Compare commits

..

No commits in common. "ba25d9e4306537a89ef22de1b0c35ec3976cd146" and "ca069c7decdc74d2719a7f34927bda49159da2ae" have entirely different histories.

14 changed files with 220 additions and 126 deletions

View File

@ -7,11 +7,11 @@ cd "$(dirname "$0")"
# the script executed here from the BTCPAY repo will automatically take services down # the script executed here from the BTCPAY repo will automatically take services down
# and bring them back up. # and bring them back up.
echo "INFO: Starting BTCPAY Backup script for host '$BTCPAY_SERVER_FQDN'." echo "INFO: Starting BTCPAY Backup script for host '$BTCPAY_FQDN'."
sleep 5 sleep 5
ssh "$BTCPAY_SERVER_FQDN" "mkdir -p $REMOTE_BACKUP_PATH; cd $REMOTE_DATA_PATH/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_DATA_PATH bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh" ssh "$BTCPAY_FQDN" "mkdir -p $REMOTE_BACKUP_PATH; cd $REMOTE_DATA_PATH/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_DATA_PATH bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
# TODO; not sure if this is necessary, but we want to give the VM additional time to take down all services # TODO; not sure if this is necessary, but we want to give the VM additional time to take down all services
# that way processes can run shutdown procedures and leave files in the correct state. # that way processes can run shutdown procedures and leave files in the correct state.
@ -19,13 +19,13 @@ sleep 10
# TODO enable encrypted archives # TODO enable encrypted archives
# TODO switch to btcpay-backup.sh when on LXD fully. # TODO switch to btcpay-backup.sh when on LXD fully.
scp ./remote_scripts/btcpay-backup.sh "$BTCPAY_SERVER_FQDN:$REMOTE_DATA_PATH/btcpay-backup.sh" scp ./remote_scripts/btcpay-backup.sh "$BTCPAY_FQDN:$REMOTE_DATA_PATH/btcpay-backup.sh"
ssh "$BTCPAY_SERVER_FQDN" "sudo cp $REMOTE_DATA_PATH/btcpay-backup.sh $BTCPAY_SERVER_APPPATH/btcpay-backup.sh && sudo chmod 0755 $BTCPAY_SERVER_APPPATH/btcpay-backup.sh" ssh "$BTCPAY_FQDN" "sudo cp $REMOTE_DATA_PATH/btcpay-backup.sh $BTCPAY_SERVER_APPPATH/btcpay-backup.sh && sudo chmod 0755 $BTCPAY_SERVER_APPPATH/btcpay-backup.sh"
ssh "$BTCPAY_SERVER_FQDN" "cd $REMOTE_DATA_PATH/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_DATA_PATH BTCPAY_DOCKER_COMPOSE=$REMOTE_DATA_PATH/btcpayserver-docker/Generated/docker-compose.generated.yml bash -c $BTCPAY_SERVER_APPPATH/btcpay-backup.sh" ssh "$BTCPAY_FQDN" "cd $REMOTE_DATA_PATH/; sudo BTCPAY_BASE_DIRECTORY=$REMOTE_DATA_PATH BTCPAY_DOCKER_COMPOSE=$REMOTE_DATA_PATH/btcpayserver-docker/Generated/docker-compose.generated.yml bash -c $BTCPAY_SERVER_APPPATH/btcpay-backup.sh"
# next we pull the resulting backup archive down to our management machine. # next we pull the resulting backup archive down to our management machine.
ssh "$BTCPAY_SERVER_FQDN" "sudo cp /var/lib/docker/volumes/backup_datadir/_data/backup.tar.gz $REMOTE_BACKUP_PATH/btcpay.tar.gz" ssh "$BTCPAY_FQDN" "sudo cp /var/lib/docker/volumes/backup_datadir/_data/backup.tar.gz $REMOTE_BACKUP_PATH/btcpay.tar.gz"
ssh "$BTCPAY_SERVER_FQDN" "sudo chown ubuntu:ubuntu $REMOTE_BACKUP_PATH/btcpay.tar.gz" ssh "$BTCPAY_FQDN" "sudo chown ubuntu:ubuntu $REMOTE_BACKUP_PATH/btcpay.tar.gz"
# if the backup archive path is not set, then we set it. It is usually set only when we are running a migration script. # if the backup archive path is not set, then we set it. It is usually set only when we are running a migration script.
BTCPAY_LOCAL_BACKUP_PATH="$SITES_PATH/$PRIMARY_DOMAIN/backups/btcpayserver" BTCPAY_LOCAL_BACKUP_PATH="$SITES_PATH/$PRIMARY_DOMAIN/backups/btcpayserver"
@ -34,6 +34,6 @@ if [ -z "$BACKUP_BTCPAY_ARCHIVE_PATH" ]; then
fi fi
mkdir -p "$BTCPAY_LOCAL_BACKUP_PATH" mkdir -p "$BTCPAY_LOCAL_BACKUP_PATH"
scp "$BTCPAY_SERVER_FQDN:$REMOTE_BACKUP_PATH/btcpay.tar.gz" "$BACKUP_BTCPAY_ARCHIVE_PATH" scp "$BTCPAY_FQDN:$REMOTE_BACKUP_PATH/btcpay.tar.gz" "$BACKUP_BTCPAY_ARCHIVE_PATH"
echo "INFO: Created backup archive '$BACKUP_BTCPAY_ARCHIVE_PATH' for host '$BTCPAY_SERVER_FQDN'." echo "INFO: Created backup archive '$BACKUP_BTCPAY_ARCHIVE_PATH' for host '$BTCPAY_FQDN'."

View File

@ -5,27 +5,34 @@ cd "$(dirname "$0")"
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
# send an updated ~/.bashrc so we have quicker access to cli tools # send an updated ~/.bashrc so we have quicker access to cli tools
scp ./bashrc.txt "ubuntu@$BTCPAY_SERVER_FQDN:$REMOTE_HOME/.bashrc" scp ./bashrc.txt "ubuntu@$BTCPAY_FQDN:$REMOTE_HOME/.bashrc"
ssh "$BTCPAY_SERVER_FQDN" "chown ubuntu:ubuntu $REMOTE_HOME/.bashrc" ssh "$BTCPAY_FQDN" "chown ubuntu:ubuntu $REMOTE_HOME/.bashrc"
ssh "$BTCPAY_SERVER_FQDN" "chmod 0664 $REMOTE_HOME/.bashrc" ssh "$BTCPAY_FQDN" "chmod 0664 $REMOTE_HOME/.bashrc"
fi fi
./stub_btcpay_setup.sh export DOCKER_HOST="ssh://ubuntu@$BTCPAY_FQDN"
if [ "$STOP_SERVICES" = true ]; then
# run the update.
ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
else
./stub_btcpay_setup.sh
fi
# we will re-run the btcpayserver provisioning scripts if directed to do so. # we will re-run the btcpayserver provisioning scripts if directed to do so.
# if an update does occur, we grab another backup. # if an update does occur, we grab another backup.
if [ "$UPDATE_BTCPAY" = true ]; then if [ "$UPDATE_BTCPAY" = true ]; then
# run the update. # run the update.
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh" ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
# btcpay-update.sh brings services back up, but does not take them down. # btcpay-update.sh brings services back up, but does not take them down.
ssh "$BTCPAY_SERVER_FQDN" "sudo bash -c $BTCPAY_SERVER_APPPATH/btcpay-update.sh" ssh "$FQDN" "sudo bash -c $BTCPAY_SERVER_APPPATH/btcpay-update.sh"
sleep 30 sleep 30
elif [ "$RESTORE_BTCPAY" = true ]; then elif [ "$RESTORE_BTCPAY" = true ]; then
# run the update. # run the update.
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh" ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-down.sh"
sleep 15 sleep 15
./restore.sh ./restore.sh
@ -39,7 +46,8 @@ if [ "$BACKUP_BTCPAY" = true ]; then
./backup_btcpay.sh ./backup_btcpay.sh
fi fi
# The default is to resume services, though admin may want to keep services off (eg., for a migration) if [ "$STOP_SERVICES" = false ]; then
# we bring the services back up by default. # The default is to resume services, though admin may want to keep services off (eg., for a migration)
ssh "$BTCPAY_SERVER_FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-up.sh" # we bring the services back up by default.
ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-up.sh"
fi

