Found 57 repositories(showing 30)
BabyJ723
# Awesome Keycloak [](https://github.com/sindresorhus/awesome) # [<img src="https://www.keycloak.org/resources/images/keycloak_logo_480x108.png">](https://github.com/thomasdarimont/awesome-keycloak) > Carefully curated list of awesome Keycloak resources. A curated list of resources for learning about the Open Source Identity and Access Management solution Keycloak. Contains books, websites, blog posts, links to github Repositories. # Contributing Contributions welcome. Add links through pull requests or create an issue to start a discussion. [Please refer to the contributing guide for details](CONTRIBUTING.md). # Contents * [General](#general) * [Documentation](#docs) * [Keycloak Website](http://www.keycloak.org) * [Current Documentation](http://www.keycloak.org/documentation.html) * [Archived Documentation](http://www.keycloak.org/documentation-archive.html) * [Mailing Lists](#mailing-lists) * [User Mailing List](#user-mailing-list) * [Developer Mailing List](#dev-mailing-list) * [Mailing List Search](#mailing-list-search) * [Books](#books) * [Articles](#articles) * [Talks](#talks) * [Presentations](#presentations) * [Video Playlists](#video-playlists) * [Community Extensions](#community-extensions) * [Integrations](#integrations) * [Themes](#themes) * [Docker](#docker) * [Deployment Examples](#deployment-examples) * [Example Projects](#example-projects) * [Benchmarks](#benchmarks) * [Help](#help) * [Commercial Offerings](#commercial-offerings) * [Miscellaneous](#miscellaneous) # General ## Documentation * [Keycloak Website](http://www.keycloak.org/) * [Current Documentation](http://www.keycloak.org/documentation.html) * [Archived Documentation](http://www.keycloak.org/documentation-archive.html) * [Product Documentation for Red Hat Single Sign-On](https://access.redhat.com/documentation/en/red-hat-single-sign-on/) ## Discussion Groups and Mailing Lists * [Keycloak Users Google Group](https://groups.google.com/forum/#!forum/keycloak-user) * [Keycloak Developers Google Group](https://groups.google.com/forum/#!forum/keycloak-dev) * [Keycloak Discourse Group](https://keycloak.discourse.group/) * [Keycloak Developer Chat](https://keycloak.zulipchat.com) * [Inactive - User Mailing List](https://lists.jboss.org/mailman/listinfo/keycloak-user) * [Inactive - Developer Mailing List](https://lists.jboss.org/mailman/listinfo/keycloak-dev) * [Mailing List Search](http://www.keycloak.org/search) * [Keycloak Subreddit](https://www.reddit.com/r/keycloak) ## Books * [Keycloak - Identity and Access Management for Modern Applications](https://www.packtpub.com/product/keycloak-identity-and-access-management-for-modern-applications/9781800562493) ## Articles * [How to get Keycloak working with Docker](https://www.ivonet.nl/2015/05/23/Keycloak-Docker/) * [Single-Sign-On for Microservices and/or Java EE applications with Keycloak SSO](http://www.n-k.de/2016/06/keycloak-sso-for-microservices.html) * [Keycloak Admin Client(s) - multiple ways to manage your SSO system](http://www.n-k.de/2016/08/keycloak-admin-client.html) * [How to get the AccessToken of Keycloak in Spring Boot and/or Java EE](http://www.n-k.de/2016/05/how-to-get-accesstoken-from-keycloak-springboot-javaee.html) * [JWT authentication with Vert.x, Keycloak and Angular 2](http://paulbakker.io/java/jwt-keycloak-angular2/) * [Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory](http://matthewcasperson.blogspot.de/2015/07/authenticating-via-kerberos-with.html) * [Deploying Keycloak with Ansible](https://adam.younglogic.com/2016/01/deploying-keycloak-via-ansible/) * [Easily secure your Spring Boot applications with Keycloak](https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-applications-with-keycloak/) * [How Red Hat re-designed its Single Sign On (SSO) architecture, and why](https://developers.redhat.com/blog/2016/10/04/how-red-hat-re-designed-its-single-sign-on-sso-architecture-and-why/) * [OAuth2, JWT, Open-ID Connect and other confusing things](http://giallone.blogspot.de/2017/06/oath2.html) * [X509 Authentication with Keycloak and JBoss Fuse](https://sjhiggs.github.io/fuse/sso/x509/smartcard/2017/03/29/fuse-hawtio-keycloak.html) * [Running Keycloak on OpenShift 3](https://medium.com/@sbose78/running-keycloak-on-openshift-3-8d195c0daaf6) * [Introducing Keycloak for Identity and Access Management](https://www.thomasvitale.com/introducing-keycloak-identity-access-management/) * [Keycloak Basic Configuration for Authentication and Authorisation](https://www.thomasvitale.com/keycloak-configuration-authentication-authorisation/) * [Keycloak on OpenShift Origin](https://medium.com/@james_devcomb/keycloak-on-openshift-origin-ee81d01dac97) * [Identity Management, One-Time-Passwords and Two-Factor-Auth with Spring Boot and Keycloak](http://www.hascode.com/2017/11/identity-management-one-time-passwords-and-two-factor-auth-with-spring-boot-and-keycloak/) * [Keycloak Identity Brokering with Openshift](https://developers.redhat.com/blog/2017/12/06/keycloak-identity-brokering-openshift/) * [OpenID Connect Identity Brokering with Red Hat Single Sign-On](https://developers.redhat.com/blog/2017/10/18/openid-connect-identity-brokering-red-hat-single-sign/) * [Authentication & user management is hard](https://eclipsesource.com/blogs/2018/01/11/authenticating-reverse-proxy-with-keycloak/) * [Securing Nginx with Keycloak](https://edhull.co.uk/blog/2018-06-06/keycloak-nginx) * [Secure kibana dashboards using keycloak](https://aboullaite.me/secure-kibana-keycloak/) * [Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO](https://developers.redhat.com/blog/2018/10/08/configuring-nginx-keycloak-oauth-oidc/) * [Keycloak Clustering Setup and Configuration Examples](https://github.com/fit2anything/keycloak-cluster-setup-and-configuration) * [MicroProfile JWT with Keycloak](https://kodnito.com/posts/microprofile-jwt-with-keycloak/) * [Keycloak Essentials](https://medium.com/keycloak/keycloak-essentials-86254b2f1872) * [SSO-session failover with Keycloak and AWS S3](https://medium.com/@georgijsr/sso-session-failover-with-keycloak-and-aws-s3-e0b1db985e12) * [KTOR and Keycloak: authentication with OpenId](https://medium.com/slickteam/ktor-and-keycloak-authentication-with-openid-ecd415d7a62e) * [Keycloak: Core concepts of open source identity and access management](https://developers.redhat.com/blog/2019/12/11/keycloak-core-concepts-of-open-source-identity-and-access-management) * [Who am I? Keycloak Impersonation API](https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a) * [Setup Keycloak Server on Ubuntu 18.04](https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9) * [Getting started with Keycloak](https://robferguson.org/blog/2019/12/24/getting-started-with-keycloak/) * [Angular, OpenID Connect and Keycloak](https://robferguson.org/blog/2019/12/29/angular-openid-connect-keycloak/) * [Angular, OAuth 2.0 Scopes and Keycloak](https://robferguson.org/blog/2019/12/31/angular-oauth2-keycloak/) * [Keycloak, Flowable and OpenLDAP](https://robferguson.org/blog/2020/01/03/keycloak-flowable-and-openldap/) * [How to exchange token from an external provider to a keycloak token](https://www.mathieupassenaud.fr/token-exchange-keycloak/) * [Building an Event Listener SPI (Plugin) for Keycloak](https://dev.to/adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-2044) * [Keycloak user migration – connect your legacy authentication system to Keycloak](https://codesoapbox.dev/keycloak-user-migration/) * [Keycloak Authentication and Authorization in GraphQL](https://medium.com/@darahayes/keycloak-authentication-and-authorization-in-graphql-ad0a1685f7da) * [Kong / Konga / Keycloak: securing API through OIDC](https://github.com/d4rkstar/kong-konga-keycloak) * [KeyCloak: Custom Login theme](https://codehumsafar.wordpress.com/2018/09/11/keycloak-custom-login-theme/) * [Keycloak: Use background color instead of background image in Custom Login theme](https://codehumsafar.wordpress.com/2018/09/21/keycloak-use-background-color-instead-of-background-image-in-custom-login-theme/) * [How to turn off the Keycloak theme cache](https://keycloakthemes.com/blog/how-to-turn-off-the-keycloak-theme-cache) * [How to add a custom field to the Keycloak registration page](https://keycloakthemes.com/blog/how-to-add-custom-field-keycloak-registration-page) * [How to setup Sign in with Google using Keycloak](https://keycloakthemes.com/blog/how-to-setup-sign-in-with-google-using-keycloak) * [How to sign in users on Keycloak using Github](https://keycloakthemes.com/blog/how-to-sign-in-users-on-keycloak-using-github) * [Extending Keycloak SSO Capabilities with IBM Security