Shellinabox enable SSL using Letsencrypt Certificate

Posted on

In previous tutorial i already explain about how to install Shellinabox in Ubuntu server. If you need to enable SSL feature you will need OpenSSL that generate you a local cert.
This tutorial will enable you to use Let’s Encrypt certificate.

Shellinabox will locally generate certificate using openssl and store it in: /var/lib/shellinabox. It usually contains certificate-<>.pem and certificate.pem.
The problem is shellinbox only can use one key certificate, you have to make Letsencrypt key to be one key. You need to combine fullchain.pem and privkey.pem in one file. Please refer to my previous Letsencryrpt installation to get the files.

Manually you can do this to combine the keys:

cat fullchain.pem privkey.pem >

Copy to /var/lib/shellinabox/. Delete any previous generated files in that folder.
Then, restart shellinabox. Now you can see the padlock is green 🙂

How to automatically combine letsencrypt key in case the certificate is re-generate for renewal?

Build from source

Luckily there are workaround to automatically do the above process. User has commit a fix, but not yet merge to the master repo. Thanks to him. We got this automatically now.
The new combined file located at root project directory.

I already pull his branch to my repo, just clone the branch and build it from source.

git clone -b letsencrypt --single-branch

Install dependencies:

sudo apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf

Run autotools in project directory

autoreconf -i

Run configure and make in project directory

./configure && make

Install to global

make install

Then, you need to configure the Shellinbox configuration, and save it to: /etc/default/ so the full file configuration located at /etc/default/shellinbox

shellinbox file configuration, if you want to change the default port, edit it here:

# Should shellinaboxd start automaticallySHELLINABOX_DAEMON_START=1# TCP port that shellinboxd's webserver listens onSHELLINABOX_PORT=4200# Parameters that are managed by the system and usually should not need# changing:# SHELLINABOX_DATADIR=/var/lib/shellinabox# SHELLINABOX_USER=shellinabox# SHELLINABOX_GROUP=shellinabox# Any optional arguments (e.g. extra service definitions).  Make sure# that that argument is quoted.##   Beeps are disabled because of reports of the VLC plugin crashing#   Firefox on Linux/x86_64.SHELLINABOX_ARGS="--no-beep"

Create systemd unit, name it shellinabox and save it at: /etc/init.d/

#!/bin/sh### BEGIN INIT INFO# Provides:          shellinabox# Required-Start:    $network $remote_fs# Required-Stop:     $network $remote_fs# Default-Start:     2 3 4 5# Default-Stop:      0 1 6# Short-Description: Shell In A Box Daemon# Description:       Daemon for publishing a login shell at#                    http://localhost:SHELLINABOX_PORT#                    where default port number is 4200.### END INIT INFO# Authors: Markus Gutschke <[email protected]>, Marc Singer <[email protected]># PATH should only include /usr/* if it runs after the scriptPATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/binDESC="Shell In A Box Daemon"NAME="shellinabox"DAEMON="/usr/local/bin/shellinaboxd"PIDFILE="/var/run/"SCRIPTNAME=/etc/init.d/$NAME# Exit if the package is not installed[ -x $DAEMON ] || exit 0# Read configuration variable file if it is present[ -r /etc/default/$NAME ] && . /etc/default/$NAME# Load the VERBOSE setting and other rcS variables. /lib/init/ Define LSB log_* functions.# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.. /lib/lsb/init-functions# Set some default valuesSHELLINABOX_DATADIR="${SHELLINABOX_DATADIR:-/var/lib/shellinabox}"SHELLINABOX_PORT="${SHELLINABOX_PORT:-4200}"SHELLINABOX_USER="${SHELLINABOX_USER:-shellinabox}"SHELLINABOX_GROUP="${SHELLINABOX_GROUP:-shellinabox}"##       Function that starts the daemon/service.#d_start() {  if [ -z "$SHELLINABOX_DAEMON_START" -o                                      \          "$SHELLINABOX_DAEMON_START" = "0" ]; then    return 0  fi  eval start-stop-daemon --start --oknodo --pidfile "'$PIDFILE'"              \                    --exec "'$DAEMON'" -- -q --background="'$PIDFILE'"        \                    -c "'${SHELLINABOX_DATADIR}'" -p "'${SHELLINABOX_PORT}'"  \                    -u "'${SHELLINABOX_USER}'" -g "'${SHELLINABOX_GROUP}'"    \                    $(for i in $(ls /etc/shellinabox/options-enabled/*.css |                                 sed -e                                       \                                    's/.*[/]\([0-9]*\)[-_+][^/:,;]*[.]css/\1/'|                                 sort -u); do                        for j in /etc/shellinabox/options-enabled/"$i"*.css; do                          echo -n "$j" |                          sed -e 's/\(.*[/]\)\([0-9]*\)\([-_+]\)\([^/:,;]*\)[.]css/\4:\3\1\2\3\4.css,/                                  s/:_/:-/'                        done |                        sed -e 's/,$/;/'                      done |                      sed -e 's/;$//                              //b                              s/.*/--user-css "\0"/')                         \                    "${SHELLINABOX_ARGS}"}##       Function that stops the daemon/service.#d_stop() {  start-stop-daemon --stop --oknodo --pidfile "$PIDFILE"  rm -f "$PIDFILE"}##       Function that reloads the config file for the daemon/service.#d_reload() {  # Only reload if there are no active sessions running  [ -r "$PIDFILE" ] &&    [ `ps o pid= --ppid "\`cat "$PIDFILE"\`\`ps o pid= --ppid \                                                \\\`cat "$PIDFILE"\\\`|                                             xargs -r -n 1 printf ',%s'\`" |       wc -l` -gt 1 ] &&    return 1  d_stop  d_start}##       Function that check the status of the daemon/service.#d_status() {  [ -r "$PIDFILE" ] && kill -0 `cat "$PIDFILE"` &&    echo "$DESC is running" || echo "$DESC is not running"}case "$1" in    start)        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"        d_start        case "$?" in            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;        esac        ;;    stop)        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"        d_stop        case "$?" in            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;        esac        ;;    reload)        [ "$VERBOSE" != no ] && log_daemon_msg "Reloading services for $DESC" "$NAME"        d_reload        case "$?" in            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;            2)   [ "$VERBOSE" != no ] && log_end_msg 1 ;;        esac        ;;    restart|force-reload)        [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"        d_stop        d_start        case "$?" in            0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;            1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;            *) [ "$VERBOSE" != no ] && log_end_msg 1 ;; # Failed to start        esac        ;;    status)        d_status        ;;    *)        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload}" >&2        exit 1        ;;esacexit 0

Reload systemd daemon to reload the changes

sudo systemctl daemon-reload

Enable and start unit service

sudo systemctl enable shellinabox && sudo systemctl start shellinabox

Check status if it is already running

sudo systemctl status shellinabox

Check listening port

sudo netstat -nap | grep shellinabox

If no issue, test and access shellinabox in your browser. Now, your server will automatically generate key for shellinabox automatically.


Leave a Reply

Your email address will not be published. Required fields are marked *