#!/bin/bash # Complete SSL + Nginx Setup Script # This script handles the entire SSL certificate and nginx configuration process set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" DOMAIN="${DOMAIN:-dev.uggla.uamils.com}" log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" } show_help() { echo "Complete SSL + Nginx Setup" echo "==========================" echo "" echo "This script will:" echo "1. Setup SSL certificate management" echo "2. Obtain/renew SSL certificates" echo "3. Configure nginx with SSL" echo "4. Setup automatic renewal" echo "" echo "Usage: $0 [options]" echo "" echo "Options:" echo " --domain DOMAIN Set domain (default: dev.uggla.uamils.com)" echo " --email EMAIL Set email for Let's Encrypt" echo " --skip-cert Skip certificate generation" echo " --skip-nginx Skip nginx configuration" echo " --help Show this help" echo "" echo "Environment variables (or use .env file):" echo " DOMAIN Domain name" echo " EMAIL Email for Let's Encrypt" echo " LOOPIA_USER Loopia username (for DNS challenge)" echo " LOOPIA_PASSWORD Loopia password (for DNS challenge)" } check_root() { if [[ $EUID -ne 0 ]]; then log "ERROR: This script must be run as root (use sudo)" exit 1 fi } load_environment() { if [[ -f "$SCRIPT_DIR/.env" ]]; then log "Loading environment from .env file..." source "$SCRIPT_DIR/.env" fi } setup_ssl_management() { log "Setting up SSL certificate management..." # Run the setup script if [[ -f "$SCRIPT_DIR/setup.sh" ]]; then bash "$SCRIPT_DIR/setup.sh" else log "ERROR: setup.sh not found" exit 1 fi } obtain_certificates() { log "Obtaining SSL certificates for $DOMAIN..." if [[ -f "$SCRIPT_DIR/certbot-manager.sh" ]]; then bash "$SCRIPT_DIR/certbot-manager.sh" renew else log "ERROR: certbot-manager.sh not found" exit 1 fi } configure_nginx() { log "Configuring nginx with SSL..." if [[ -f "$SCRIPT_DIR/nginx-ssl-setup.sh" ]]; then DOMAIN="$DOMAIN" bash "$SCRIPT_DIR/nginx-ssl-setup.sh" setup else log "ERROR: nginx-ssl-setup.sh not found" exit 1 fi } setup_auto_renewal() { log "Setting up automatic certificate renewal..." # Option 1: Try systemd timer (preferred) if command -v systemctl >/dev/null 2>&1; then log "Setting up systemd timer for automatic renewal..." # Copy service files cp "$SCRIPT_DIR/ssl-renewal.service" /etc/systemd/system/ cp "$SCRIPT_DIR/ssl-renewal.timer" /etc/systemd/system/ # Update paths in service file sed -i "s|/path/to/your/project/ssl|$SCRIPT_DIR|g" /etc/systemd/system/ssl-renewal.service # Enable and start timer systemctl daemon-reload systemctl enable ssl-renewal.timer systemctl start ssl-renewal.timer log "✅ Systemd timer configured" systemctl status ssl-renewal.timer --no-pager else # Option 2: Fallback to cron log "Setting up cron job for automatic renewal..." # Add cron job (crontab -l 2>/dev/null || true; echo "0 2 * * * cd $SCRIPT_DIR && source .env && ./certbot-manager.sh auto >> /var/log/letsencrypt/cron.log 2>&1") | crontab - log "✅ Cron job added" fi } verify_setup() { log "Verifying SSL setup..." # Check if certificates exist if [[ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then log "✅ SSL certificates found" # Show certificate info bash "$SCRIPT_DIR/certbot-manager.sh" status else log "❌ SSL certificates not found" exit 1 fi # Check nginx configuration if nginx -t >/dev/null 2>&1; then log "✅ Nginx configuration is valid" else log "❌ Nginx configuration has errors" exit 1 fi # Check if site is accessible log "Testing HTTPS connectivity..." if curl -k -s "https://$DOMAIN/health" >/dev/null 2>&1; then log "✅ HTTPS site is accessible" else log "⚠️ HTTPS site test failed (this may be normal if backend is not running)" fi } show_completion_summary() { echo "" echo "🎉 SSL + Nginx Setup Complete!" echo "===============================" echo "" echo "🌐 Your site is now available at:" echo " https://$DOMAIN" echo "" echo "🔐 Multi-tenant subdomains work too:" echo " https://tenant1.$DOMAIN" echo " https://any-name.$DOMAIN" echo "" echo "🔄 Automatic renewal is configured:" if systemctl is-enabled ssl-renewal.timer >/dev/null 2>&1; then echo " ✅ Systemd timer: systemctl status ssl-renewal.timer" else echo " ✅ Cron job: crontab -l" fi echo "" echo "📊 Check status anytime:" echo " cd $SCRIPT_DIR" echo " ./certbot-manager.sh status" echo "" echo "🔧 Configuration files:" echo " SSL: /etc/nginx/sites-available/$DOMAIN" echo " Certs: /etc/letsencrypt/live/$DOMAIN/" echo "" echo "🚀 Next: Start your Docker containers:" echo " cd .. && docker-compose up -d" echo "===============================" } # Parse command line arguments SKIP_CERT=false SKIP_NGINX=false while [[ $# -gt 0 ]]; do case $1 in --domain) DOMAIN="$2" shift 2 ;; --email) EMAIL="$2" shift 2 ;; --skip-cert) SKIP_CERT=true shift ;; --skip-nginx) SKIP_NGINX=true shift ;; --help) show_help exit 0 ;; *) log "Unknown option: $1" show_help exit 1 ;; esac done # Main execution main() { log "Starting complete SSL + Nginx setup for $DOMAIN" check_root load_environment # Validate required variables if [[ -z "$DOMAIN" ]]; then log "ERROR: DOMAIN not set" exit 1 fi # Step 1: Setup SSL management setup_ssl_management # Step 2: Obtain certificates (unless skipped) if [[ "$SKIP_CERT" != "true" ]]; then obtain_certificates else log "Skipping certificate generation" fi # Step 3: Configure nginx (unless skipped) if [[ "$SKIP_NGINX" != "true" ]]; then configure_nginx else log "Skipping nginx configuration" fi # Step 4: Setup auto-renewal setup_auto_renewal # Step 5: Verify everything works verify_setup # Step 6: Show completion summary show_completion_summary } # Run main function main "$@"