Verify](https://community.ibm.com/community/user/security/blogs/jason-choi1/2020/06/10/extending-keycloak-sso-capabilities-with-ibm-secur) * [AWS SAML based User Federation using Keycloak](https://medium.com/@karanbir.tech/aws-connect-saml-based-identity-provider-using-keycloak-9b3e6d0111e6) * [AWS user account OpenID federation using Keycloak](https://medium.com/@karanbir.tech/aws-account-openid-federation-using-keycloak-40d22b952a43) * [How to Run Keycloak in HA on Kubernetes](https://blog.sighup.io/keycloak-ha-on-kubernetes/) * [How to create a Keycloak authenticator as a microservice?](https://medium.com/application-security/how-to-create-a-keycloak-authenticator-as-a-microservice-ad332e287b58) * [keycloak.ch | Installing & Running Keycloak](https://keycloak.ch/keycloak-tutorials/tutorial-1-installing-and-running-keycloak/) * [keycloak.ch | Configuring Token Exchange using the CLI](https://keycloak.ch/keycloak-tutorials/tutorial-token-exchange/) * [keycloak.ch | Configuring WebAuthn](https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/) * [keycloak.ch | Configuring a SwissID integration](https://keycloak.ch/keycloak-tutorials/tutorial-swissid/) * [Getting Started with Service Accounts in Keycloak](https://medium.com/@mihirrajdixit/getting-started-with-service-accounts-in-keycloak-c8f6798a0675) * [Building cloud native apps: Identity and Access Management](https://dev.to/lukaszbudnik/building-cloud-native-apps-identity-and-access-management-1e5m) * [X.509 user certificate authentication with Red Hat’s single sign-on technology](https://developers.redhat.com/blog/2021/02/19/x-509-user-certificate-authentication-with-red-hats-single-sign-on-technology) * [Grafana OAuth with Keycloak and how to validate a JWT token](https://janikvonrotz.ch/2020/08/27/grafana-oauth-with-keycloak-and-how-to-validate-a-jwt-token/) * [How to setup a Keycloak server with external MySQL database on AWS ECS Fargate in clustered mode](https://jbjerksetmyr.medium.com/how-to-setup-a-keycloak-server-with-external-mysql-database-on-aws-ecs-fargate-in-clustered-mode-9775d01cd317) * [Extending Keycloak: adding API key authentication](http://www.zakariaamine.com/2019-06-14/extending-keycloak) * [Extending Keycloak: using a custom email sender](http://www.zakariaamine.com/2019-07-14/extending-keycloak2) * [Integrating Keycloak and OPA with Confluent](https://goraft.tech/2021/03/17/integrating-keycloak-and-opa-with-confluent.html) * [UMA 2.0 : User Managed Access - how to use it with bash](https://blog.please-open.it/uma/) ## Talks * [JDD2015 - Keycloak Open Source Identity and Access Management Solution](https://www.youtube.com/watch?v=TuEkj25lbd0) * [2015 Using Tomcat and Keycloak in an iFrame](https://www.youtube.com/watch?v=nF_lw7uIxao) * [2016 You've Got Microservices Now Secure Them](https://www.youtube.com/watch?v=SfVhqf-rMQY) * [2016 Keycloak: Open Source Single Sign On - Sebastian Rose - AOE conf (german)](https://www.youtube.com/watch?v=wbKw0Bwyne4) * [2016 Sécuriser ses applications back et front facilement avec Keycloak (french)](https://www.youtube.com/watch?v=bVidgluUcg0) * [2016 Keycloak and Red Hat Mobile Application Platform](https://www.youtube.com/watch?v=4NBgiHM5aOA) * [2016 Easily secure your Front and back applications with KeyCloak](https://www.youtube.com/watch?v=RGp4HUKikts) * [2017 Easily secure your Spring Boot applications with Keycloak - Part 1](https://developers.redhat.com/video/youtube/vpgRTPFDHAw/) * [2017 Easily secure your Spring Boot applications with Keycloak - Part 2](https://developers.redhat.com/video/youtube/O5ePCWON08Y/) * [2018 How to secure your Spring Apps with Keycloak by Thomas Darimont @ Spring I/O 2018](https://www.youtube.com/watch?v=haHFoeWUj0w) * [2018 DevNation Live | A Deep Dive into Keycloak](https://www.youtube.com/watch?v=ZxpY_zZ52kU) * [2018 IDM Europe: WSO2 Identity Server vs. Keycloak (Dmitry Kann)](https://www.youtube.com/watch?v=hnjBiGsEDoU) * [2018 JPrime|Building an effective identity and access management architecture with Keycloak (Sebastien Blanc)](https://www.youtube.com/watch?v=bMqcGkCvUVQ) * [2018 WJAX| Sichere Spring-Anwendungen mit Keycloak](https://www.youtube.com/watch?v=6Z490EMcafs) * [2019 Spring I/O | Secure your Spring Apps with Keycloak](https://www.youtube.com/watch?v=KrOd5wIkqls) * [2019 DevoxxFR | Maitriser sa gestion de l'identité avec Keycloak (L. Benoit, T. Recloux, S. Blanc)](https://www.youtube.com/watch?v=0cziL__0-K8) * [2019 DevConf | Fine - Grained Authorization with Keycloak SSO (Marek Posolda)](https://www.youtube.com/watch?v=yosg4St0iUw) * [2019 VoxxedDays Minsk | Bilding an effective identity and access management architecture with Keycloak (Sebastien Blanc)](https://www.youtube.com/watch?v=RupQWmYhrLA) * [2019 Single-Sign-On Authentifizierung mit dem Keycloak Identity Provider | jambit CoffeeTalk](https://www.youtube.com/watch?v=dnY6ORaFNY8) * [2020 Keycloak Team | Keycloak Pitch](https://www.youtube.com/watch?v=GZTN_VXjoQw) * [2020 Keycloak Team | Keycloak Overview](https://www.youtube.com/watch?v=duawSV69LDI) * [2020 Please-open.it : oauth2 dans le monde des ops (french)](https://www.youtube.com/watch?v=S-9X50QajmY) ## Presentations * [Keycloak 101](https://stevenolen.github.io/kc101-talk/#1) ## Video Playlists * [Keycloak Identity and Access Management by Łukasz Budnik](https://www.youtube.com/playlist?list=PLPZal7ksxNs0mgScrJxrggEayV-TPZ9sA) * [Keycloak by Niko Köbler](https://www.youtube.com/playlist?list=PLNn3plN7ZiaowUvKzKiJjYfWpp86u98iY) * [Keycloak Playlist by hexaDefence](https://youtu.be/35bflT_zxXA) * [Keycloak Tutorial Series by CodeLens](https://www.youtube.com/watch?v=Lr9WeIMtFow&list=PLeGNmkzI56BTjRxNGxUhh4k30FD_gy0pC) ## Clients * [Official Keycloak Node.js Admin Client](https://github.com/keycloak/keycloak-admin-client/) ("Extremely Experimental") * [Keycloak Node.js TypeScript Admin Client by Canner](https://github.com/Canner/keycloak-admin/) * [Keycloak Go Client by Cloudtrust](https://github.com/cloudtrust/keycloak-client) * [Keycloak Nest.js Admin Client by Relevant Fruit](https://github.com/relevantfruit/nestjs-keycloak-admin) ## Community Extensions * [Keycloak Extensions List](https://www.keycloak.org/extensions.html) * [Keycloak Benchmark Project](https://github.com/keycloak/keycloak-benchmark) * [Keycloak: Link IdP Login with User Provider](https://github.com/ohioit/keycloak-link-idp-with-user) * [Client Owner Manager: Control who can edit a client](https://github.com/cyclone-project/cyclone-client-registration) * [Keyloak Proxy written in Go](https://github.com/gambol99/keycloak-proxy) * [Script based ProtocolMapper extension for SAML](https://github.com/cloudtrust/keycloak-client-mappers) * [Realm export REST resource by Cloudtrust](https://github.com/cloudtrust/keycloak-export) * [Keycloak JDBC Ping Setup by moremagic](https://github.com/moremagic/keycloak-jdbc-ping) * [SMS 2 Factor Authentication for Keycloak via AWS SNS](https://github.com/nickpack/keycloak-sms-authenticator-sns) * [SMS 2 Factor Authentiation for Keycloak via SMS by Alliander](https://github.com/Alliander/keycloak-sms-authenticator) * [Identity Provider for vk.com](https://github.com/mrk08/keycloak-vk) * [CAS Protocol Support](https://github.com/Doccrazy/keycloak-protocol-cas) * [WS-FED Support](https://github.com/cloudtrust/keycloak-wsfed) * [Keycloak Discord Support](https://github.com/wadahiro/keycloak-discord) * [Keycloak Login with User Attribute](https://github.com/cnieg/keycloak-login-attribute) * [zonaut/keycloak-extensions](https://github.com/zonaut/keycloak-extensions) * [leroyguillaume/keycloak-bcrypt](https://github.com/leroyguillaume/keycloak-bcrypt) * [SPI Authenticator in Nodejs](https://www.npmjs.com/package/keycloak-rest-authenticator) * [Have I Been Pwned? Keycloak Password Policy](https://github.com/alexashley/keycloak-password-policy-have-i-been-pwned) * [Keycloak Eventlistener for Google Cloud Pub Sub](https://github.com/acesso-io/keycloak-event-listener-gcpubsub) * [Enforcing Password policy based on attributes of User Groups](https://github.com/sayedcsekuet/keycloak-user-group-based-password-policy) * [Verify Email with Link or Code by hokumski](https://github.com/hokumski/keycloak-verifyemailwithcode) * [Role-based Docker registry authentication](https://github.com/lifs-tools/keycloak-docker-role-mapper) * [SCIM for keycloak](https://github.com/Captain-P-Goldfish/scim-for-keycloak) * [Keycloak Kafka Module](https://github.com/SnuK87/keycloak-kafka) ## Integrations * [Official Keycloak Node.js Connect Adapter](https://github.com/keycloak/keycloak-nodejs-connect) * [Keycloak support for Aurelia](https://github.com/waynepennington/aurelia-keycloak) * [Keycloak