Fix jwt-token

2025-09-12 21:39:21 +02:00
parent 2d4df4c265
commit 1a94121d14
3 changed files with 631 additions and 0 deletions
--- a/ssl/complete-setup.sh
+++ b/ssl/complete-setup.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+# Complete SSL + Nginx Setup Script
+# This script handles the entire SSL certificate and nginx configuration process
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+DOMAIN="${DOMAIN:-dev.uggla.uamils.com}"
+
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
+}
+
+show_help() {
+    echo "Complete SSL + Nginx Setup"
+    echo "=========================="
+    echo ""
+    echo "This script will:"
+    echo "1. Setup SSL certificate management"
+    echo "2. Obtain/renew SSL certificates" 
+    echo "3. Configure nginx with SSL"
+    echo "4. Setup automatic renewal"
+    echo ""
+    echo "Usage: $0 [options]"
+    echo ""
+    echo "Options:"
+    echo "  --domain DOMAIN     Set domain (default: dev.uggla.uamils.com)"
+    echo "  --email EMAIL       Set email for Let's Encrypt"
+    echo "  --skip-cert         Skip certificate generation"
+    echo "  --skip-nginx        Skip nginx configuration"
+    echo "  --help              Show this help"
+    echo ""
+    echo "Environment variables (or use .env file):"
+    echo "  DOMAIN              Domain name"
+    echo "  EMAIL               Email for Let's Encrypt"
+    echo "  LOOPIA_USER         Loopia username (for DNS challenge)"
+    echo "  LOOPIA_PASSWORD     Loopia password (for DNS challenge)"
+}
+
+check_root() {
+    if [[ $EUID -ne 0 ]]; then
+        log "ERROR: This script must be run as root (use sudo)"
+        exit 1
+    fi
+}
+
+load_environment() {
+    if [[ -f "$SCRIPT_DIR/.env" ]]; then
+        log "Loading environment from .env file..."
+        source "$SCRIPT_DIR/.env"
+    fi
+}
+
+setup_ssl_management() {
+    log "Setting up SSL certificate management..."
+    
+    # Run the setup script
+    if [[ -f "$SCRIPT_DIR/setup.sh" ]]; then
+        bash "$SCRIPT_DIR/setup.sh"
+    else
+        log "ERROR: setup.sh not found"
+        exit 1
+    fi
+}
+
+obtain_certificates() {
+    log "Obtaining SSL certificates for $DOMAIN..."
+    
+    if [[ -f "$SCRIPT_DIR/certbot-manager.sh" ]]; then
+        bash "$SCRIPT_DIR/certbot-manager.sh" renew
+    else
+        log "ERROR: certbot-manager.sh not found"
+        exit 1
+    fi
+}
+
+configure_nginx() {
+    log "Configuring nginx with SSL..."
+    
+    if [[ -f "$SCRIPT_DIR/nginx-ssl-setup.sh" ]]; then
+        DOMAIN="$DOMAIN" bash "$SCRIPT_DIR/nginx-ssl-setup.sh" setup
+    else
+        log "ERROR: nginx-ssl-setup.sh not found"
+        exit 1
+    fi
+}
+
+setup_auto_renewal() {
+    log "Setting up automatic certificate renewal..."
+    
+    # Option 1: Try systemd timer (preferred)
+    if command -v systemctl >/dev/null 2>&1; then
+        log "Setting up systemd timer for automatic renewal..."
+        
+        # Copy service files
+        cp "$SCRIPT_DIR/ssl-renewal.service" /etc/systemd/system/
+        cp "$SCRIPT_DIR/ssl-renewal.timer" /etc/systemd/system/
+        
+        # Update paths in service file
+        sed -i "s|/path/to/your/project/ssl|$SCRIPT_DIR|g" /etc/systemd/system/ssl-renewal.service
+        
+        # Enable and start timer
+        systemctl daemon-reload
+        systemctl enable ssl-renewal.timer
+        systemctl start ssl-renewal.timer
+        
+        log "✅ Systemd timer configured"
+        systemctl status ssl-renewal.timer --no-pager
+    else
+        # Option 2: Fallback to cron
+        log "Setting up cron job for automatic renewal..."
