forked from inensus/MPManager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall-production.sh
executable file
·306 lines (261 loc) · 10.1 KB
/
install-production.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
#!/bin/bash
###################################################################
############### Function declarations #############################
###################################################################
function check_if_docker_compose_installed() {
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
}
function setup_tls_parameters() {
local data_path=$1
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$data_path/conf/ssl-dhparams.pem"
echo
fi
}
function should_renew_certificate() {
local data_path=$1
local domains=$2
# Check if certificates already exists
if [ -d "$data_path/conf/live/${domains}" ]; then
read -p "Existing data found for ${domains}. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
echo 0
else
echo 1
fi
else
echo 1
fi
}
function make_dummy_certificate() {
local data_path=$1
local domains=("$2") # This will convert the string values into an array
# In the case user wants to replace old certificate we will replace it with the new one.
echo "### Creating dummy certificate for domains ${domains[*]} ..."
path="/etc/letsencrypt/live/${domains[0]}"
mkdir -p "$data_path/conf/live/${domains[0]}"
docker-compose -f docker-compose-prod.yml run --rm --entrypoint " \
openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
}
function start_nginx() {
echo "### Starting nginx ..."
docker-compose -f docker-compose-prod.yml up --build --force-recreate -d
echo
}
function delete_dummy_certificate() {
local dummy_certificate_domain=$1
echo "### Deleting dummy certificate for $dummy_certificate_domain ..."
docker-compose -f docker-compose-prod.yml run --rm --entrypoint " \
rm -Rf /etc/letsencrypt/live/$dummy_certificate_domain && \
rm -Rf /etc/letsencrypt/archive/$dummy_certificate_domain && \
rm -Rf /etc/letsencrypt/renewal/$dummy_certificate_domain.conf" certbot
echo
}
function request_new_certificate() {
local domains=("$1")
local email="$2"
local rsa_key_size="$3"
local staging="$4"
echo "### Requesting Let's Encrypt certificate for ${domains[*]} ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ "$staging" != "0" ]; then
staging_arg="--staging"
fi
docker-compose -f docker-compose-prod.yml run --rm --entrypoint " \
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
}
function reload_nginx() {
echo "### Reloading nginx ..."
docker-compose -f docker-compose-prod.yml exec nginx nginx -s reload
}
function make_config_file() {
touch ./NginxProxy/conf.p/app.conf
local domain_name=$1
echo 'server {
listen 80;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/'$domain_name'/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/'$domain_name'/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/mpmanager/public;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass laravel:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
gzip_static on;
}
}' > ./NginxProxy/conf.p/app.conf
}
function email_validation(){
regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
local email=$1
if [[ $email =~ $regex ]] ; then
echo 1
else
echo 0
fi
}
###################################################################
##################### Script start ################################
###################################################################
domains_list=()
rsa_key_size=4096
data_path="./certbot"
email="" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
ipDecision=""
check_if_docker_compose_installed
echo "###################################################################################"
echo "# IMPORTANT !! #"
echo "###################################################################################"
echo "# MicroPowerManager has got two types of installations for the Prod. mode, #"
echo "# those are IP based & domain based with SSL certificate. #"
echo "###################################################################################"
echo ""
read -p "Which installation type do you prefer IP based or domain based? (i/d)" ipDecision
while [ "$ipDecision" != "d" -a "$ipDecision" != "D" -a "$ipDecision" != "i" -a "$ipDecision" != "I" ]; do
read -p "Which installation type do you prefer IP based or domain based ? (i/d)" ipDecision
done
if [ "$ipDecision" == "D" ] || [ "$ipDecision" == "d" ]; then
echo "###################################################################################"
echo "# This script will setup SSL Certificates that are required for the Prod. mode #"
echo "# If you already configured your Certificates, you can skip the first part and #"
echo "# start the web services. #"
echo "###################################################################################"
echo ""
read -p "MicroPowerManager starting with domain with SSL certificate mode. Continue set up certification? (n/Y) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ] && [ "$decision" != "" ]; then
echo "Do you want to start only the web services? "
read -p "(N/y)" webservice
if [ "$webservice" == "Y" ] || [ "$webservice" == "y" ]; then
echo " Starting web services please wait."
echo $( docker-compose -f docker-compose-prod.yml up --build --force-recreate -d )
echo "Web services started "
fi
exit
else
domainsDone=0
while [ $domainsDone == 0 ]; do
read -p "Enter domain name (without www) and press [ENTER]:" domain
if [ "$domain" == "" ]; then
echo "Please enter a valid domain"
continue
fi
domains_list+=($domain)
domains_list+=("www.$domain")
for key in ${!domains_list[*]}; do
printf "%4d: %s\n" $key ${domains_list[$key]}
done
read -p "Are the inputs correct? (y/n) " newDomain
if [ "$newDomain" != "N" ] && [ "$newDomain" != "n" ]; then
domainsDone=1
make_config_file "$domain"
break
else
domains_list=()
fi
done
read -p "Enter a valid email address and press [ENTER]:" email
echo "Email address :" $email
while [ $(email_validation "$email") == 0 ]; do
read -p "Enter a valid email address and press [ENTER]:" email
echo "Email address :" $email
emailIsValid=$(email_validation "$email")
done
setup_tls_parameters $data_path
# Create dummy certificates if needed.
n_renewals=0
dummy_certificate_domains=()
for domains in "${domains_list[@]}"; do
renew_certificate=$(should_renew_certificate "$data_path" "$domains")
if [ "$renew_certificate" -eq 1 ]; then
n_renewals=$((n_renewals + 1))
make_dummy_certificate "$data_path" "$domains"
dummy_certificate_domains+=("${domains[0]}")
else
dummy_certificate_domains+=("")
fi
done
if [ "$n_renewals" -eq "0" ]; then
echo "No new renewals, starting web services and quiting."
echo $( docker-compose -f docker-compose-prod.yml up --build --force-recreate -d )
echo "Web services started "
exit
fi
start_nginx
# For each domain renew certificate (if needed).
n_domains="${#domains_list[@]}"
for ((i = 0; i < "$n_domains"; i++)); do
dummy_certificate_domain="${dummy_certificate_domains[$i]}"
if [ -z "$dummy_certificate_domain" ]; then
# if we did not create dummy certificate continue to the next domain.
continue
fi
delete_dummy_certificate "$dummy_certificate_domain"
domains="${domains_list[$i]}"
request_new_certificate "$domains" "$email" "$rsa_key_size" "$staging"
done
# Reload nginx with new certificates.
reload_nginx
fi
elif [ "$ipDecision" == "I" ] || [ "$ipDecision" == "i" ]; then
echo "###################################################################################"
echo "# This script will start MicroPowerManager with a IP-base set up #"
echo "# in the Prod. mode. #"
echo "###################################################################################"
echo ""
echo " MicroPowerManager is starting please wait."
echo $( docker-compose -f docker-compose-prod-non-domain.yml up --build --force-recreate -d)
echo "MicroPowerManager started. "
exit
else
ipDecision=""
fi