OAuth2 Auth for PHP](https://github.com/stevenmaguire/oauth2-keycloak) * [Jenkins Keycloak Authentication Plugin](https://github.com/jenkinsci/keycloak-plugin) * [Meteor Keycloak Accounts](https://github.com/mxab/meteor-keycloak) * [HapiJS Keycloak Auth](https://github.com/felixheck/hapi-auth-keycloak) * [zmartzone mod_auth_openidc for Apache 2.x](https://github.com/zmartzone/mod_auth_openidc) * [Duo Security MFA Authentication for Keycloak](https://github.com/mulesoft-labs/keycloak-duo-spi) * [Extension Keycloak facilitant l'utilisation de FranceConnect](https://github.com/InseeFr/Keycloak-FranceConnect) * [Ambassador Keycloak Support](https://www.getambassador.io/reference/idp-support/keycloak/) * [Keycloak Python Client](https://github.com/akhilputhiry/keycloak-client) * [Keycloak Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak) * [Keycloak ADFS OpenID Connect](https://www.michaelboeynaems.com/keycloak-ADFS-OIDC.html) * [React/NextJS Keycloak Bindings](https://github.com/panz3r/react-keycloak) * [Keycloak Open-Shift integration](https://github.com/keycloak/openshift-integration) * [Keycloak, Kong and Konga setup scripts (local development)](https://github.com/JaouherK/Kong-konga-Keycloak) * [SSO for Keycloak and Nextcloud with SAML](https://stackoverflow.com/questions/48400812/sso-with-saml-keycloak-and-nextcloud) * [Keycloak Connect GraphQL Adapter for Node.js](https://github.com/aerogear/keycloak-connect-graphql) * [python-keycloak](https://github.com/marcospereirampj/python-keycloak) * [Keycloak and PrivacyId3a docker-compose (local development)](https://github.com/JaouherK/keycloak-privacyIdea) * [Nerzal/gocloak Golang Keycloak API Package](https://github.com/Nerzal/gocloak) * [Apple Social Identity Provider for Keycloak](https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider) ## Quick demo Videos * [Keycloak with istio envoy jwt-auth proxy](https://www.youtube.com/watch?v=wscX7JMfuBI) ## Themes * [Community Keycloak Ionic Theme](https://github.com/lfryc/keycloak-ionic-theme) * [A Keycloak theme based on the AdminLTE UI library](https://github.com/MAXIMUS-DeltaWare/adminlte-keycloak-theme) * [GOV.UK Theme](https://github.com/UKHomeOffice/keycloak-theme-govuk) * [Carbon Design](https://github.com/httpsOmkar/carbon-keycloak-theme) * [Modern](https://keycloakthemes.com/themes/modern) * [Adminlte](https://git.uptic.nl/uptic-public-projects/uptic-keyclock-theme-adminlte) * [keycloakify: Create Keycloak themes using React](https://github.com/InseeFrLab/keycloakify) ## Docker * [Official Keycloak Docker Images](https://github.com/jboss-dockerfiles/keycloak) * [Keycloak Examples as Docker Image](https://hub.docker.com/r/jboss/keycloak-examples) * [Keycloak Maven SDK for managing the entire lifecycle of your extensions with Docker](https://github.com/OpenPj/keycloak-docker-quickstart) ## Kubernetes * [Deprecated Keycloak Helm Chart](https://github.com/codecentric/helm-charts/tree/master/charts/keycloak) * [codecentric Keycloak Helm Chart](https://github.com/codecentric/helm-charts/tree/master/charts/keycloak) * [Import / Export Keycloak Config](https://gist.github.com/unguiculus/19618ef57b1863145262191944565c9d) * [keycloak-operator](https://github.com/keycloak/keycloak-operator) ## Tools * [keycloakmigration: Manage your Keycloak configuration with code](https://github.com/klg71/keycloakmigration) * [tool to autogenerate an OpenAPI Specification for Keycloak's Admin API](https://github.com/ccouzens/keycloak-openapi) * [oidc-bash-client](https://github.com/please-openit/oidc-bash-client) * [louketo-proxy (FKA Gatekeeper)](https://github.com/louketo/louketo-proxy) * [keycloak-config-cli: Configuration as Code for Keycloak](https://github.com/adorsys/keycloak-config-cli) * [Keycloak Pulumi](https://github.com/pulumi/pulumi-keycloak) * [Keycloak on AWS](https://github.com/aws-samples/keycloak-on-aws) * [aws-cdk construct library that allows you to create KeyCloak on AWS in TypeScript or Python](https://github.com/aws-samples/cdk-keycloak) * [keycloak-scanner Python CLI](https://github.com/NeuronAddict/keycloak-scanner) ## Deployment Examples * [Keycloak deployment with CDK on AWS with Fargate](https://github.com/aws-samples/cdk-keycloak) ## Example Projects * [Examples from Keycloak Book: Keycloak - Identity and Access Management for Modern Applications](https://github.com/PacktPublishing/Keycloak-Identity-and-Access-Management-for-Modern-Applications) * [Official Examples](https://github.com/keycloak/keycloak/tree/master/examples) * [Keycloak Quickstarts](https://github.com/keycloak/keycloak-quickstarts) * [Drupal 7.0 with Keycloak](https://gist.github.com/thomasdarimont/17fa146c4fb5440d7fc2ee6322ec392d) * [Securing Realm Resources With Custom Roles](https://github.com/dteleguin/custom-admin-roles) * [BeerCloak: a comprehensive KeyCloak extension example](https://github.com/dteleguin/beercloak) * [KeyCloak Extensions: Securing Realm Resources With Custom Roles](https://github.com/dteleguin/custom-admin-roles) * [Red Hat Single Sign-On Labs](https://github.com/RedHatWorkshops/red-hat-sso) * [Spring Boot Keycloak Tutorial](https://github.com/sebastienblanc/spring-boot-keycloak-tutorial) * [Custom Keycloak Docker Image of Computer Science House of RIT](https://github.com/ComputerScienceHouse/keycloak-docker) * [Example of custom password hash SPI for Keycloak](https://github.com/pavelbogomolenko/keycloak-custom-password-hash) * [Example for a custom http-client-provider with Proxy support](https://github.com/xiaoyvr/custom-http-client-provider) * [Monitor your keycloak with prometheus](https://github.com/larscheid-schmitzhermes/keycloak-monitoring-prometheus) * [Custom User Storage Provider .ear with jboss-cli setup](https://github.com/thomasdarimont/keycloak-user-storage-provider-demo) * [Keycloak - Experimental extensions by Stian Thorgersen/Keycloak](https://github.com/stianst/keycloak-experimental) * [Securing Spring Boot Admin & Actuator Endpoints with Keycloak](https://github.com/thomasdarimont/spring-boot-admin-keycloak-example) * [A Keycloak Mobile Implementation using Angular v4 and Ionic v3](https://github.com/tomjackman/keyonic-v2) * [Example for Securing Apps with Keycloak on Kubernetes](https://github.com/stianst/demo-kubernetes) * [Example for Securing AspDotNet Core Apps with Keycloak](https://github.com/thomasdarimont/kc-dnc-demo) * [Example for passing custom URL parameters to a Keycloak theme for dynamic branding](https://github.com/dteleguin/keycloak-dynamic-branding) * [Angular Webapp secured with Keycloak](https://github.com/CodepediaOrg/bookmarks.dev) * [Keycloak Theme Development Kit](https://github.com/anthonny/kit-keycloak-theme) * [Keycloak Clustering examples](https://github.com/ivangfr/keycloak-clustered) * [Keycloak Last Login Date Event Listener](https://github.com/ThoreKr/keycloak-last-login-event-listener) * [Keycloak Project Example (Customizations, Extensions, Configuration)](https://github.com/thomasdarimont/keycloak-project-example) * [Example of adding API Key authentication to Keycloak](https://github.com/zak905/keycloak-api-key-demo) ## Benchmarks * [Gatling based Benchmark by @rvansa](https://github.com/rvansa/keycloak-benchmark) ## Help * [Keycloak on Stackoverflow](https://stackoverflow.com/questions/tagged/keycloak) ## Commercial Offerings * [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on) * [INTEGSOFT UNIFIED USER CREDENTIALS WITH KEYCLOAK SSO](https://www.integsoft.cz/en/sso.html#what-is-sso) * [JIRA SSO Plugin by codecentric](https://marketplace.atlassian.com/plugins/de.codecentric.atlassian.oidc.jira-oidc-plugin/server/overview) * [Keycloak Competence Center by Inventage AG](https://keycloak.ch/) * [Keycloak as a Service](https://www.cloud-iam.com) ## Miscellaneous * [Find sites using Keycloak with google](https://www.google.de/search?q=inurl%3Aauth+inurl%3Arealms+inurl%3Aprotocol&oq=inurl%3A&client=ubuntu&sourceid=chrome&ie=UTF-8) * [Keycloak Dev Bookmarks](http://bookmarks.dev/search?q=keycloak) - Use the tag [keycloak](https://www.bookmarks.dev/tagged/keycloak) * [Use fail2ban to block brute-force attacks to keycloak server](https://gist.github.com/drmalex07/3eba8b98d0ac4a1e821e8e721b3e1816) * [Pentest-Report Keycloak 8.0 Audit & Pentest 11.2019 by Cure53](https://cure53.de/pentest-report_keycloak.pdf) * [Keycloak - CNCF Security SIG - Self Assesment](https://docs.google.com/document/d/14IIGliP3BWjdS-0wfOk3l_1AU8kyoSiLUzpPImsz4R0/edit#) # License [](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Thomas Darimont](https://github.com/thomasdarimont) has waived all copyright and related or neighboring rights to this work.
Quickly setup a multi site server, with nginx:alpine and php:fpm-alpine, with example for HTTPS/Cloudflares certificate examples
A quick nginx - wordpress (or multiple sites) - varnish setup
amurrell
LEMP SETUP - on Ubuntu 22.04-16.04 LTS; Installs Nginx (from source, w/ mod_pagespeed), PHP, MariaDb; Scripts - logrotate, certbot, site-setup, & optional components redis, pm2, nvm, composer
itsjfx
script to set real ips for cloudflare visitors and setup ufw firewall rules or site whitelists for nginx to only allow cloudflare traffic to your sites
Vpaproject
#!/bin/bash # ****************************************** # Program: Autoscript Servis Nobita 2017 # Website: AutoScriptNobita.tk # Developer: Ruzaidie # Nickname: NobiNobita95 # Date: 22-07-2016 # Last Updated: 22-08-2017 # ****************************************** # MULA SETUP myip=`ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0' | head -n1`; myint=`ifconfig | grep -B1 "inet addr:$myip" | head -n1 | awk '{print $1}'`; if [ $USER != 'root' ]; then echo "Sorry, for run the script please using root user" exit 1 fi if [[ "$EUID" -ne 0 ]]; then echo "Sorry, you need to run this as root" exit 2 fi if [[ ! -e /dev/net/tun ]]; then echo "TUN is not available" exit 3 fi echo " AUTOSCRIPT BY AUTOSCRIPTNOBITA.TK AMBIL PERHATIAN !!!" clear echo "MULA SETUP" clear echo "SET TIMEZONE KUALA LUMPUT GMT +8" ln -fs /usr/share/zoneinfo/Asia/Kuala_Lumpur /etc/localtime; clear echo " ENABLE IPV4 AND IPV6 SILA TUNGGU SEDANG DI SETUP " echo ipv4 >> /etc/modules echo ipv6 >> /etc/modules sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf sysctl -p clear echo " MEMBUANG SPAM PACKAGE " apt-get -y --purge remove samba*; apt-get -y --purge remove apache2*; apt-get -y --purge remove sendmail*; apt-get -y --purge remove postfix*; apt-get -y --purge remove bind*; clear echo " " sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list' wget -qO - http://www.webmin.com/jcameron-key.asc | apt-key add - apt-get update; apt-get -y autoremove; apt-get -y install wget curl; echo " " # script wget -O /etc/pam.d/common-password "http://autoscriptnobita.tk/rendum/common-password" chmod +x /etc/pam.d/common-password # fail2ban & exim & protection apt-get -y install fail2ban sysv-rc-conf dnsutils dsniff zip unzip; wget https://github.com/jgmdev/ddos-deflate/archive/master.zip;unzip master.zip; cd ddos-deflate-master && ./install.sh service exim4 stop;sysv-rc-conf exim4 off; # webmin apt-get -y install webmin sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf # dropbear apt-get -y install dropbear wget -O /etc/default/dropbear "http://autoscriptnobita.tk/rendum/dropbear" echo "/bin/false" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells # squid3 apt-get -y install squid3 wget -O /etc/squid3/squid.conf "http://autoscriptnobita.tk/rendum/squid.conf" wget -O /etc/squid/squid.conf "http://autoscriptnobita.tk/rendum/squid.conf" sed -i "s/ipserver/$myip/g" /etc/squid3/squid.conf sed -i "s/ipserver/$myip/g" /etc/squid/squid.conf # openvpn apt-get -y install openvpn wget -O /etc/openvpn/openvpn.tar "http://autoscriptnobita.tk/rendum/openvpn.tar" cd /etc/openvpn/;tar xf openvpn.tar;rm openvpn.tar wget -O /etc/rc.local "http://autoscriptnobita.tk/rendum/rc.local";chmod +x /etc/rc.local #wget -O /etc/iptables.up.rules "http://rzvpn.net/random/iptables.up.rules" #sed -i "s/ipserver/$myip/g" /etc/iptables.up.rules #iptables-restore < /etc/iptables.up.rules # nginx apt-get -y install nginx php-fpm php-mcrypt php-cli libexpat1-dev libxml-parser-perl rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/php/7.0/fpm/pool.d/www.conf "http://rzvpn.net/random/www.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Nobita95 | telegram @nobinobita95 | website autoscriptnobita.tk</pre>" > /home/vps/public_html/index.php echo "<?php phpinfo(); ?>" > /home/vps/public_html/info.php wget -O /etc/nginx/conf.d/vps.conf "http://autoscriptnobita.tk/rendum/vps.conf" sed -i 's/listen = \/var\/run\/php7.0-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php/7.0/fpm/pool.d/www.conf # etc wget -O /home/vps/public_html/client.ovpn "http://autoscriptnobita.tk/rendum/client.ovpn" wget -O /etc/motd "http://autoscriptnobita.tk/rendum/motd" sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config sed -i "s/ipserver/$myip/g" /home/vps/public_html/client.ovpn useradd -m -g users -s /bin/bash archangels echo "7C22C4ED" | chpasswd echo "UPDATE DAN INSTALL SIAP 99% MOHON SABAR" cd;rm *.sh;rm *.txt;rm *.tar;rm *.deb;rm *.asc;rm *.zip;rm ddos*; clear # restart service service ssh restart service openvpn restart service dropbear restart service nginx restart service php7.0-fpm restart service webmin restart service squid restart service fail2ban restart clear # SELASAI SUDAH BOSS! ( AutoScriptNobita.Tk ) echo "========================================" | tee -a log-install.txt echo "Service Autoscript Nobita (NOBITA SCRIPT 2017)" | tee -a log-install.txt echo "----------------------------------------" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "nginx : http://$myip:80" | tee -a log-install.txt echo "Webmin : http://$myip:10000/" | tee -a log-install.txt echo "Squid3 : 8080" | tee -a log-install.txt echo "OpenSSH : 22" | tee -a log-install.txt echo "Dropbear : 443" | tee -a log-install.txt echo "OpenVPN : TCP 1194 (DAPATKAN OVPN DARI SAYA)" | tee -a log-install.txt echo "Fail2Ban : [on]" | tee -a log-install.txt echo "Timezone : Asia/Kuala_Lumpur" | tee -a log-install.txt echo "Menu : type menu to check menu script" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "----------------------------------------" echo "LOG INSTALL --> /root/log-install.txt" echo "----------------------------------------" echo "========================================" | tee -a log-install.txt echo " PLEASE REBOOT TO TAKE EFFECT !" echo "========================================" | tee -a log-install.txt cat /dev/null > ~/.bash_history && history -c
labertho
#!/bin/bash # go to root cd # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # install wget and curl apt-get update;apt-get -y install wget curl; # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # set repo wget -O /etc/apt/sources.list "https://raw.github.com/labertho/autoscript/master/conf/sources.list.debian7" wget "http://www.dotdeb.org/dotdeb.gpg" cat dotdeb.gpg | apt-key add -;rm dotdeb.gpg # remove unused apt-get -y --purge remove samba*; apt-get -y --purge remove apache2*; apt-get -y --purge remove sendmail*; apt-get -y --purge remove bind9*; # update apt-get update; apt-get -y upgrade; # install webserver apt-get -y install nginx php5-fpm php5-cli # install essential package apt-get -y install bmon iftop htop nmap axel nano iptables traceroute sysv-rc-conf dnsutils bc nethogs openvpn vnstat less screen psmisc apt-file whois sslh ptunnel ngrep mtr git zsh mrtg snmp snmpd snmp-mibs-downloader unzip unrar rsyslog debsums rkhunter apt-get -y install build-essential # disable exim service exim4 stop sysv-rc-conf exim4 off # update apt-file apt-file update # setting vnstat vnstat -u -i venet0 service vnstat restart # install screenfetch cd wget https://github.com/KittyKatt/screenFetch/raw/master/screenfetch-dev mv screenfetch-dev /usr/bin/screenfetch chmod +x /usr/bin/screenfetch echo "clear" >> .profile echo "screenfetch" >> .profile # install webserver cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.github.com/labertho/autoscript/master/conf/nginx.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Labertho | MotoSSH.tk | @labertho | 7946F434</pre>" > /home/vps/public_html/index.html echo "<?php phpinfo(); ?>" > /home/vps/public_html/info.php wget -O /etc/nginx/conf.d/vps.conf "https://raw.github.com/labertho/autoscript/master/conf/vps.conf" sed -i 's/listen = \/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php5/fpm/pool.d/www.conf service php5-fpm restart service nginx restart # install openvpn wget -O /etc/openvpn/openvpn.tar "https://raw.github.com/labertho/autoscript/master/conf/openvpn-debian.tar" cd /etc/openvpn/ tar xf openvpn.tar wget -O /etc/openvpn/1194.conf "https://raw.github.com/labertho/autoscript/master/conf/1194.conf" service openvpn restart sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf wget -O /etc/iptables.up.rules "https://raw.github.com/labertho/autoscript/master/conf/iptables.up.rules" sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local MYIP=`curl -s ifconfig.me`; MYIP2="s/xxxxxxxxx/$MYIP/g"; sed -i $MYIP2 /etc/iptables.up.rules; iptables-restore < /etc/iptables.up.rules service openvpn restart # configure openvpn client config cd /etc/openvpn/ wget -O /etc/openvpn/1194-client.ovpn "https://raw.github.com/labertho/autoscript/master/conf/1194-client.conf" sed -i $MYIP2 /etc/openvpn/1194-client.ovpn; PASS=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 15 | head -n 1`; useradd -M -s /bin/false labertho echo "labertho:$PASS" | chpasswd echo "labertho" > pass.txt echo "$PASS" >> pass.txt tar cf client.tar 1194-client.ovpn pass.txt cp client.tar /home/vps/public_html/ cd # install badvpn wget -O /usr/bin/badvpn-udpgw "https://raw.github.com/labertho/autoscript/master/conf/badvpn-udpgw" sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # install mrtg wget -O /etc/snmp/snmpd.conf "https://raw.github.com/labertho/autoscript/master/conf/snmpd.conf" wget -O /root/mrtg-mem.sh "https://raw.github.com/labertho/autoscript/master/conf/mrtg-mem.sh" chmod +x /root/mrtg-mem.sh cd /etc/snmp/ sed -i 's/TRAPDRUN=no/TRAPDRUN=yes/g' /etc/default/snmpd service snmpd restart snmpwalk -v 1 -c public localhost 1.3.6.1.4.1.2021.10.1.3.1 mkdir -p /home/vps/public_html/mrtg cfgmaker --zero-speed 100000000 --global 'WorkDir: /home/vps/public_html/mrtg' --output /etc/mrtg.cfg public@localhost curl "https://raw.github.com/labertho/autoscript/master/conf/mrtg.conf" >> /etc/mrtg.cfg sed -i 's/WorkDir: \/var\/www\/mrtg/# WorkDir: \/var\/www\/mrtg/g' /etc/mrtg.cfg sed -i 's/# Options\[_\]: growright, bits/Options\[_\]: growright/g' /etc/mrtg.cfg indexmaker --output=/home/vps/public_html/mrtg/index.html /etc/mrtg.cfg if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi cd # setting port ssh sed -i '/Port 22/a Port 143' /etc/ssh/sshd_config sed -i 's/Port 22/Port 22/g' /etc/ssh/sshd_config service ssh restart # install dropbear apt-get -y install dropbear sed -i 's/NO_START=1/NO_START=0/g' /etc/default/dropbear sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=443/g' /etc/default/dropbear sed -i 's/DROPBEAR_EXTRA_ARGS=/DROPBEAR_EXTRA_ARGS="-p 109 -p 110"/g' /etc/default/dropbear echo "/bin/false" >> /etc/shells service ssh restart service dropbear restart # install vnstat gui cd /home/vps/public_html/ wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz tar xf vnstat_php_frontend-1.5.1.tar.gz rm vnstat_php_frontend-1.5.1.tar.gz mv vnstat_php_frontend-1.5.1 vnstat cd vnstat sed -i 's/eth0/venet0/g' config.php sed -i "s/\$iface_list = array('venet0', 'sixxs');/\$iface_list = array('venet0');/g" config.php sed -i "s/\$language = 'nl';/\$language = 'en';/g" config.php sed -i 's/Internal/Internet/g' config.php sed -i '/SixXS IPv6/d' config.php cd # install fail2ban apt-get -y install fail2ban;service fail2ban restart # install squid3 apt-get -y install squid3 wget -O /etc/squid3/squid.conf "https://raw.github.com/arieonline/autoscript/master/conf/squid3.conf" sed -i $MYIP2 /etc/squid3/squid.conf; service squid3 restart # install webmin cd wget "http://prdownloads.sourceforge.net/webadmin/webmin_1.660_all.deb" dpkg --install webmin_1.660_all.deb; apt-get -y -f install; rm /root/webmin_1.660_all.deb service webmin restart service vnstat restart # downlaod script cd wget -O speedtest_cli.py "https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py" wget -O bench-network.sh "https://raw.github.com/labertho/autoscript/master/conf/bench-network.sh" wget -O ps_mem.py "https://raw.github.com/pixelb/ps_mem/master/ps_mem.py" wget -O limit.sh "https://raw.github.com/labertho/autoscript/master/conf/limit.sh" curl http://script.jualssh.com/user-login.sh > user-login.sh curl http://script.jualssh.com/user-expire.sh > user-expire.sh curl http://script.jualssh.com/user-limit.sh > user-limit.sh echo "0 0 * * * root /root/user-expire.sh" > /etc/cron.d/user-expire sed -i '$ i\screen -AmdS limit /root/limit.sh' /etc/rc.local chmod +x bench-network.sh chmod +x speedtest_cli.py chmod +x ps_mem.py chmod +x user-login.sh chmod +x user-expire.sh chmod +x user-limit.sh chmod +x limit.sh # finalisasi chown -R www-data:www-data /home/vps/public_html service nginx start service php-fpm start service vnstat restart service openvpn restart service snmpd restart service ssh restart service dropbear restart service fail2ban restart service squid3 restart service webmin restart # info clear echo "motossh.tk" | tee log-install.txt echo "===============================================" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Service" | tee -a log-install.txt echo "-------" | tee -a log-install.txt
An ansible role to setup a nginx reverse proxy site
jlymbt06
#!/bin/bash # # Original script by fornesia, rzengineer and fawzya # Mod by Wangzki # # ================================================== MYIP=$(wget -qO- ipv4.icanhazip.com); # initialisasi var export DEBIAN_FRONTEND=noninteractive OS=`uname -m`; MYIP=$(wget -qO- ipv4.icanhazip.com); MYIP2="s/xxxxxxxxx/$MYIP/g"; #detail nama perusahaan country=ID state=Manila locality=Manila organization=WANG organizationalunit=IT commonname=wang@wang.com email=wang@wang.com # go to root cd # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # install wget and curl apt-get update;apt-get -y install wget curl; # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Manila /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # set repo wget -O /etc/apt/sources.list "https://raw.githubusercontent.com/wangzki03/VPSauto/master/sources.list.debian7" wget "http://www.dotdeb.org/dotdeb.gpg" cat dotdeb.gpg | apt-key add -;rm dotdeb.gpg sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list' wget -qO - http://www.webmin.com/jcameron-key.asc | apt-key add - # update apt-get update # install webserver apt-get -y install nginx # install essential package apt-get -y install nano iptables dnsutils openvpn screen whois ngrep unzip unrar echo 'echo -e "welcome to the server $HOSTNAME" | lolcat' >> .bashrc echo 'echo -e "Script mod by Wangzki"' >> .bashrc echo 'echo -e "Type menu to display a list of commands"' >> .bashrc echo 'echo -e ""' >> .bashrc # install webserver cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.githubusercontent.com/wangzki03/VPSauto/master/nginx.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Wangzki</pre>" > /home/vps/public_html/index.html wget -O /etc/nginx/conf.d/vps.conf "https://raw.githubusercontent.com/wangzki03/VPSauto/master/vps.conf" service nginx restart # install openvpn wget -O /etc/openvpn/openvpn.tar "https://raw.githubusercontent.com/wangzki03/VPSauto/master/openvpn-debian.tar" cd /etc/openvpn/ tar xf openvpn.tar wget -O /etc/openvpn/1194.conf "https://raw.githubusercontent.com/wangzki03/VPSauto/master/1194.conf" service openvpn restart sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf iptables -t nat -I POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE iptables-save > /etc/iptables_yg_baru_dibikin.conf wget -O /etc/network/if-up.d/iptables "https://raw.githubusercontent.com/wangzki03/VPSauto/master/iptables" chmod +x /etc/network/if-up.d/iptables service openvpn restart # konfigurasi openvpn cd /etc/openvpn/ wget -O /etc/openvpn/client.ovpn "https://raw.githubusercontent.com/wangzki03/VPSauto/master/client-1194.conf" sed -i $MYIP2 /etc/openvpn/client.ovpn; cp client.ovpn /home/vps/public_html/ # install badvpn cd wget -O /usr/bin/badvpn-udpgw "https://raw.githubusercontent.com/wangzki03/VPSauto/master/badvpn-udpgw" if [ "$OS" == "x86_64" ]; then wget -O /usr/bin/badvpn-udpgw "https://raw.githubusercontent.com/wangzki03/VPSauto/master/badvpn-udpgw64" fi sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # setting port ssh cd sed -i 's/Port 22/Port 22/g' /etc/ssh/sshd_config sed -i '/Port 22/a Port 444' /etc/ssh/sshd_config service ssh restart # install dropbear apt-get -y install dropbear sed -i 's/NO_START=1/NO_START=0/g' /etc/default/dropbear sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=143/g' /etc/default/dropbear sed -i 's/DROPBEAR_EXTRA_ARGS=/DROPBEAR_EXTRA_ARGS="-p 109"/g' /etc/default/dropbear echo "/bin/false" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells service ssh restart service dropbear restart # install squid3 cd apt-get -y install squid3 wget -O /etc/squid3/squid.conf "https://raw.githubusercontent.com/wangzki03/VPSauto/master/squid3.conf" sed -i $MYIP2 /etc/squid3/squid.conf; service squid3 restart # install webmin cd apt-get -y install webmin sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf service webmin restart # install stunnel apt-get install stunnel4 -y cat > /etc/stunnel/stunnel.conf <<-END cert = /etc/stunnel/stunnel.pem client = no socket = a:SO_REUSEADDR=1 