.gz
tar -xvzf sarg-2.4.0.tar.gz
cd sarg-2.4.0
./configure
make
make install

E2Guardian MITN Criando Certificados



    

  1. Crie o diretório /etc/e2guardian/ssl/generatedcerts:

    mkdir -p /etc/e2guardian/ssl/generatedcerts
    

    2. 

  2. Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:

    chmod 777 /etc/e2guardian/ssl/generatedcerts
    

    3. 

  3. Crie o arquivo /etc/e2guardian/ssl/mkcert e o execute:

    #!/bin/bash

openssl genrsa 4096 > ca.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
openssl x509 -in ca.pem -outform DER -out ca.der
openssl genrsa 4096 > cert.key
    

    4. 

  4. Edite os arquivos:
    5. 



/etc/e2guardian/e2guardian.conf:




# Enable SSL support
# This must be present to enable MITM and/or Cert checking
# default is off
enablessl = on
...
#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank - required if ssl_mitm is enabled.
cacertificatepath = '/etc/e2guardian/ssl/ca.pem'

#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank - required if ssl_mitm is enabled.
caprivatekeypath = '/etc/e2guardian/ssl/ca.key'

#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank - required if ssl_mitm is enabled.
certprivatekeypath = '/etc/e2guardian/ssl/cert.key'

#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank - required if ssl_mitm is enabled.
generatedcertpath = '/etc/e2guardian/ssl/generatedcerts/'





Edite o arquivo e2guardianf1.conf


Localize a linha e ligue o SSLMITM


sslmitm = on


/etc/e2guardian/lists/bannedsitelist:


...
#List other sites to block:

# badboys.com
xxxbucetas.net
bucetas.b-cdn.net
xvideos.blog
...
# You will need to edit to add and remove categories you want
.Include</etc/e2guardian/lists/BL/porn/domains>
.Include</etc/e2guardian/lists/BL/aggressive/domains>


    

  1. Habilite e inicie o serviço e2guardian.service:

    systemctl enable e2guardian.service
systemctl start e2guardian.service
    

    2. 


			

		

	 





	

			

							                    
Script Backup Mikrotik Via E-mail

                                        

				
Script para backup mikrotik enviando por e-mail usando o Gmail


Criar uma conta no G-Mail, Permitir acesso a Dispositivos menos Seguros


Configurar NTP Clinet


Configurar uma conta de e-mail


Agendar uma tarefa, nesse cado 5 dias.


Criar um Script


/system ntp client

set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8


/tool e-mail

set address=smtp.gmail.com [email protected] password=******** \

port=587 start-tls=yes user=cuidadodigitalgyn


/system scheduler

add interval=5d name=run_backup on-event=backup policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \

start-date=oct/04/2019 start-time=18:00:00


/system script

add dont-require-permissions=no name=backup owner=admin policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=”/\

export file=backup\r\

\n:log info message=\”Enviando backup por e-mail\”\r\

\n:delay 5s\r\

\n:global data [/system clock get date]\r\

\n:global hora [/system clock get time]\r\

\n:global nome [/system identity get name]\r\

\n/tool e-mail send to=\”[email protected]\” subject=\”Backup_\

\$nome\” body=\”\” file=\”backup.rsc\””

			

		

	 





	

			

							                    
OpenVPN no Mikrotik com Cliente Windows

                                        

				


 Ler mais

			

		

	 





	

			

							                    
Migrando e-mails entre provedores com ImapSync (Script)

                                        

				


Muitas vezes aparecem a árdua tarefa de ter de migrar várias caixas postais de um mesmo domínio entre provedores diferentes, para essa tarefa usamos o Imap Sync que pode tanto ser usado um à um ou via script otimizando a tarefa. Ler mais