borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1cf28f76a530101a90ae9289039928b4991ffa3
drone-detector/ssl/complete-setup.sh
Alexander Borg 1a94121d14 Fix jwt-token
2025-09-12 21:39:21 +02:00

260 lines
6.8 KiB
Bash
Raw Blame History

#!/bin/bash
# Complete SSL + Nginx Setup Script
# This script handles the entire SSL certificate and nginx configuration process
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
DOMAIN="${DOMAIN:-dev.uggla.uamils.com}"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}
show_help() {
echo "Complete SSL + Nginx Setup"
echo "=========================="
echo ""
echo "This script will:"
echo "1. Setup SSL certificate management"
echo "2. Obtain/renew SSL certificates"
echo "3. Configure nginx with SSL"
echo "4. Setup automatic renewal"
echo ""
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " --domain DOMAIN Set domain (default: dev.uggla.uamils.com)"
echo " --email EMAIL Set email for Let's Encrypt"
echo " --skip-cert Skip certificate generation"
echo " --skip-nginx Skip nginx configuration"
echo " --help Show this help"
echo ""
echo "Environment variables (or use .env file):"
echo " DOMAIN Domain name"
echo " EMAIL Email for Let's Encrypt"
echo " LOOPIA_USER Loopia username (for DNS challenge)"
echo " LOOPIA_PASSWORD Loopia password (for DNS challenge)"
}
check_root() {
if [[ $EUID -ne 0 ]]; then
log "ERROR: This script must be run as root (use sudo)"
exit 1
fi
}
load_environment() {
if [[ -f "$SCRIPT_DIR/.env" ]]; then
log "Loading environment from .env file..."
source "$SCRIPT_DIR/.env"
fi
}
setup_ssl_management() {
log "Setting up SSL certificate management..."
# Run the setup script
if [[ -f "$SCRIPT_DIR/setup.sh" ]]; then
bash "$SCRIPT_DIR/setup.sh"
else
log "ERROR: setup.sh not found"
exit 1
fi
}
obtain_certificates() {
log "Obtaining SSL certificates for $DOMAIN..."
if [[ -f "$SCRIPT_DIR/certbot-manager.sh" ]]; then
bash "$SCRIPT_DIR/certbot-manager.sh" renew
else
log "ERROR: certbot-manager.sh not found"
exit 1
fi
}
configure_nginx() {
log "Configuring nginx with SSL..."
if [[ -f "$SCRIPT_DIR/nginx-ssl-setup.sh" ]]; then
DOMAIN="$DOMAIN" bash "$SCRIPT_DIR/nginx-ssl-setup.sh" setup
else
log "ERROR: nginx-ssl-setup.sh not found"
exit 1
fi
}
setup_auto_renewal() {
log "Setting up automatic certificate renewal..."
# Option 1: Try systemd timer (preferred)
if command -v systemctl >/dev/null 2>&1; then
log "Setting up systemd timer for automatic renewal..."
# Copy service files
cp "$SCRIPT_DIR/ssl-renewal.service" /etc/systemd/system/
cp "$SCRIPT_DIR/ssl-renewal.timer" /etc/systemd/system/
# Update paths in service file
sed -i "s|/path/to/your/project/ssl|$SCRIPT_DIR|g" /etc/systemd/system/ssl-renewal.service
# Enable and start timer
systemctl daemon-reload
systemctl enable ssl-renewal.timer
systemctl start ssl-renewal.timer
log "✅ Systemd timer configured"
systemctl status ssl-renewal.timer --no-pager
else
# Option 2: Fallback to cron
log "Setting up cron job for automatic renewal..."
# Add cron job
(crontab -l 2>/dev/null || true; echo "0 2 * * * cd $SCRIPT_DIR && source .env && ./certbot-manager.sh auto >> /var/log/letsencrypt/cron.log 2>&1") | crontab -
log "✅ Cron job added"
fi
}
verify_setup() {
log "Verifying SSL setup..."
# Check if certificates exist
if [[ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]]; then
log "✅ SSL certificates found"
# Show certificate info
bash "$SCRIPT_DIR/certbot-manager.sh" status
else
log "❌ SSL certificates not found"
exit 1
fi
# Check nginx configuration
if nginx -t >/dev/null 2>&1; then
log "✅ Nginx configuration is valid"
else
log "❌ Nginx configuration has errors"
exit 1
fi
# Check if site is accessible
log "Testing HTTPS connectivity..."
if curl -k -s "https://$DOMAIN/health" >/dev/null 2>&1; then
log "✅ HTTPS site is accessible"
else
log "⚠️ HTTPS site test failed (this may be normal if backend is not running)"
fi
}
show_completion_summary() {
echo ""
echo "🎉 SSL + Nginx Setup Complete!"
echo "==============================="
echo ""
echo "🌐 Your site is now available at:"
echo " https://$DOMAIN"
echo ""
echo "🔐 Multi-tenant subdomains work too:"
echo " https://tenant1.$DOMAIN"
echo " https://any-name.$DOMAIN"
echo ""
echo "🔄 Automatic renewal is configured:"
if systemctl is-enabled ssl-renewal.timer >/dev/null 2>&1; then
echo " ✅ Systemd timer: systemctl status ssl-renewal.timer"
else
echo " ✅ Cron job: crontab -l"
fi
echo ""
echo "📊 Check status anytime:"
echo " cd $SCRIPT_DIR"
echo " ./certbot-manager.sh status"
echo ""
echo "🔧 Configuration files:"
echo " SSL: /etc/nginx/sites-available/$DOMAIN"
echo " Certs: /etc/letsencrypt/live/$DOMAIN/"
echo ""
echo "🚀 Next: Start your Docker containers:"
echo " cd .. && docker-compose up -d"
echo "==============================="
}
# Parse command line arguments
SKIP_CERT=false
SKIP_NGINX=false
while [[ $# -gt 0 ]]; do
case $1 in
--domain)
DOMAIN="$2"
shift 2
;;
--email)
EMAIL="$2"
shift 2
;;
--skip-cert)
SKIP_CERT=true
shift
;;
--skip-nginx)
SKIP_NGINX=true
shift
;;
--help)
show_help
exit 0
;;
*)
log "Unknown option: $1"
show_help
exit 1
;;
esac
done
# Main execution
main() {
log "Starting complete SSL + Nginx setup for $DOMAIN"
check_root
load_environment
# Validate required variables
if [[ -z "$DOMAIN" ]]; then
log "ERROR: DOMAIN not set"
exit 1
fi
# Step 1: Setup SSL management
setup_ssl_management
# Step 2: Obtain certificates (unless skipped)
if [[ "$SKIP_CERT" != "true" ]]; then
obtain_certificates
else
log "Skipping certificate generation"
fi
# Step 3: Configure nginx (unless skipped)
if [[ "$SKIP_NGINX" != "true" ]]; then
configure_nginx
else
log "Skipping nginx configuration"
fi
# Step 4: Setup auto-renewal
setup_auto_renewal
# Step 5: Verify everything works
verify_setup
# Step 6: Show completion summary
show_completion_summary
}
# Run main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink