digitalocean · adesokanayo · Mar 23, 2023
diff --git a/common/scripts/014-ufw-rabbitmq.sh b/common/scripts/014-ufw-rabbitmq.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ufw limit ssh
+ufw allow 15672/tcp
+ufw allow 5672/tcp
+
+ufw --force enable
diff --git a/rabbitmq-22-04/files/etc/nginx/sites-available/default b/rabbitmq-22-04/files/etc/nginx/sites-available/default
@@ -0,0 +1,66 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name hellonode;
+
+	location ^~ /assets/ {
+		gzip_static on;
+		expires 12h;
+		add_header Cache-Control public;
+  }
+
+	location / {
+		proxy_http_version 1.1;
+		proxy_cache_bypass $http_upgrade;
+
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection 'upgrade';
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+
+		proxy_pass http://localhost:3000;
+	}
+}
diff --git a/rabbitmq-22-04/files/etc/update-motd.d/99-one-click b/rabbitmq-22-04/files/etc/update-motd.d/99-one-click
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Configured as part of the DigitalOcean 1-Click Image build process
+
+
+myip=$(hostname -I | awk '{print$1}')
+cat <<EOF
+********************************************************************************
+
+Welcome to DigitalOcean's 1-Click RabbitMQ Droplet.
+
+RabbitMQ is one of the most popular open source message brokers. RabbitMQ is lightweight and easy to deploy on premises and in the cloud.
+ It supports multiple messaging protocols. RabbitMQ can be deployed in distributed and federated configurations 
+to meet high-scale, high-availability requirements.
+
+
+To keep this Droplet secure, the UFW firewall is enabled.
+All ports are BLOCKED except 15672 and 5672
+
+RabbitMQ  is configured with local user called Guest and can only be used via localhost.
+
+To create a new rabbitmq user
+
+Run the following commands:
+
+A. rabbitmqctl add_user <username> <password>
+B. rabbitmqctl set_user_tags <username> administrator
+C. rabbitmqctl set_permissions -p / <username> ".*' ".*" ".*"
+
+In a web browser, you can view:
+ * Your Web  website: http://$myip:15672
+
+For help and more information, visit link to 1-click
+
+********************************************************************************
+
+
+********************************************************************************
+To delete this message of the day: rm -rf $(readlink -f ${0})
+EOF
diff --git a/rabbitmq-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot b/rabbitmq-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+
+#Generate root passwords.
+admin_rabbitmq_pass=$(openssl rand -hex 24)
+
+# Generate some passwords
+cat > /root/.digitalocean_passwords << EOM
+admin_rabbitmq_password="${admin_rabbitmq_pass}"
+EOM
+
+source /root/.digitalocean_passwords
+
+
+# Remove the ssh force logout command
+sed -e '/Match User root/d' \
+    -e '/.*ForceCommand.*droplet.*/d' \
+    -i /etc/ssh/sshd_config
+
+systemctl restart ssh
diff --git a/rabbitmq-22-04/scripts/011-rabbitmq.sh b/rabbitmq-22-04/scripts/011-rabbitmq.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+set -e
+
+# https://www.rabbitmq.com/install-debian.html
+echo Installing RabbitMQ Server...
+cat <<EOF > /etc/apt/sources.list.d/rabbitmq.list
+deb http://www.rabbitmq.com/debian/ testing main
+EOF
+
+curl https://www.rabbitmq.com/rabbitmq-signing-key-public.asc -o /tmp/rabbitmq-signing-key-public.asc
+apt-key add /tmp/rabbitmq-signing-key-public.asc
+rm /tmp/rabbitmq-signing-key-public.asc
+
+apt-get -y install rabbitmq-server
+rabbitmq-plugins enable rabbitmq_management
+service rabbitmq-server restart
diff --git a/rabbitmq-22-04/template.json b/rabbitmq-22-04/template.json
@@ -0,0 +1,79 @@
+
+{
+  "variables": {
+    "do_api_token": "{{env `DIGITALOCEAN_API_TOKEN`}}",
+    "image_name": "rabbitmq-22-04-snapshot-{{timestamp}}",
+    "apt_packages": "apt-transport-https gnupg2 nginx wget curl unzip git python3-certbot-nginx",
+    "application_name": "RABBITMQ",
+    "application_version": ""
+  },
+  "sensitive-variables": ["do_api_token"],
+  "builders": [
+    {
+      "type": "digitalocean",
+      "api_token": "{{user `do_api_token`}}",
+      "image": "ubuntu-22-04-x64",
+      "region": "nyc3",
+      "size": "s-1vcpu-1gb",
+      "ssh_username": "root",
+      "snapshot_name": "{{user `image_name`}}"
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "shell",
+      "inline": [
+        "cloud-init status --wait"
+      ]
+    },
+    {
+      "type": "file",
+      "source": "common/files/var/",
+      "destination": "/var/"
+    },
+    {
+      "type": "file",
+      "source": "rabbitmq-22-04/files/etc/",
+      "destination": "/etc/"
+    },
+    {
+      "type": "file",
+      "source": "rabbitmq-22-04/files/var/",
+      "destination": "/var/"
+    },
+    {
+      "type": "shell",
+      "environment_vars": [
+        "DEBIAN_FRONTEND=noninteractive",
+        "LC_ALL=C",
+        "LANG=en_US.UTF-8",
+        "LC_CTYPE=en_US.UTF-8"
+      ],
+      "inline": [
+        "apt -qqy update",
+        "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade",
+        "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages`}}",
+        "apt-get -qqy clean"
+      ]
+    },
+    {
+      "type": "shell",
+      "environment_vars": [
+        "application_name={{user `application_name`}}",
+        "application_version={{user `application_version`}}",
+        "DEBIAN_FRONTEND=noninteractive",
+        "LC_ALL=C",
+        "LANG=en_US.UTF-8",
+        "LC_CTYPE=en_US.UTF-8"
+      ],
+      "scripts": [
+        "common/scripts/010-nodejs.sh",
+        "rabbitmq-22-04/scripts/011-rabbitmq.sh",
+        "common/scripts/014-ufw-rabbitmq.sh",
+        "common/scripts/018-force-ssh-logout.sh",
+        "common/scripts/020-application-tag.sh",
+        "common/scripts/900-cleanup.sh"
+      ]
+    }
+  ]
+}