Difference between revisions of "NXFilter"

From Michael's Information Zone
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Install==
 
==Install==
 +
===Install Custom Cert===
 +
<ref>http://www.nxfilter.org/tutorial.html#custom-ssl</ref>
 +
<pre>
 +
How do I apply my own SSL certificate?
 +
We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters.
 +
keystore_file = conf/myown.keystore
 +
keystore_pass = 123456
 +
* About how to build keystore file, read Tomcat manual.
 +
</pre>
 +
<ref>https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html</ref>
 +
<pre>
 +
To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool.
 +
 +
To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like:
 +
 +
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
 +
                        -out mycert.p12 -name tomcat -CAfile myCA.crt
 +
                        -caname root -chain
 +
</pre>
 +
 
==Update Shallalist==
 
==Update Shallalist==
 
This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"<br>
 
This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"<br>
Line 48: Line 68:
 
echo "The version downloaded is $zip. Do you want to continue?"
 
echo "The version downloaded is $zip. Do you want to continue?"
 
read -s answer
 
read -s answer
if [ "$answer" = "n" ]; then
+
if [ "$answer" != "y" ]; then
 
exit 1
 
exit 1
 
else
 
else
Line 59: Line 79:
 
systemctl start nxfilter
 
systemctl start nxfilter
 
fi
 
fi
 +
</pre>
 +
==Amazon Linux 2==
 +
<pre>
 +
yum update -y
 +
yum install -y java-1.8.0-openjdk
 
</pre>
 
</pre>

Latest revision as of 14:30, 20 October 2018

Install

Install Custom Cert

[1]

How do I apply my own SSL certificate?
We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters.
keystore_file = conf/myown.keystore
keystore_pass = 123456
* About how to build keystore file, read Tomcat manual.

[2]

To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool.

To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
                        -out mycert.p12 -name tomcat -CAfile myCA.crt
                        -caname root -chain

Update Shallalist

This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"

NOTE : Edit to fit your environment

systemctl stop nxfilter
state=$(systemctl --all | grep nxfilter)
if grep -q running <<< $state; then
#echo "Still Running"
sleep 5
exec /<script location>/nxupdate.sh
else
cd /<installdirectory>/bin/
#pwd
exec /<installdirectory>/bin/update_sh.sh
fi

Systemd Unit File

Make sure to modify the unit file to fit your environment.
/etc/systemd/system/nxfilter.service

[Unit]
Description=NXFilter startup script
After=network.target

[Service]
Type=simple
ExecStart=/<installdirectory>/bin/startup.sh
ExecStop=/<installdirectory>/bin/shutdown.sh

[Install]
WantedBy=default.target

Upgrade

Copy the URL from the NXFilter site to use with the script
nxupgrade.sh https://nxfilter......

#!/bin/bash
wget "$1" &> /tmp/wgetnxfilter
grep "Saving to:" /tmp/wgetnxfilter > /tmp/wgetnxfilter2
sed -i "s/\’//" /tmp/wgetnxfilter2
sed -i "s/\‘//" /tmp/wgetnxfilter2
rm -f /tmp/wgetnxfilter
sed -i 's/^Saving\ to:\ //' /tmp/wgetnxfilter2
zip=$(cat /tmp/wgetnxfilter2)
rm -f /tmp/wgetnxfilter2
echo "The version downloaded is $zip. Do you want to continue?"
read -s answer
if [ "$answer" != "y" ]; then
	exit 1
else
	systemctl stop nxfilter
	unzip $zip
	echo "systemctl start nxfilter" >> /<install directory>/bin/update_sh.sh
	chmod +x /<install directory>/bin/update_sh.sh
	chmod +x /<install directory>/bin/shutdown.sh
	chmod +x /<install directory>/bin/startup.sh
	systemctl start nxfilter
fi

Amazon Linux 2

yum update -y
yum install -y java-1.8.0-openjdk