View File

@ -39,7 +39,7 @@ done
if [ ! -d "btcpayserver-docker" ]; then if [ ! -d "btcpayserver-docker" ]; then
echo "cloning btcpayserver-docker"; echo "cloning btcpayserver-docker";
git clone -b master ${BTCPAYSERVER_GITREPO} btcpayserver-docker; git clone -b master ${BTCPAYSERVER_GITREPO} btcpayserver-docker;
git config --global --add safe.directory /home/ubuntu/ss-data/btcpayserver-docker git config --global --add safe.directory /home/ubuntu/btcpayserver-docker
else else
cd ./btcpayserver-docker cd ./btcpayserver-docker
git pull git pull
@ -50,7 +50,7 @@ fi
cd btcpayserver-docker cd btcpayserver-docker
export BTCPAY_HOST="${BTCPAY_USER_FQDN}" export BTCPAY_HOST="${BTCPAY_USER_FQDN}"
export BTCPAY_ANNOUNCEABLE_HOST="${BTCPAY_USER_FQDN}" export BTCPAY_ANNOUNCEABLE_HOST="${DOMAIN_NAME}"
export NBITCOIN_NETWORK="${BITCOIN_CHAIN}" export NBITCOIN_NETWORK="${BITCOIN_CHAIN}"
export LIGHTNING_ALIAS="${PRIMARY_DOMAIN}" export LIGHTNING_ALIAS="${PRIMARY_DOMAIN}"
export BTCPAYGEN_LIGHTNING="clightning" export BTCPAYGEN_LIGHTNING="clightning"
@ -79,8 +79,6 @@ services:
LIGHTNINGD_OPT: | LIGHTNINGD_OPT: |
announce-addr-dns=true announce-addr-dns=true
experimental-websocket-port=9736 experimental-websocket-port=9736
experimental-peer-storage
experimental-offers
ports: ports:
- "${CLIGHTNING_WEBSOCKET_PORT}:9736" - "${CLIGHTNING_WEBSOCKET_PORT}:9736"
expose: expose:
@ -88,7 +86,6 @@ services:
EOF EOF
# run the setup script. # run the setup script.
. ./btcpay-setup.sh -i . ./btcpay-setup.sh -i
@ -98,11 +95,11 @@ EOL
# send the setup script to the remote machine. # send the setup script to the remote machine.
scp "$SITE_PATH/btcpay.sh" "ubuntu@$BTCPAY_SERVER_FQDN:$REMOTE_DATA_PATH/btcpay_setup.sh" scp "$SITE_PATH/btcpay.sh" "ubuntu@$FQDN:$REMOTE_DATA_PATH/btcpay_setup.sh"
ssh "$BTCPAY_SERVER_FQDN" "chmod 0744 $REMOTE_DATA_PATH/btcpay_setup.sh" ssh "$BTCPAY_FQDN" "chmod 0744 $REMOTE_DATA_PATH/btcpay_setup.sh"
# script is executed under sudo # script is executed under sudo
ssh "$BTCPAY_SERVER_FQDN" "sudo bash -c $REMOTE_DATA_PATH/btcpay_setup.sh" ssh "$BTCPAY_FQDN" "sudo bash -c $REMOTE_DATA_PATH/btcpay_setup.sh"
# lets give time for the containers to spin up # lets give time for the containers to spin up
sleep 10 sleep 10

