Install Secure2fa on Ubuntu

===============Update the system:

sudo apt update && sudo apt upgrade -y

===============Install required packages:

sudo apt install -y apt-transport-https ca-certificates curl gnupg lsb-release

===============Add Docker’s GPG key:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

===============Add the Docker repository to your system:

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

===============Update package index:

sudo apt update

=============== Install logrotate (for log management):

sudo apt install -y logrotate

=============== Configure logrotate:

cat > /etc/logrotate.d/secure2fa << 'EOF'
/root/docker/secure2fa/logs/*.log {
    weekly
    rotate 7
    missingok
    notifempty
    compress
    delaycompress
    copytruncate
    dateext
    dateformat -%Y%m%d-%H%M%S
    su root root
    postrotate
        docker restart secure2fa 2>/dev/null || true
    endscript
}
EOF

===============Install Docker Engine:

sudo apt install -y docker-ce docker-ce-cli containerd.io

===============Add your user to the docker group to run Docker without sudo:

sudo usermod -aG docker $USER

===============Download Docker Compose (replace version if needed):

sudo curl -L "https://github.com/docker/compose/releases/download/v2.24.7/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

===============Apply executable permissions to the binary:

sudo chmod +x /usr/local/bin/docker-compose

===============Verify installation by checking version:

docker-compose --version

===============Enable Docker to start on boot:

sudo systemctl enable docker

===============Create Secure2FA project folder:

mkdir -p /root/docker/secure2fa && cd /root/docker/secure2fa

===============Download install script:

wget https://secure2fa.top/downloads/install.sh && chmod +x install.sh

===============Install project:

./install.sh

===============Configure project settings:

1. Open the docker-compose.yml file and specify the DNS server addresses of your AD DS infrastructure in the dns section
2. Save the docker-compose.yml file
3. Open the .env file and specify the following parameters:
   • TZ=Your time zone (you can view the list of time zones using "timedatectl list-timezones")
   • RDG_SERVERS=192.168.1.41:PreSharedKey (specify the IP address of your RDP gateway and the PreSharedKey that you used when configuring the RDP gateway in the article First: Prepare Your MS Remote Desktop Gateway
   • ADMIN_USERNAME= and ADMIN_PASSWORD= (specify the login credentials for the Secure2FA control panel after installing the project)
   • USE_LETSENCRYPT= (If you select "true", the project will use a free LetsEncrypt certificate. To generate the certificate, you need to allow access to the server where the Secure2fa project is deployed on TCP:80 and TCP:443 ports on your edge equipment (router or firewall), and create a DNS A-record with the name you need (for example, 2fa.secure2fa.top) that points to your external IP address (forwarded on your edge router or firewall). If you want to use your own certificate, you need to specify "false" and place your .crt certificate and .key key in the /etc/ssl/certs/tls-cert.crt and /etc/ssl/private/tls-cert.key paths, respectively. It is important to use the same names for the certificate and key. As with USE_LETSENCRYPT=true, you need to allow access to the server where the Secure2fa project is deployed on TCP port 443 on your edge device (router or firewall), and create a DNS A-record with the name you need (for example, 2fa.secure2fa.top) that points to your external IP address (forwarded on your edge router or firewall).
   • LETSENCRYPT_DOMAIN= (specify the dns name that will be used to access your project. This parameter directly affects the USE_LETSENCRYPT= parameter. You will also need to create A records on the DNS server that point to the Secure2fa server)
   • LETSENCRYPT_EMAIL= (this parameter is only required when using USE_LETSENCRYPT=true to register a LetsEncrypt certificate)
4. Save the .env file

=============== Run container:

docker compose up -d

=============== Check container stratus:

docker ps -a | grep secure2fa

The output should be similar to:

89c064b80a8d registry.secure2fa.top/2fa-rdg-prod_2fa-rdg:latest "/entrypoint.sh" 21 minutes ago Up About a minute (healthy) 0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 0.0.0.0:1812-1813->1812-1813/udp, [::]:1812-1813->1812-1813/udp, 8443/tcp secure2fa