Better security on Grafana server on Windows.

riclolsen · Jun 15, 2023 · 66a459b · 66a459b
1 parent 0512271
commit 66a459b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/platform-windows/create_services.bat b/platform-windows/create_services.bat
@@ -4,7 +4,7 @@ echo Please execute it as administrator.
 @echo off
 if not "%1"=="am_admin" (powershell start -verb runas '%0' am_admin & exit /b)
 
-rem Create services, they will work not interactively and independently of a logged user
+rem Create services, they will run in background independently of a logged user
 
 cd \json-scada\bin
 
@@ -13,9 +13,9 @@ nssm set JSON_SCADA_postgresql Start SERVICE_AUTO_START
 
 nssm install JSON_SCADA_grafana "C:\json-scada\platform-windows\grafana-runtime\bin\grafana-server.exe"
 nssm set JSON_SCADA_grafana AppDirectory "C:\json-scada\platform-windows\grafana-runtime\bin"
-nssm set JSON_SCADA_grafana AppEnvironmentExtra GF_SERVER_DOMAIN="127.0.0.1" GF_SERVER_ROOT_URL="%(protocol)s://%(domain)s:80/grafana/" GF_SERVER_SERVE_FROM_SUB_PATH="true" GF_AUTH_PROXY_ENABLED="true" GF_AUTH_PROXY_ENABLE_LOGIN_TOKEN="true" GF_AUTH_DISABLE_SIGNOUT_MENU="true"
+nssm set JSON_SCADA_grafana AppEnvironmentExtra GF_SERVER_DOMAIN="127.0.0.1" GF_SERVER_ROOT_URL="%(protocol)s://%(domain)s:80/grafana/" GF_SERVER_SERVE_FROM_SUB_PATH="true" GF_AUTH_PROXY_ENABLED="true" GF_AUTH_PROXY_ENABLE_LOGIN_TOKEN="true" GF_AUTH_DISABLE_SIGNOUT_MENU="true" GF_AUTH_PROXY_WHITELIST="127.0.0.1" GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION="true" GF_SERVER_HTTP_ADDR="127.0.0.1" GF_SERVER_ENFORCE_DOMAIN="true" GF_SERVER_ENABLE_GZIP="true" GF_ANALYTICS_REPORTING_ENABLED="false" GF_ANALYTICS_CHECK_FOR_UPDATES="false"
 rem example of using postgresql to host grafana config (necessary for multiple web servers):
-rem nssm set JSON_SCADA_grafana AppEnvironmentExtra GF_DATABASE_TYPE="postgres" GF_DATABASE_HOST="127.0.0.1" GF_DATABASE_USER="postgres" GF_SERVER_DOMAIN="127.0.0.1" GF_SERVER_ROOT_URL="%(protocol)s://%(domain)s:80/grafana/" GF_SERVER_SERVE_FROM_SUB_PATH="true" GF_AUTH_PROXY_ENABLED="true" GF_AUTH_PROXY_ENABLE_LOGIN_TOKEN="true" GF_AUTH_DISABLE_SIGNOUT_MENU="true"
+rem nssm set JSON_SCADA_grafana AppEnvironmentExtra GF_DATABASE_TYPE="postgres" GF_DATABASE_HOST="127.0.0.1" GF_DATABASE_USER="postgres" GF_DATABASE_PASSWORD="pwd" 
 REM nssm set JSON_SCADA_grafana AppStdout "C:\json-scada\log\grafana-stdout.log"
 REM nssm set JSON_SCADA_grafana AppStderr "C:\json-scada\log\grafana-stderr.log"
 nssm set JSON_SCADA_grafana Start SERVICE_AUTO_START

diff --git a/platform-windows/json-scada.nsi b/platform-windows/json-scada.nsi
@@ -126,6 +126,7 @@ SetRegView 64
   nsExec::Exec 'net stop JSON_SCADA_iec101server'
   nsExec::Exec 'net stop JSON_SCADA_iec104client'
   nsExec::Exec 'net stop JSON_SCADA_iec104server'
+  nsExec::Exec 'net stop JSON_SCADA_iec61850client'
   nsExec::Exec 'net stop JSON_SCADA_plctags'
   nsExec::Exec 'net stop JSON_SCADA_dnp3client' 
   nsExec::Exec 'net stop JSON_SCADA_opcuaclient' 
@@ -646,6 +647,11 @@ Section "Uninstall"
   Sleep 50
   ExecWait `"${SC}" delete "JSON_SCADA_iec104client"`
   ClearErrors
+
+  ExecWait `"${SC}" stop "JSON_SCADA_iec61850client"`
+  Sleep 50
+  ExecWait `"${SC}" delete "JSON_SCADA_iec61850client"`
+  ClearErrors
 
   ExecWait `"${SC}" stop "JSON_SCADA_dnp3client"`
   Sleep 50