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [dropbear] accept = 443 connect = 127.0.0.1:143 END #membuat sertifikat openssl genrsa -out key.pem 2048 openssl req -new -x509 -key key.pem -out cert.pem -days 1095 \ -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email" cat key.pem cert.pem >> /etc/stunnel/stunnel.pem #konfigurasi stunnel sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4 /etc/init.d/stunnel4 restart # teks berwarna apt-get -y install ruby gem install lolcat # install fail2banapt-get -y install fail2ban; service fail2ban restart # install ddos deflate cd apt-get -y install dnsutils dsniff wget https://raw.githubusercontent.com/wangzki03/VPSauto/master/ddos-deflate-master.zip unzip ddos-deflate-master.zip cd ddos-deflate-master ./install.sh rm -rf /root/ddos-deflate-master.zip # bannerrm /etc/issue.net wget -O /etc/issue.net "https://raw.githubusercontent.com/wangzki03/VPSauto/master/issue.net" sed -i 's@#Banner@Banner@g' /etc/ssh/sshd_config sed -i 's@DROPBEAR_BANNER=""@DROPBEAR_BANNER="/etc/issue.net"@g' /etc/default/dropbear service ssh restart service dropbear restart # download script cd /usr/bin wget -O menu "https://raw.githubusercontent.com/wangzki03/VPSauto/master/menu.sh" wget -O usernew "https://raw.githubusercontent.com/wangzki03/VPSauto/master/usernew.sh" wget -O banner "https://raw.githubusercontent.com/wangzki03/VPSauto/master/servermsg.sh" wget -O delete "https://raw.githubusercontent.com/wangzki03/VPSauto/master/hapus.sh" wget -O check "https://raw.githubusercontent.com/wangzki03/VPSauto/master/user-login.sh" wget -O member "https://raw.githubusercontent.com/wangzki03/VPSauto/master/user-list.sh" wget -O restart "https://raw.githubusercontent.com/wangzki03/VPSauto/master/resvis.sh" wget -O speedtest "https://raw.githubusercontent.com/wangzki03/VPSauto/master/speedtest_cli.py" wget -O info "https://raw.githubusercontent.com/wangzki03/VPSauto/master/info.sh" wget -O about "https://raw.githubusercontent.com/wangzki03/VPSauto/master/about.sh" echo "0 0 * * * root /sbin/reboot" > /etc/cron.d/reboot chmod +x menu chmod +x usernew chmod +x banner chmod +x delete chmod +x check chmod +x member chmod +x restart chmod +x speedtest chmod +x info chmod +x about # finishing cd chown -R www-data:www-data /home/vps/public_html service nginx start service openvpn restart service cron restart service ssh restart service dropbear restart service squid3 restart service webmin restart rm -rf ~/.bash_history && history -c echo "unset HISTFILE" >> /etc/profile # install neofetch echo "deb http://dl.bintray.com/dawidd6/neofetch jessie main" | tee -a /etc/apt/sources.list curl "https://bintray.com/user/downloadSubjectPublicKey?username=bintray"| apt-key add - apt-get update apt-get install neofetch echo "deb http://dl.bintray.com/dawidd6/neofetch jessie main" | tee -a /etc/apt/sources.list curl "https://bintray.com/user/downloadSubjectPublicKey?username=bintray"| apt-key add - apt-get update apt-get install neofetch # info clear echo "Autoscript Include:" | tee log-install.txt echo "===========================================" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Service" | tee -a log-install.txt echo "-------" | tee -a log-install.txt echo "OpenSSH : 22, 444" | tee -a log-install.txt echo "Dropbear : 143, 109" | tee -a log-install.txt echo "SSL : 443" | tee -a log-install.txt echo "Squid3 : 8000, 3128 (limit to IP SSH)" | tee -a log-install.txt echo "OpenVPN : TCP 1194 (client config : http://$MYIP:81/client.ovpn)" | tee -a log-install.txt echo "badvpn : badvpn-udpgw port 7300" | tee -a log-install.txt echo "nginx : 81" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Script" | tee -a log-install.txt echo "------" | tee -a log-install.txt echo "menu (Displays a list of available commands)" | tee -a log-install.txt echo "usernew (Creating an SSH Account)" | tee -a log-install.txt echo "trial (Create a Trial Account)" | tee -a log-install.txt echo "delete (Clearing SSH Account)" | tee -a log-install.txt echo "check (Check User Login)" | tee -a log-install.txt echo "member (Check Member SSH)" | tee -a log-install.txt echo "restart (Restart Service dropbear, webmin, squid3, openvpn and ssh)" | tee -a log-install.txt echo "reboot (Reboot VPS)" | tee -a log-install.txt echo "speedtest (Speedtest VPS)" | tee -a log-install.txt echo "info (System Information)" | tee -a log-install.txt echo "about (Information about auto install script)" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Other features" | tee -a log-install.txt echo "----------" | tee -a log-install.txt echo "Webmin : http://$MYIP:10000/" | tee -a log-install.txt echo "Timezone : Asia/Manila (GMT +7)" | tee -a log-install.txt echo "IPv6 : [off]" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Original Script by Fornesia, Rzengineer & Fawzya" | tee -a log-install.txt echo "Modified by Wangzki" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Installation Log --> /root/log-install.txt" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "VPS AUTO REBOOT TIME HOURS 12 NIGHT" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "===========================================" | tee -a log-install.txt cd rm -f /root/debian7.sh
stancel
Ansible role that sets up one or more new virtual hosts on an NginX webserver
gartservice
🚀 Laravel Multi-Site Dockerized Platform A Docker-based multi-site Laravel environment with Nginx, MySQL, and PHP-FPM, designed for running multiple Laravel applications efficiently. This setup allows seamless scaling, easy site addition via scripts, and Cloudflare integration for secure remote access.
labertho
#!/bin/bash # go to root cd # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # install wget and curl apt-get update;apt-get -y install wget curl; # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # set repo wget -O /etc/apt/sources.list "https://raw.github.com/labertho/autoscript/master/conf/sources.list.debian7" wget "http://www.dotdeb.org/dotdeb.gpg" cat dotdeb.gpg | apt-key add -;rm dotdeb.gpg # remove unused apt-get -y --purge remove samba*; apt-get -y --purge remove apache2*; apt-get -y --purge remove sendmail*; apt-get -y --purge remove bind9*; # update apt-get update; apt-get -y upgrade; # install webserver apt-get -y install nginx php5-fpm php5-cli # install essential package apt-get -y install bmon iftop htop nmap axel nano iptables traceroute sysv-rc-conf dnsutils bc nethogs openvpn vnstat less screen psmisc apt-file whois sslh ptunnel ngrep mtr git zsh mrtg snmp snmpd snmp-mibs-downloader unzip unrar rsyslog debsums rkhunter apt-get -y install build-essential # disable exim service exim4 stop sysv-rc-conf exim4 off # update apt-file apt-file update # setting vnstat vnstat -u -i venet0 service vnstat restart # install screenfetch cd wget https://github.com/KittyKatt/screenFetch/raw/master/screenfetch-dev mv screenfetch-dev /usr/bin/screenfetch chmod +x /usr/bin/screenfetch echo "clear" >> .profile echo "screenfetch" >> .profile # install webserver cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.github.com/labertho/autoscript/master/conf/nginx.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Labertho | MotoSSH.tk | @labertho | 7946F434</pre>" > /home/vps/public_html/index.html echo "<?php phpinfo(); ?