Обновить cockpit/cockpit-installer.sh

2026-04-12 13:41:40 +00:00
parent f91925a840
commit ec5a01380a
1 changed files with 7 additions and 40 deletions
--- a/cockpit/cockpit-installer.sh
+++ b/cockpit/cockpit-installer.sh
@@ -40,7 +40,6 @@ show_help() {
 }

 # ─── Parse arguments ──────────────────────────────────────────────────────────
-readonly COCKPIT_PORT=12345
 NEW_USER="user"
 USER_PASSWORD=""
 TIMEZONE="UTC"
@@ -84,13 +83,6 @@ if ! command -v apt &>/dev/null; then
 fi
 log_ok "OS check passed"

-# ─── Check port is not in use ─────────────────────────────────────────────────
-if ss -tlnp | grep -q ":${COCKPIT_PORT} "; then
-  log_err "Port $COCKPIT_PORT is already in use. The script uses a fixed Cockpit port and cannot continue"
-  exit 1
-fi
-log_ok "Cockpit will use fixed port $COCKPIT_PORT"
-
 # ─── Validate timezone ────────────────────────────────────────────────────────
 if ! timedatectl list-timezones | grep -qx "$TIMEZONE"; then
  log_err "Invalid timezone: '$TIMEZONE'"
@@ -126,7 +118,6 @@ else
  log_info "Using provided password"
 fi

-log_info "Cockpit port : $COCKPIT_PORT"
 log_info "Username     : $NEW_USER"
 log_info "Timezone     : $TIMEZONE"

@@ -152,9 +143,9 @@ if ! ufw status | grep -q '22/tcp'; then
  ufw allow 22/tcp
 fi

-ufw allow "${COCKPIT_PORT}/tcp"
+ufw allow 9090/tcp
 ufw --force enable
-log_ok "ufw enabled. Open ports: 22/tcp, ${COCKPIT_PORT}/tcp"
+log_ok "ufw enabled. Open ports: 22/tcp, 9090/tcp"

 # ─── 4. Install fail2ban ──────────────────────────────────────────────────────
 log_ok "Installing fail2ban..."
@@ -172,7 +163,7 @@ port    = 22

 [cockpit]
 enabled  = true
-port     = ${COCKPIT_PORT}
+port     = 9090
 filter   = cockpit
 logpath  = /var/log/auth.log
 maxretry = 5
@@ -218,31 +209,7 @@ apt install -y cockpit
 systemctl enable cockpit.socket
 systemctl start cockpit.socket

-# ─── 7. Change Cockpit port ───────────────────────────────────────────────────
-log_ok "Configuring Cockpit on port $COCKPIT_PORT..."
-
-mkdir -p /etc/cockpit
-
-cat > /etc/cockpit/cockpit.conf <<EOF
-[WebService]
-ListenStream=${COCKPIT_PORT}
-Origins = https://localhost:${COCKPIT_PORT}
-ProtocolHeader = X-Forwarded-Proto
-EOF
-
-mkdir -p /etc/systemd/system/cockpit.socket.d
-
-cat > /etc/systemd/system/cockpit.socket.d/listen.conf <<EOF
-[Socket]
-ListenStream=
-ListenStream=${COCKPIT_PORT}
-EOF
-
-systemctl daemon-reload
-systemctl restart cockpit.socket
-log_ok "Cockpit restarted on port $COCKPIT_PORT"
-
-# ─── 8. Create certificate script ─────────────────────────────────────────────
+# ─── 7. Create certificate script ─────────────────────────────────────────────
 log_ok "Creating certificate script..."

 CERT_SCRIPT="/usr/local/bin/selfcert-renew.sh"
@@ -355,7 +322,7 @@ log_ok "Certificate script created at $CERT_SCRIPT"

 bash "$CERT_SCRIPT"

-# ─── 9. Create cron job ───────────────────────────────────────────────────────
+# ─── 8. Create cron job ───────────────────────────────────────────────────────
 log_ok "Setting up daily cron job for certificate renewal..."

 cat > /etc/cron.d/selfcert-renew <<EOF
@@ -365,7 +332,7 @@ EOF
 chmod 644 /etc/cron.d/selfcert-renew
 log_ok "Cron job created at /etc/cron.d/selfcert-renew"

-# ─── 10. Print summary ────────────────────────────────────────────────────────
+# ─── 9. Print summary ────────────────────────────────────────────────────────
 SERVER_IP=$(hostname -I | awk '{print $1}')

 # Stop logging to file before printing sensitive info
@@ -377,7 +344,7 @@ echo -e "${GREEN}  ✅  Setup complete!${NC}"
 echo -e "${GREEN}════════════════════════════════════════════════${NC}"
 echo ""
 echo -e "  🌐  ${BLUE}Cockpit URL:${NC}"
-echo -e "      https://${SERVER_IP}:${COCKPIT_PORT}"
+echo -e "      https://${SERVER_IP}:9090"
 echo ""
 echo -e "  👤  ${BLUE}User credentials:${NC}"
 echo -e "      Login:    ${NEW_USER}"