Difference between revisions of "NXFilter"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Install== | ==Install== | ||
+ | ===Install Custom Cert=== | ||
+ | <ref>http://www.nxfilter.org/tutorial.html#custom-ssl</ref> | ||
+ | <pre> | ||
+ | How do I apply my own SSL certificate? | ||
+ | We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters. | ||
+ | keystore_file = conf/myown.keystore | ||
+ | keystore_pass = 123456 | ||
+ | * About how to build keystore file, read Tomcat manual. | ||
+ | </pre> | ||
+ | <ref>https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html</ref> | ||
+ | <pre> | ||
+ | To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool. | ||
+ | |||
+ | To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: | ||
+ | |||
+ | openssl pkcs12 -export -in mycert.crt -inkey mykey.key | ||
+ | -out mycert.p12 -name tomcat -CAfile myCA.crt | ||
+ | -caname root -chain | ||
+ | </pre> | ||
+ | |||
==Update Shallalist== | ==Update Shallalist== | ||
This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"<br> | This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"<br> | ||
Line 48: | Line 68: | ||
echo "The version downloaded is $zip. Do you want to continue?" | echo "The version downloaded is $zip. Do you want to continue?" | ||
read -s answer | read -s answer | ||
− | if [ "$answer" = " | + | if [ "$answer" != "y" ]; then |
exit 1 | exit 1 | ||
else | else | ||
Line 59: | Line 79: | ||
systemctl start nxfilter | systemctl start nxfilter | ||
fi | fi | ||
+ | </pre> | ||
+ | ==Amazon Linux 2== | ||
+ | <pre> | ||
+ | yum update -y | ||
+ | yum install -y java-1.8.0-openjdk | ||
</pre> | </pre> |
Latest revision as of 14:30, 20 October 2018
Contents
Install
Install Custom Cert
How do I apply my own SSL certificate? We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters. keystore_file = conf/myown.keystore keystore_pass = 123456 * About how to build keystore file, read Tomcat manual.
To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool. To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain
Update Shallalist
This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"
NOTE : Edit to fit your environment
systemctl stop nxfilter state=$(systemctl --all | grep nxfilter) if grep -q running <<< $state; then #echo "Still Running" sleep 5 exec /<script location>/nxupdate.sh else cd /<installdirectory>/bin/ #pwd exec /<installdirectory>/bin/update_sh.sh fi
Systemd Unit File
Make sure to modify the unit file to fit your environment.
/etc/systemd/system/nxfilter.service
[Unit] Description=NXFilter startup script After=network.target [Service] Type=simple ExecStart=/<installdirectory>/bin/startup.sh ExecStop=/<installdirectory>/bin/shutdown.sh [Install] WantedBy=default.target
Upgrade
Copy the URL from the NXFilter site to use with the script
nxupgrade.sh https://nxfilter......
#!/bin/bash wget "$1" &> /tmp/wgetnxfilter grep "Saving to:" /tmp/wgetnxfilter > /tmp/wgetnxfilter2 sed -i "s/\’//" /tmp/wgetnxfilter2 sed -i "s/\‘//" /tmp/wgetnxfilter2 rm -f /tmp/wgetnxfilter sed -i 's/^Saving\ to:\ //' /tmp/wgetnxfilter2 zip=$(cat /tmp/wgetnxfilter2) rm -f /tmp/wgetnxfilter2 echo "The version downloaded is $zip. Do you want to continue?" read -s answer if [ "$answer" != "y" ]; then exit 1 else systemctl stop nxfilter unzip $zip echo "systemctl start nxfilter" >> /<install directory>/bin/update_sh.sh chmod +x /<install directory>/bin/update_sh.sh chmod +x /<install directory>/bin/shutdown.sh chmod +x /<install directory>/bin/startup.sh systemctl start nxfilter fi
Amazon Linux 2
yum update -y yum install -y java-1.8.0-openjdk