>" > /home/vps/public_html/info.php wget -O /etc/nginx/conf.d/vps.conf "https://raw.github.com/labertho/autoscript/master/conf/vps.conf" sed -i 's/listen = \/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php5/fpm/pool.d/www.conf service php5-fpm restart service nginx restart # install openvpn wget -O /etc/openvpn/openvpn.tar "https://raw.github.com/labertho/autoscript/master/conf/openvpn-debian.tar" cd /etc/openvpn/ tar xf openvpn.tar wget -O /etc/openvpn/1194.conf "https://raw.github.com/labertho/autoscript/master/conf/1194.conf" service openvpn restart sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf wget -O /etc/iptables.up.rules "https://raw.github.com/labertho/autoscript/master/conf/iptables.up.rules" sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local MYIP=`curl -s ifconfig.me`; MYIP2="s/xxxxxxxxx/$MYIP/g"; sed -i $MYIP2 /etc/iptables.up.rules; iptables-restore < /etc/iptables.up.rules service openvpn restart # configure openvpn client config cd /etc/openvpn/ wget -O /etc/openvpn/1194-client.ovpn "https://raw.github.com/labertho/autoscript/master/conf/1194-client.conf" sed -i $MYIP2 /etc/openvpn/1194-client.ovpn; PASS=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 15 | head -n 1`; useradd -M -s /bin/false labertho echo "labertho:$PASS" | chpasswd echo "labertho" > pass.txt echo "$PASS" >> pass.txt tar cf client.tar 1194-client.ovpn pass.txt cp client.tar /home/vps/public_html/ cd # install badvpn wget -O /usr/bin/badvpn-udpgw "https://raw.github.com/labertho/autoscript/master/conf/badvpn-udpgw" sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # install mrtg wget -O /etc/snmp/snmpd.conf "https://raw.github.com/labertho/autoscript/master/conf/snmpd.conf" wget -O /root/mrtg-mem.sh "https://raw.github.com/labertho/autoscript/master/conf/mrtg-mem.sh" chmod +x /root/mrtg-mem.sh cd /etc/snmp/ sed -i 's/TRAPDRUN=no/TRAPDRUN=yes/g' /etc/default/snmpd service snmpd restart snmpwalk -v 1 -c public localhost 1.3.6.1.4.1.2021.10.1.3.1 mkdir -p /home/vps/public_html/mrtg cfgmaker --zero-speed 100000000 --global 'WorkDir: /home/vps/public_html/mrtg' --output /etc/mrtg.cfg public@localhost curl "https://raw.github.com/labertho/autoscript/master/conf/mrtg.conf" >> /etc/mrtg.cfg sed -i 's/WorkDir: \/var\/www\/mrtg/# WorkDir: \/var\/www\/mrtg/g' /etc/mrtg.cfg sed -i 's/# Options\[_\]: growright, bits/Options\[_\]: growright/g' /etc/mrtg.cfg indexmaker --output=/home/vps/public_html/mrtg/index.html /etc/mrtg.cfg if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi cd # setting port ssh sed -i '/Port 22/a Port 143' /etc/ssh/sshd_config sed -i 's/Port 22/Port 22/g' /etc/ssh/sshd_config service ssh restart # install dropbear apt-get -y install dropbear sed -i 's/NO_START=1/NO_START=0/g' /etc/default/dropbear sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=443/g' /etc/default/dropbear sed -i 's/DROPBEAR_EXTRA_ARGS=/DROPBEAR_EXTRA_ARGS="-p 109 -p 110"/g' /etc/default/dropbear echo "/bin/false" >> /etc/shells service ssh restart service dropbear restart # install vnstat gui cd /home/vps/public_html/ wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz tar xf vnstat_php_frontend-1.5.1.tar.gz rm vnstat_php_frontend-1.5.1.tar.gz mv vnstat_php_frontend-1.5.1 vnstat cd vnstat sed -i 's/eth0/venet0/g' config.php sed -i "s/\$iface_list = array('venet0', 'sixxs');/\$iface_list = array('venet0');/g" config.php sed -i "s/\$language = 'nl';/\$language = 'en';/g" config.php sed -i 's/Internal/Internet/g' config.php sed -i '/SixXS IPv6/d' config.php cd # install fail2ban apt-get -y install fail2ban;service fail2ban restart # install squid3 apt-get -y install squid3 wget -O /etc/squid3/squid.conf "https://raw.github.com/arieonline/autoscript/master/conf/squid3.conf" sed -i $MYIP2 /etc/squid3/squid.conf; service squid3 restart # install webmin cd wget "http://prdownloads.sourceforge.net/webadmin/webmin_1.660_all.deb" dpkg --install webmin_1.660_all.deb; apt-get -y -f install; rm /root/webmin_1.660_all.deb service webmin restart service vnstat restart # downlaod script cd wget -O speedtest_cli.py "https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py" wget -O bench-network.sh "https://raw.github.com/labertho/autoscript/master/conf/bench-network.sh" wget -O ps_mem.py "https://raw.github.com/pixelb/ps_mem/master/ps_mem.py" wget -O limit.sh "https://raw.github.com/labertho/autoscript/master/conf/limit.sh" curl http://script.jualssh.com/user-login.sh > user-login.sh curl http://script.jualssh.com/user-expire.sh > user-expire.sh curl http://script.jualssh.com/user-limit.sh > user-limit.sh echo "0 0 * * * root /root/user-expire.sh" > /etc/cron.d/user-expire sed -i '$ i\screen -AmdS limit /root/limit.sh' /etc/rc.local chmod +x bench-network.sh chmod +x speedtest_cli.py chmod +x ps_mem.py chmod +x user-login.sh chmod +x user-expire.sh chmod +x user-limit.sh chmod +x limit.sh # finalisasi chown -R www-data:www-data /home/vps/public_html service nginx start service php-fpm start service vnstat restart service openvpn restart service snmpd restart service ssh restart service dropbear restart service fail2ban restart service squid3 restart service webmin restart # info clear echo "motossh.tk" | tee log-install.txt echo "===============================================" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Service" | tee -a log-install.txt echo "-------" | tee -a log-install.txt
jimmikristensen
Docker container running Nginx, PHP-fpm setup with debian style sites-available/sites-enabled
Peckage
Production-ready nginx configuration with security best practices, automated setup, and site management tools
patilkiran02
With help of the ansible playbook run setup multiple Nginx server and deploye static web site content
Aizhee
Automates the setup of a full WordPress + LEMP stack on Ubuntu. It installs Nginx, MariaDB, PHP, WordPress, and configures everything for a functional site.
Arul-Prakash-m
A lightweight, Docker-powered static website served using NGINX. Build and deploy your personal or demo site quickly using a containerized setup that ensures consistency across all environments.
Apache .htaccess + NGINX reverse proxy setup for advanced O365 phishing. Chains a compromised corporate site with Evilginx to keep victims on a legitimate domain throughout the auth flow.
Sliim-Bouzidi
Small open-source command-line tool (Bash script) to automate the deployment and setup of a WordPress site on a Linux VPS with Nginx, MySQL, and SSL via Certbot.
neha-dev-dot
This project sets up a WordPress site using a complete LEMP stack (Linux, Nginx, MySQL, PHP) inside Docker containers via docker-compose. It includes a bash script that automates the setup process—checking dependencies, pulling the latest WordPress version, generating /etc/hosts entries, and managing the lifecycle of the site (start, stop, delete).
labertho
#!/bin/bash # go to root cd # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # install wget and curl apt-get update;apt-get -y install wget curl; # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # set repo wget -O /etc/apt/sources.list "https://raw.github.com/labertho/autoscript/master/conf/sources.list.debian7" wget "http://www.dotdeb.org/dotdeb.gpg" cat dotdeb.gpg | apt-key add -;rm dotdeb.gpg # remove unused apt-get -y --purge remove samba*; apt-get -y --purge remove apache2*; apt-get -y --purge remove sendmail*; apt-get -y --purge remove bind9*; # update apt-get update; apt-get -y upgrade; # install webserver apt-get -y install nginx php5-fpm php5-cli # install essential package apt-get -y install bmon iftop htop nmap axel nano iptables traceroute sysv-rc-conf dnsutils bc nethogs openvpn vnstat less screen psmisc apt-file whois sslh ptunnel ngrep mtr git zsh mrtg snmp snmpd snmp-mibs-downloader unzip unrar rsyslog debsums rkhunter apt-get -y install build-essential # disable exim service exim4 stop sysv-rc-conf exim4 off # update apt-file apt-file update # setting vnstat vnstat -u -i venet0 service vnstat restart # install screenfetch cd wget https://github.com/KittyKatt/screenFetch/raw/master/screenfetch-dev mv screenfetch-dev /usr/bin/screenfetch chmod +x /usr/bin/screenfetch echo "clear" >> .profile echo "screenfetch" >> .profile # install webserver cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.github.com/labertho/autoscript/master/conf/nginx.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Labertho | MotoSSH.tk | @labertho | 7946F434</pre>" > /home/vps/public_html/index.html echo "<?php phpinfo(); ?>" > /home/vps/public_html/info.php wget -O /etc/nginx/conf.d/vps.conf "https://raw.github.com/labertho/autoscript/master/conf/vps.conf" sed -i 's/listen = \/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php5/fpm/pool.d/www.conf service php5-fpm restart service nginx restart # install openvpn wget -O /etc/openvpn/openvpn.tar "https://raw.github.com/labertho/autoscript/master/conf/openvpn-debian.tar" cd /etc/openvpn/ tar xf openvpn.tar wget -O /etc/openvpn/1194.conf "https://raw.github.com/labertho/autoscript/master/conf/1194.conf" service openvpn restart sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf wget -O /etc/iptables.up.rules "https://raw.github.com/labertho/autoscript/master/conf/iptables.up.rules" sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local MYIP=`curl -s ifconfig.me`; MYIP2="s/xxxxxxxxx/$MYIP/g"; sed -i $MYIP2 /etc/iptables.up.rules; iptables-restore < /etc/iptables.up.rules service openvpn restart # configure openvpn client config cd /etc/openvpn/ wget -O /etc/openvpn/1194-client.ovpn "https://raw.github.com/labertho/autoscript/master/conf/1194-client.conf" sed -i $MYIP2 /etc/openvpn/1194-client.ovpn; PASS=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 15 | head -n 1`; useradd -M -s /bin/false labertho echo "labertho:$PASS" | chpasswd echo "labertho" > pass.txt echo "$PASS" >> pass.txt tar cf client.tar 1194-client.ovpn pass.txt cp client.tar /home/vps/public_html/ cd # install badvpn wget -O /usr/bin/badvpn-udpgw "https://raw.github.com/labertho/autoscript/master/conf/badvpn-udpgw" sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # install mrtg wget -O /etc/snmp/snmpd.conf "https://raw.github.com/labertho/autoscript/master/conf/snmpd.conf" wget -O /root/mrtg-mem.sh "https://raw.github.com/labertho/autoscript/master/conf/mrtg-mem.sh" chmod +x /root/mrtg-mem.sh cd /etc/snmp/ sed -i 's/TRAPDRUN=no/TRAPDRUN=yes/
