[BETA] Secure webinterface with letsencrypt+certbot SSL/HTTPS certificate
Posted: Fri Jan 27, 2023 1:43 am
Running TS3MusicBot with SSL/HTTPS:
Server requirements to create a keystore certificate:
Run this script in any folder of your system, best outside of your TS3MusicBot folder(s). In this example we use /etc/TS3MusicBot/:
Usage (3 different options):
1. Create a new certificate with certbot from letsencrypt and generate the keystore file:
./createTS3MusicBotSecureKeystore.sh your_domain set_a_keystore_password_here
The letsencrypt certificate is valid for 90 days, till it expires.
2. To renew your existing certbot/letsencrypt certificate run:
./createTS3MusicBotSecureKeystore.sh your_domain set_a_keystore_password_here renew
3. Create the keystore file from an existing certificate you own:
./createTS3MusicBotSecureKeystore.sh /path/to/your/existing/certificate/fullchain.pem set_a_keystore_password_here
Add a cronjob to periodically rerun the "renew" command (only for a certbot/letsencrypt created certificate):
Then start your bots with the additional arguments:
which will run the bot webinterface with the following url (eg. if you set -port 8080):
https://your_domain:8080
All bots running on the same system can use the same keystore TS3MusicBot_secured.jks file!
Screenshots:
The manual way:
Server requirements to create a keystore certificate:
Code: Select all
TCP port 80 has to be free and open for the time running this script. You may need to stop apache2/nginx/httpd for a moment, if port 80 is in use.apt-get install certbot openssl openjdk-8-jre (or newer, the version you already running your bot/s with is working)
Run this script in any folder of your system, best outside of your TS3MusicBot folder(s). In this example we use /etc/TS3MusicBot/:
Code: Select all
mkdir /etc/TS3MusicBot
Code: Select all
Use this script to automate the keystore creation process:
cd /etc/TS3MusicBot
Code: Select all
wget -O createTS3MusicBotSecureKeystore.sh https://forum.ts3musicbot.net/download/file.php?id=513 && chmod +x createTS3MusicBotSecureKeystore.sh
Usage (3 different options):
1. Create a new certificate with certbot from letsencrypt and generate the keystore file:
./createTS3MusicBotSecureKeystore.sh your_domain set_a_keystore_password_here
The letsencrypt certificate is valid for 90 days, till it expires.
2. To renew your existing certbot/letsencrypt certificate run:
./createTS3MusicBotSecureKeystore.sh your_domain set_a_keystore_password_here renew
3. Create the keystore file from an existing certificate you own:
./createTS3MusicBotSecureKeystore.sh /path/to/your/existing/certificate/fullchain.pem set_a_keystore_password_here
Add a cronjob to periodically rerun the "renew" command (only for a certbot/letsencrypt created certificate):
Code: Select all
crontab -e
Code: Select all
0 */12 * * * /etc/TS3MusicBot/createTS3MusicBotSecureKeystore.sh your_domain set_a_keystore_password_here renew
Then start your bots with the additional arguments:
Code: Select all
-secure /etc/TS3MusicBot/TS3MusicBot_secured.jks -secure-pw set_a_keystore_password_here
which will run the bot webinterface with the following url (eg. if you set -port 8080):
https://your_domain:8080
All bots running on the same system can use the same keystore TS3MusicBot_secured.jks file!
Screenshots:
The manual way:
► Show Spoiler