106 deployments · 81 still active · last rev. 6 months ago
Installs the Ubiquiti UniFi SDN Controller. Configures LetsEncrypt certificates for HTTPS. Creates and saves firewall rules to allow only necessary traffic, including a pre-routing redirect of 443 to 8443 for standard HTTPS. Creates an Nginx redirect from port 80 to 443 to force unencrypted HTTP to HTTPS. Installs fail2ban to prevent brute force SSH attacks.
Runs great on a Nanode.
*** IMPORTANT *** LetsEncrypt expects your hostname to resolve to your IP before creating certificates. Have your DNS configuration pulled up and ready, and add the relevant entry as soon as the Linode deployment shows your your IP address. The software updates/installs happening in the script before the certificate creation will give you enough time to save your DNS settings.
(Based on https://www.linode.com/stackscripts/view/335530 ; Thanks, eseelke !)