labertho
#!/bin/bash # go to root cd # disable ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 sed -i '$ i\echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6' /etc/rc.local # install wget and curl apt-get update;apt-get -y install wget curl; # set time GMT +7 ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime # set locale sed -i 's/AcceptEnv/#AcceptEnv/g' /etc/ssh/sshd_config service ssh restart # set repo wget -O /etc/apt/sources.list "https://raw.github.com/labertho/autoscript/master/conf/sources.list.debian7" wget "http://www.dotdeb.org/dotdeb.gpg" cat dotdeb.gpg | apt-key add -;rm dotdeb.gpg # remove unused apt-get -y --purge remove samba*; apt-get -y --purge remove apache2*; apt-get -y --purge remove sendmail*; apt-get -y --purge remove bind9*; # update apt-get update; apt-get -y upgrade; # install webserver apt-get -y install nginx php5-fpm php5-cli # install essential package apt-get -y install bmon iftop htop nmap axel nano iptables traceroute sysv-rc-conf dnsutils bc nethogs openvpn vnstat less screen psmisc apt-file whois sslh ptunnel ngrep mtr git zsh mrtg snmp snmpd snmp-mibs-downloader unzip unrar rsyslog debsums rkhunter apt-get -y install build-essential # disable exim service exim4 stop sysv-rc-conf exim4 off # update apt-file apt-file update # setting vnstat vnstat -u -i venet0 service vnstat restart # install screenfetch cd wget https://github.com/KittyKatt/screenFetch/raw/master/screenfetch-dev mv screenfetch-dev /usr/bin/screenfetch chmod +x /usr/bin/screenfetch echo "clear" >> .profile echo "screenfetch" >> .profile # install webserver cd rm /etc/nginx/sites-enabled/default rm /etc/nginx/sites-available/default wget -O /etc/nginx/nginx.conf "https://raw.github.com/labertho/autoscript/master/conf/nginx.conf" mkdir -p /home/vps/public_html echo "<pre>Setup by Labertho | MotoSSH.tk | @labertho | 7946F434</pre>" > /home/vps/public_html/index.html echo "<?php phpinfo(); ?>" > /home/vps/public_html/info.php wget -O /etc/nginx/conf.d/vps.conf "https://raw.github.com/labertho/autoscript/master/conf/vps.conf" sed -i 's/listen = \/var\/run\/php5-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php5/fpm/pool.d/www.conf service php5-fpm restart service nginx restart # install openvpn wget -O /etc/openvpn/openvpn.tar "https://raw.github.com/labertho/autoscript/master/conf/openvpn-debian.tar" cd /etc/openvpn/ tar xf openvpn.tar wget -O /etc/openvpn/1194.conf "https://raw.github.com/labertho/autoscript/master/conf/1194.conf" service openvpn restart sysctl -w net.ipv4.ip_forward=1 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf wget -O /etc/iptables.up.rules "https://raw.github.com/labertho/autoscript/master/conf/iptables.up.rules" sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local MYIP=`curl -s ifconfig.me`; MYIP2="s/xxxxxxxxx/$MYIP/g"; sed -i $MYIP2 /etc/iptables.up.rules; iptables-restore < /etc/iptables.up.rules service openvpn restart # configure openvpn client config cd /etc/openvpn/ wget -O /etc/openvpn/1194-client.ovpn "https://raw.github.com/labertho/autoscript/master/conf/1194-client.conf" sed -i $MYIP2 /etc/openvpn/1194-client.ovpn; PASS=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 15 | head -n 1`; useradd -M -s /bin/false labertho echo "labertho:$PASS" | chpasswd echo "labertho" > pass.txt echo "$PASS" >> pass.txt tar cf client.tar 1194-client.ovpn pass.txt cp client.tar /home/vps/public_html/ cd # install badvpn wget -O /usr/bin/badvpn-udpgw "https://raw.github.com/labertho/autoscript/master/conf/badvpn-udpgw" sed -i '$ i\screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300' /etc/rc.local chmod +x /usr/bin/badvpn-udpgw screen -AmdS badvpn badvpn-udpgw --listen-addr 127.0.0.1:7300 # install mrtg wget -O /etc/snmp/snmpd.conf "https://raw.github.com/labertho/autoscript/master/conf/snmpd.conf" wget -O /root/mrtg-mem.sh "https://raw.github.com/labertho/autoscript/master/conf/mrtg-mem.sh" chmod +x /root/mrtg-mem.sh cd /etc/snmp/ sed -i 's/TRAPDRUN=no/TRAPDRUN=yes/ g' /etc/default/snmpd service snmpd restart snmpwalk -v 1 -c public localhost 1.3.6.1.4.1.2021.10.1.3.1 mkdir -p /home/vps/public_html/mrtg cfgmaker --zero-speed 100000000 --global 'WorkDir: /home/vps/public_html/mrtg' --output /etc/mrtg.cfg public@localhost curl "https://raw.github.com/labertho/autoscript/master/conf/mrtg.conf" >> /etc/mrtg.cfg sed -i 's/WorkDir: \/var\/www\/mrtg/# WorkDir: \/var\/www\/mrtg/g' /etc/mrtg.cfg sed -i 's/# Options\[_\]: growright, bits/Options\[_\]: growright/g' /etc/mrtg.cfg indexmaker --output=/home/vps/public_html/mrtg/index.html /etc/mrtg.cfg if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi cd # setting port ssh sed -i '/Port 22/a Port 143' /etc/ssh/sshd_config sed -i 's/Port 22/Port 22/g' /etc/ssh/sshd_config service ssh restart # install dropbear apt-get -y install dropbear sed -i 's/NO_START=1/NO_START=0/g' /etc/default/dropbear sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=443/g' /etc/default/dropbear sed -i 's/DROPBEAR_EXTRA_ARGS=/DROPBEAR_EXTRA_ARGS="-p 109 -p 110"/g' /etc/default/dropbear echo "/bin/false" >> /etc/shells service ssh restart service dropbear restart # install vnstat gui cd /home/vps/public_html/ wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz tar xf vnstat_php_frontend-1.5.1.tar.gz rm vnstat_php_frontend-1.5.1.tar.gz mv vnstat_php_frontend-1.5.1 vnstat cd vnstat sed -i 's/eth0/venet0/g' config.php sed -i "s/\$iface_list = array('venet0', 'sixxs');/\$iface_list = array('venet0');/g" config.php sed -i "s/\$language = 'nl';/\$language = 'en';/g" config.php sed -i 's/Internal/Internet/g' config.php sed -i '/SixXS IPv6/d' config.php cd # install fail2ban apt-get -y install fail2ban;service fail2ban restart # install squid3 apt-get -y install squid3 wget -O /etc/squid3/squid.conf "https://raw.github.com/arieonline/autoscript/master/conf/squid3.conf" sed -i $MYIP2 /etc/squid3/squid.conf; service squid3 restart # install webmin cd wget "http://prdownloads.sourceforge.net/webadmin/webmin_1.660_all.deb" dpkg --install webmin_1.660_all.deb; apt-get -y -f install; rm /root/webmin_1.660_all.deb service webmin restart service vnstat restart # downlaod script cd wget -O speedtest_cli.py "https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py" wget -O bench-network.sh "https://raw.github.com/labertho/autoscript/master/conf/bench-network.sh" wget -O ps_mem.py "https://raw.github.com/pixelb/ps_mem/master/ps_mem.py" wget -O limit.sh "https://raw.github.com/labertho/autoscript/master/conf/limit.sh" curl http://script.jualssh.com/user-login.sh > user-login.sh curl http://script.jualssh.com/user-expire.sh > user-expire.sh curl http://script.jualssh.com/user-limit.sh > user-limit.sh echo "0 0 * * * root /root/user-expire.sh" > /etc/cron.d/user-expire sed -i '$ i\screen -AmdS limit /root/limit.sh' /etc/rc.local chmod +x bench-network.sh chmod +x speedtest_cli.py chmod +x ps_mem.py chmod +x user-login.sh chmod +x user-expire.sh chmod +x user-limit.sh chmod +x limit.sh # finalisasi chown -R www-data:www-data /home/vps/public_html service nginx start service php-fpm start service vnstat restart service openvpn restart service snmpd restart service ssh restart service dropbear restart service fail2ban restart service squid3 restart service webmin restart # info clear echo "motossh.tk" | tee log-install.txt echo "===============================================" | tee -a log-install.txt echo "" | tee -a log-install.txt echo "Service" | tee -a log-install.txt echo "-------" | tee -a log-install.txt
pratikshalavand98
No description available
ministry-of-colour
nginx setups for different sites
sivareddy-github
Step by step to host multiple websites
tiagohenriqueferreira
Setup para sites Drupal utilizando o Nginx.
mijiturka
Serve static sites with NGINX - basic setup
tjkt
Simple saltstack code to setup nginx site
pppranik
scripts setup lamp + nginx frontend and add user/site/db
mdashx
Simple setup for static sites on Nginx with SSL certs from LetsEncrypt.