-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup-https.sh
More file actions
executable file
·151 lines (124 loc) · 4.26 KB
/
setup-https.sh
File metadata and controls
executable file
·151 lines (124 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash
# QuendAward HTTPS Setup Script
# This script sets up Let's Encrypt SSL certificates for the application
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} QuendAward HTTPS Setup${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
# Check if running as root or with sudo
if [ "$EUID" -ne 0 ]; then
echo -e "${RED}Please run this script with sudo or as root${NC}"
exit 1
fi
# Check if docker and docker-compose are installed
if ! command -v docker &> /dev/null; then
echo -e "${RED}Docker is not installed. Please install Docker first.${NC}"
exit 1
fi
if ! command -v docker-compose &> /dev/null && ! docker compose version &> /dev/null; then
echo -e "${RED}Docker Compose is not installed. Please install Docker Compose first.${NC}"
exit 1
fi
# Determine docker-compose command
if docker compose version &> /dev/null; then
DOCKER_COMPOSE="docker compose"
else
DOCKER_COMPOSE="docker-compose"
fi
# Get domain from user
echo -e "${YELLOW}Enter your domain name (e.g., quendaward.example.com):${NC}"
read -r DOMAIN
if [ -z "$DOMAIN" ]; then
echo -e "${RED}Domain cannot be empty${NC}"
exit 1
fi
# Get email for Let's Encrypt
echo -e "${YELLOW}Enter your email for Let's Encrypt notifications:${NC}"
read -r EMAIL
if [ -z "$EMAIL" ]; then
echo -e "${RED}Email cannot be empty${NC}"
exit 1
fi
# Get admin credentials
echo -e "${YELLOW}Enter admin callsign (default: EA1RFI):${NC}"
read -r ADMIN_CALLSIGN
ADMIN_CALLSIGN=${ADMIN_CALLSIGN:-EA1RFI}
echo -e "${YELLOW}Enter admin password:${NC}"
read -rs ADMIN_PASSWORD
if [ -z "$ADMIN_PASSWORD" ]; then
echo -e "${RED}Password cannot be empty${NC}"
exit 1
fi
echo ""
echo -e "${GREEN}Configuration:${NC}"
echo " Domain: $DOMAIN"
echo " Email: $EMAIL"
echo " Admin Callsign: $ADMIN_CALLSIGN"
echo ""
# Create .env file
echo -e "${GREEN}Creating .env file...${NC}"
cat > .env << EOF
DOMAIN=$DOMAIN
EMAIL=$EMAIL
ADMIN_CALLSIGN=$ADMIN_CALLSIGN
ADMIN_PASSWORD=$ADMIN_PASSWORD
EOF
# Create directories
echo -e "${GREEN}Creating directories...${NC}"
mkdir -p certbot/www certbot/conf data
# Update nginx.conf with domain
echo -e "${GREEN}Configuring nginx for domain: $DOMAIN${NC}"
sed "s/\${DOMAIN}/$DOMAIN/g" nginx/nginx.conf > nginx/nginx.conf.tmp
mv nginx/nginx.conf.tmp nginx/nginx.conf
# Step 1: Start with HTTP-only config to get initial certificate
echo -e "${GREEN}Step 1: Starting nginx with HTTP-only config...${NC}"
cp nginx/nginx-init.conf nginx/nginx-active.conf
# Temporarily use init config
$DOCKER_COMPOSE -f docker-compose-standalone.yml up -d nginx
# Wait for nginx to start
echo -e "${YELLOW}Waiting for nginx to start...${NC}"
sleep 5
# Step 2: Get the certificate
echo -e "${GREEN}Step 2: Requesting Let's Encrypt certificate...${NC}"
docker run --rm \
-v "$(pwd)/certbot/www:/var/www/certbot" \
-v "$(pwd)/certbot/conf:/etc/letsencrypt" \
certbot/certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email "$EMAIL" \
--agree-tos \
--no-eff-email \
-d "$DOMAIN"
# Check if certificate was created
if [ ! -f "certbot/conf/live/$DOMAIN/fullchain.pem" ]; then
echo -e "${RED}Certificate generation failed!${NC}"
echo -e "${RED}Make sure your domain points to this server and port 80 is accessible.${NC}"
$DOCKER_COMPOSE -f docker-compose-standalone.yml down
exit 1
fi
echo -e "${GREEN}Certificate obtained successfully!${NC}"
# Step 3: Restart with full HTTPS config
echo -e "${GREEN}Step 3: Restarting with HTTPS configuration...${NC}"
$DOCKER_COMPOSE -f docker-compose-standalone.yml down
$DOCKER_COMPOSE -f docker-compose-standalone.yml up -d
echo ""
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN} Setup Complete!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo -e "Your QuendAward application is now available at:"
echo -e " ${GREEN}https://$DOMAIN/quendaward${NC}"
echo ""
echo -e "Admin credentials:"
echo -e " Callsign: ${GREEN}$ADMIN_CALLSIGN${NC}"
echo -e " Password: ${GREEN}(as configured)${NC}"
echo ""
echo -e "${YELLOW}Note: Certificates will auto-renew via the certbot container.${NC}"
echo ""