Shellinabox enable SSL using Letsencrypt Certificate


In previous tutorial i already explain about how to install Shellinabox in Ubuntu server. If you need to enable SSL feature you will need OpenSSL that generate you a local cert.
This tutorial will enable you to use Let's Encrypt certificate.

Shellinabox will locally generate certificate using openssl and store it in: /var/lib/shellinabox. It usually contains certificate-<yoursite.com>.pem and certificate.pem.
The problem is shellinbox only can use one key certificate, you have to make Letsencrypt key to be one key. You need to combine fullchain.pem and privkey.pem in one file. Please refer to my previous Letsencryrpt installation to get the files.

Manually you can do this to combine the keys:

cat fullchain.pem privkey.pem > certificate-www.waysquare.com.pem

Copy certificate-www.waysquare.com.pem to /var/lib/shellinabox/. Delete any previous generated files in that folder.
Then, restart shellinabox. Now you can see the padlock is green :)

How to automatically combine letsencrypt key in case the certificate is re-generate for renewal?

Build from source

Luckily there are workaround to automatically do the above process. User https://github.com/a-detiste has commit a fix, but not yet merge to the master repo. Thanks to him. We got this automatically now.
The new combined file located at root project directory.

I already pull his branch to my repo, just clone the branch and build it from source.

git clone -b letsencrypt --single-branch https://github.com/wahyuway/shellinabox.git

Install dependencies:

sudo apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf

Run autotools in project directory

autoreconf -i

Run configure and make in project directory

./configure && make

Install to global

make install

Then, you need to configure the Shellinbox configuration, and save it to: /etc/default/ so the full file configuration located at /etc/default/shellinbox

shellinbox file configuration, if you want to change the default port, edit it here:

# Should shellinaboxd start automatically
SHELLINABOX_DAEMON_START=1

# TCP port that shellinboxd's webserver listens on
SHELLINABOX_PORT=4200

# Parameters that are managed by the system and usually should not need
# changing:
# SHELLINABOX_DATADIR=/var/lib/shellinabox
# SHELLINABOX_USER=shellinabox
# SHELLINABOX_GROUP=shellinabox

# Any optional arguments (e.g. extra service definitions).  Make sure
# that that argument is quoted.
#
#   Beeps are disabled because of reports of the VLC plugin crashing
#   Firefox on Linux/x86_64.
SHELLINABOX_ARGS="--no-beep"

Create systemd unit, name it shellinabox and save it at: /etc/init.d/


#!/bin/sh
### BEGIN INIT INFO
# Provides:          shellinabox
# Required-Start:    $network $remote_fs
# Required-Stop:     $network $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Shell In A Box Daemon
# Description:       Daemon for publishing a login shell at
#                    http://localhost:SHELLINABOX_PORT
#                    where default port number is 4200.
### END INIT INFO

# Authors: Markus Gutschke <markus@shellinabox.com>, Marc Singer <elf@buici.com>

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
DESC="Shell In A Box Daemon"
NAME="shellinabox"
DAEMON="/usr/local/bin/shellinaboxd"
PIDFILE="/var/run/shellinaboxd.pid"
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x $DAEMON ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# Set some default values
SHELLINABOX_DATADIR="${SHELLINABOX_DATADIR:-/var/lib/shellinabox}"
SHELLINABOX_PORT="${SHELLINABOX_PORT:-4200}"
SHELLINABOX_USER="${SHELLINABOX_USER:-shellinabox}"
SHELLINABOX_GROUP="${SHELLINABOX_GROUP:-shellinabox}"

#
#       Function that starts the daemon/service.
#
d_start() {
  if [ -z "$SHELLINABOX_DAEMON_START" -o                                      \
          "$SHELLINABOX_DAEMON_START" = "0" ]; then
    return 0
  fi

  eval start-stop-daemon --start --oknodo --pidfile "'$PIDFILE'"              \
                    --exec "'$DAEMON'" -- -q --background="'$PIDFILE'"        \
                    -c "'${SHELLINABOX_DATADIR}'" -p "'${SHELLINABOX_PORT}'"  \
                    -u "'${SHELLINABOX_USER}'" -g "'${SHELLINABOX_GROUP}'"    \
                    $(for i in $(ls /etc/shellinabox/options-enabled/*.css |
                                 sed -e                                       \
                                    's/.*[/]\([0-9]*\)[-_+][^/:,;]*[.]css/\1/'|
                                 sort -u); do
                        for j in /etc/shellinabox/options-enabled/"$i"*.css; do
                          echo -n "$j" |
                          sed -e 's/\(.*[/]\)\([0-9]*\)\([-_+]\)\([^/:,;]*\)[.]css/\4:\3\1\2\3\4.css,/
                                  s/:_/:-/'
                        done |
                        sed -e 's/,$/;/'
                      done |
                      sed -e 's/;$//
                              //b
                              s/.*/--user-css "\0"/')                         \
                    "${SHELLINABOX_ARGS}"
}

#
#       Function that stops the daemon/service.
#
d_stop() {
  start-stop-daemon --stop --oknodo --pidfile "$PIDFILE"
  rm -f "$PIDFILE"
}

#
#       Function that reloads the config file for the daemon/service.
#
d_reload() {
  # Only reload if there are no active sessions running
  [ -r "$PIDFILE" ] &&
    [ `ps o pid= --ppid "\`cat "$PIDFILE"\`\`ps o pid= --ppid \
                                                \\\`cat "$PIDFILE"\\\`|
                                             xargs -r -n 1 printf ',%s'\`" |
       wc -l` -gt 1 ] &&
    return 1

  d_stop
  d_start
}

#
#       Function that check the status of the daemon/service.
#
d_status() {
  [ -r "$PIDFILE" ] && kill -0 `cat "$PIDFILE"` &&
    echo "$DESC is running" || echo "$DESC is not running"
}

case "$1" in
    start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
        d_start
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
    stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        d_stop
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
    reload)
        [ "$VERBOSE" != no ] && log_daemon_msg "Reloading services for $DESC" "$NAME"
        d_reload
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
    restart|force-reload)
        [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
        d_stop
        d_start
        case "$?" in
            0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
            *) [ "$VERBOSE" != no ] && log_end_msg 1 ;; # Failed to start
        esac
        ;;
    status)
        d_status
        ;;
    *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload}" >&2
        exit 1
        ;;
esac

exit 0

Reload systemd daemon to reload the changes

sudo systemctl daemon-reload

Enable and start unit service

sudo systemctl enable shellinabox && sudo systemctl start shellinabox

Check status if it is already running

sudo systemctl status shellinabox

Check listening port

sudo netstat -nap | grep shellinabox

Summary
If no issue, test and access shellinabox in your browser. Now, your server will automatically generate key for shellinabox automatically.

Shellinabox enable SSL using Letsencrypt Certificate
Share this