Fix jwt-token

2025-09-12 12:43:20 +02:00
parent 3d10d0e894
commit a13d5a3397
5 changed files with 775 additions and 0 deletions
--- a/scripts/setup-ssl.sh
+++ b/scripts/setup-ssl.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+
+# SSL Certificate Setup Script for Multi-Tenant Domain
+# This script sets up Let's Encrypt wildcard certificates
+
+set -e
+
+DOMAIN="dev.uggla.uamils.com"
+EMAIL="admin@uamils.com"
+STAGING=1  # Set to 0 for production certificates
+
+echo "Setting up SSL certificates for domain: $DOMAIN"
+
+# Create required directories
+mkdir -p ./certbot/conf
+mkdir -p ./certbot/www
+mkdir -p ./nginx/ssl
+
+# Function to get certificate
+get_certificate() {
+    local domain=$1
+    local email=$2
+    local staging=$3
+    
+    if [ $staging -eq 1 ]; then
+        local staging_flag="--staging"
+        echo "Getting STAGING certificate (for testing)..."
+    else
+        local staging_flag=""
+        echo "Getting PRODUCTION certificate..."
+    fi
+    
+    echo "Requesting wildcard certificate for $domain and *.$domain"
+    
+    docker-compose -f docker-compose.production.yml run --rm certbot \
+        certonly \
+        --manual \
+        --preferred-challenges=dns \
+        --email $email \
+        --server https://acme-v02.api.letsencrypt.org/directory \
+        --agree-tos \
+        --no-eff-email \
+        $staging_flag \
+        -d $domain \
+        -d "*.$domain"
+}
+
+# Check if certificate already exists
+if [ -d "./certbot/conf/live/$DOMAIN" ]; then
+    echo "Certificate already exists for $DOMAIN"
+    read -p "Do you want to renew it? (y/n): " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        echo "Renewing certificate..."
+        docker-compose -f docker-compose.production.yml run --rm certbot renew
+    fi
+else
+    echo "No certificate found. Creating new certificate..."
+    
+    echo "IMPORTANT: You need to manually add DNS TXT records during this process!"
+    echo "The certbot will pause and show you the TXT records to add."
+    echo ""
+    echo "You'll need to add DNS TXT records like:"
+    echo "  _acme-challenge.$DOMAIN TXT \"[value-shown-by-certbot]\""
+    echo "  _acme-challenge.$DOMAIN TXT \"[another-value-for-wildcard]\""
+    echo ""
+    read -p "Press Enter when you're ready to continue..."
+    
+    get_certificate $DOMAIN $EMAIL $STAGING
+fi
+
+# Set up certificate renewal cron job
+echo "Setting up automatic certificate renewal..."
+
+# Create renewal script
+cat > ./scripts/renew-certs.sh << 'EOF'
+#!/bin/bash
+cd /path/to/your/project
+docker-compose -f docker-compose.production.yml run --rm certbot renew
+docker-compose -f docker-compose.production.yml exec nginx nginx -s reload
+EOF
+
+chmod +x ./scripts/renew-certs.sh
+
+echo ""
+echo "SSL certificate setup completed!"
+echo ""
+echo "NEXT STEPS:"
+echo "1. Add this to your crontab for automatic renewal:"
+echo "   0 12 * * * /path/to/your/project/scripts/renew-certs.sh"
+echo ""
+echo "2. Update your .env.production file with correct domain settings"
+echo ""
+echo "3. Start the production environment:"
+echo "   docker-compose -f docker-compose.production.yml up -d"
+echo ""
+
+if [ $STAGING -eq 1 ]; then
+    echo "NOTE: You're using STAGING certificates (for testing)."
+    echo "Change STAGING=0 in this script and run again for production certificates."
+fi