Обновить cockpit/cockpit-installer.sh

cockpit/cockpit-installer.sh

@@ -40,7 +40,6 @@ show_help() {
 }
 
 # ─── Parse arguments ──────────────────────────────────────────────────────────
-readonly COCKPIT_PORT=12345
 NEW_USER="user"
 USER_PASSWORD=""
 TIMEZONE="UTC"
@@ -84,13 +83,6 @@ if ! command -v apt &>/dev/null; then
 fi
 log_ok "OS check passed"
 
-# ─── Check port is not in use ─────────────────────────────────────────────────
-if ss -tlnp | grep -q ":${COCKPIT_PORT} "; then
-  log_err "Port $COCKPIT_PORT is already in use. The script uses a fixed Cockpit port and cannot continue"
-  exit 1
-fi
-log_ok "Cockpit will use fixed port $COCKPIT_PORT"
-
 # ─── Validate timezone ────────────────────────────────────────────────────────
 if ! timedatectl list-timezones | grep -qx "$TIMEZONE"; then
   log_err "Invalid timezone: '$TIMEZONE'"
@@ -126,7 +118,6 @@ else
   log_info "Using provided password"
 fi
 
-log_info "Cockpit port : $COCKPIT_PORT"
 log_info "Username     : $NEW_USER"
 log_info "Timezone     : $TIMEZONE"
 
@@ -152,9 +143,9 @@ if ! ufw status | grep -q '22/tcp'; then
   ufw allow 22/tcp
 fi
 
-ufw allow "${COCKPIT_PORT}/tcp"
+ufw allow 9090/tcp
 ufw --force enable
-log_ok "ufw enabled. Open ports: 22/tcp, ${COCKPIT_PORT}/tcp"
+log_ok "ufw enabled. Open ports: 22/tcp, 9090/tcp"
 
 # ─── 4. Install fail2ban ──────────────────────────────────────────────────────
 log_ok "Installing fail2ban..."
@@ -172,7 +163,7 @@ port    = 22
 
 [cockpit]
 enabled  = true
-port     = ${COCKPIT_PORT}
+port     = 9090
 filter   = cockpit
 logpath  = /var/log/auth.log
 maxretry = 5
@@ -218,31 +209,7 @@ apt install -y cockpit
 systemctl enable cockpit.socket
 systemctl start cockpit.socket
 
-# ─── 7. Change Cockpit port ───────────────────────────────────────────────────
+# ─── 7. Create certificate script ─────────────────────────────────────────────
-log_ok "Configuring Cockpit on port $COCKPIT_PORT..."
-
-mkdir -p /etc/cockpit
-
-cat > /etc/cockpit/cockpit.conf <<EOF
-[WebService]
-ListenStream=${COCKPIT_PORT}
-Origins = https://localhost:${COCKPIT_PORT}
-ProtocolHeader = X-Forwarded-Proto
-EOF
-
-mkdir -p /etc/systemd/system/cockpit.socket.d
-
-cat > /etc/systemd/system/cockpit.socket.d/listen.conf <<EOF
-[Socket]
-ListenStream=
-ListenStream=${COCKPIT_PORT}
-EOF
-
-systemctl daemon-reload
-systemctl restart cockpit.socket
-log_ok "Cockpit restarted on port $COCKPIT_PORT"
-
-# ─── 8. Create certificate script ─────────────────────────────────────────────
 log_ok "Creating certificate script..."
 
 CERT_SCRIPT="/usr/local/bin/selfcert-renew.sh"
@@ -355,7 +322,7 @@ log_ok "Certificate script created at $CERT_SCRIPT"
 
 bash "$CERT_SCRIPT"
 
-# ─── 9. Create cron job ───────────────────────────────────────────────────────
+# ─── 8. Create cron job ───────────────────────────────────────────────────────
 log_ok "Setting up daily cron job for certificate renewal..."
 
 cat > /etc/cron.d/selfcert-renew <<EOF
@@ -365,7 +332,7 @@ EOF
 chmod 644 /etc/cron.d/selfcert-renew
 log_ok "Cron job created at /etc/cron.d/selfcert-renew"
 
-# ─── 10. Print summary ────────────────────────────────────────────────────────
+# ─── 9. Print summary ────────────────────────────────────────────────────────
 SERVER_IP=$(hostname -I | awk '{print $1}')
 
 # Stop logging to file before printing sensitive info
@@ -377,7 +344,7 @@ echo -e "${GREEN}  ✅  Setup complete!${NC}"
 echo -e "${GREEN}════════════════════════════════════════════════${NC}"
 echo ""
 echo -e "  🌐  ${BLUE}Cockpit URL:${NC}"
-echo -e "      https://${SERVER_IP}:${COCKPIT_PORT}"
+echo -e "      https://${SERVER_IP}:9090"
 echo ""
 echo -e "  👤  ${BLUE}User credentials:${NC}"
 echo -e "      Login:    ${NEW_USER}"