+        
+        # Add cron job
+        (crontab -l 2>/dev/null || true; echo "0 2 * * * cd $SCRIPT_DIR && source .env && ./certbot-manager.sh auto >> /var/log/letsencrypt/cron.log 2>&1") | crontab -
+        
+        log "✅ Cron job added"
+    fi
+}
+
+verify_setup() {
+    log "Verifying SSL setup..."
+    
+    # Check if certificates exist
+    if [[ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then
+        log "✅ SSL certificates found"
+        
+        # Show certificate info
+        bash "$SCRIPT_DIR/certbot-manager.sh" status
+    else
+        log "❌ SSL certificates not found"
+        exit 1
+    fi
+    
+    # Check nginx configuration
+    if nginx -t >/dev/null 2>&1; then
+        log "✅ Nginx configuration is valid"
+    else
+        log "❌ Nginx configuration has errors"
+        exit 1
+    fi
+    
+    # Check if site is accessible
+    log "Testing HTTPS connectivity..."
+    if curl -k -s "https://$DOMAIN/health" >/dev/null 2>&1; then
+        log "✅ HTTPS site is accessible"
+    else
+        log "⚠️  HTTPS site test failed (this may be normal if backend is not running)"
+    fi
+}
+
+show_completion_summary() {
+    echo ""
+    echo "🎉 SSL + Nginx Setup Complete!"
+    echo "==============================="
+    echo ""
+    echo "🌐 Your site is now available at:"
+    echo "   https://$DOMAIN"
+    echo ""
+    echo "🔐 Multi-tenant subdomains work too:"
+    echo "   https://tenant1.$DOMAIN"
+    echo "   https://any-name.$DOMAIN"
+    echo ""
+    echo "🔄 Automatic renewal is configured:"
+    if systemctl is-enabled ssl-renewal.timer >/dev/null 2>&1; then
+        echo "   ✅ Systemd timer: systemctl status ssl-renewal.timer"
+    else
+        echo "   ✅ Cron job: crontab -l"
+    fi
+    echo ""
+    echo "📊 Check status anytime:"
+    echo "   cd $SCRIPT_DIR"
+    echo "   ./certbot-manager.sh status"
+    echo ""
+    echo "🔧 Configuration files:"
+    echo "   SSL: /etc/nginx/sites-available/$DOMAIN"
+    echo "   Certs: /etc/letsencrypt/live/$DOMAIN/"
+    echo ""
+    echo "🚀 Next: Start your Docker containers:"
+    echo "   cd .. && docker-compose up -d"
+    echo "==============================="
+}
+
+# Parse command line arguments
+SKIP_CERT=false
+SKIP_NGINX=false
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --domain)
+            DOMAIN="$2"
+            shift 2
+            ;;
+        --email)
+            EMAIL="$2"
+            shift 2
+            ;;
+        --skip-cert)
+            SKIP_CERT=true
+            shift
+            ;;
+        --skip-nginx)
+            SKIP_NGINX=true
+            shift
+            ;;
+        --help)
+            show_help
+            exit 0
+            ;;
+        *)
+            log "Unknown option: $1"
+            show_help
+            exit 1
+            ;;
+    esac
+done
+
+# Main execution
+main() {
+    log "Starting complete SSL + Nginx setup for $DOMAIN"
+    
+    check_root
+    load_environment
+    
+    # Validate required variables
+    if [[ -z "$DOMAIN" ]]; then
+        log "ERROR: DOMAIN not set"
+        exit 1
+    fi
+    
+    # Step 1: Setup SSL management
+    setup_ssl_management
+    
+    # Step 2: Obtain certificates (unless skipped)
+    if [[ "$SKIP_CERT" != "true" ]]; then
+        obtain_certificates
+    else
+        log "Skipping certificate generation"
+    fi
+    
+    # Step 3: Configure nginx (unless skipped)
+    if [[ "$SKIP_NGINX" != "true" ]]; then
+        configure_nginx
+    else
+        log "Skipping nginx configuration"
+    fi
+    
+    # Step 4: Setup auto-renewal
+    setup_auto_renewal
+    
+    # Step 5: Verify everything works
+    verify_setup
+    
+    # Step 6: Show completion summary
+    show_completion_summary
+}
+
+# Run main function
+main "$@"