View File

@ -3,10 +3,12 @@
set -e set -e
export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME" export NEXTCLOUD_FQDN="$NEXTCLOUD_HOSTNAME.$DOMAIN_NAME"
export BTCPAY_FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME" export BTCPAY_USER_FQDN="$BTCPAY_HOSTNAME_IN_CERT.$DOMAIN_NAME"
export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME" export WWW_FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME" export GITEA_FQDN="$GITEA_HOSTNAME.$DOMAIN_NAME"
export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME" export NOSTR_FQDN="$NOSTR_HOSTNAME.$DOMAIN_NAME"
export CLAMS_FQDN="$CLAMS_HOSTNAME.$DOMAIN_NAME"
export ADMIN_ACCOUNT_USERNAME="info" export ADMIN_ACCOUNT_USERNAME="info"
export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME" export CERTIFICATE_EMAIL_ADDRESS="$ADMIN_ACCOUNT_USERNAME@$DOMAIN_NAME"

View File

@ -3,13 +3,12 @@
set -e set -e
export DEPLOY_GHOST=true export DEPLOY_GHOST=true
export DEPLOY_CLAMS=false
export DEPLOY_NOSTR=false export DEPLOY_NOSTR=false
export DEPLOY_NEXTCLOUD=false export DEPLOY_NEXTCLOUD=false
export DEPLOY_GITEA=false export DEPLOY_GITEA=false
export GHOST_DEPLOY_SMTP=false
export MAILGUN_FROM_ADDRESS=
export MAILGUN_SMTP_USERNAME=
export MAILGUN_SMTP_PASSWORD=
export SITE_LANGUAGE_CODES="en" export SITE_LANGUAGE_CODES="en"
export LANGUAGE_CODE="en" export LANGUAGE_CODE="en"
@ -34,7 +33,7 @@ DEFAULT_DB_IMAGE="mariadb:10.11.2-jammy"
# run the docker stack. # run the docker stack.
export GHOST_IMAGE="ghost:5.53.3" export GHOST_IMAGE="ghost:5.42.0"
# TODO switch to mysql. May require intricate export work for existing sites. # TODO switch to mysql. May require intricate export work for existing sites.
# THIS MUST BE COMPLETED BEFORE v1 RELEASE # THIS MUST BE COMPLETED BEFORE v1 RELEASE
@ -42,7 +41,7 @@ export GHOST_IMAGE="ghost:5.53.3"
export GHOST_DB_IMAGE="mysql:8.0.32" export GHOST_DB_IMAGE="mysql:8.0.32"
export NGINX_IMAGE="nginx:1.25.1" export NGINX_IMAGE="nginx:1.23.3"
# version of backup is 24.0.3 # version of backup is 24.0.3
export NEXTCLOUD_IMAGE="nextcloud:25.0.4" export NEXTCLOUD_IMAGE="nextcloud:25.0.4"
@ -55,7 +54,7 @@ export GITEA_DB_IMAGE="$DEFAULT_DB_IMAGE"
export NOSTR_RELAY_IMAGE="scsibug/nostr-rs-relay" export NOSTR_RELAY_IMAGE="scsibug/nostr-rs-relay"
export WWW_SERVER_MAC_ADDRESS= export WWW_SERVER_MAC_ADDRESS=
export BTCPAY_SERVER_MAC_ADDRESS= export BTCPAYSERVER_MAC_ADDRESS=
export OTHER_SITES_LIST= export OTHER_SITES_LIST=
export BTCPAY_ALT_NAMES= export BTCPAY_ALT_NAMES=

View File

@ -22,8 +22,10 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# this is minimum required; www and btcpay. # this is minimum required; www and btcpay.
DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN" DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"
if [ "$DOMAIN_NAME" = "$PRIMARY_DOMAIN" ]; then DOMAIN_STRING="$DOMAIN_STRING -d $CLAMS_FQDN"; fi
if [ "$DEPLOY_NEXTCLOUD" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NEXTCLOUD_FQDN"; fi if [ "$DEPLOY_NEXTCLOUD" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NEXTCLOUD_FQDN"; fi
if [ "$DEPLOY_GITEA" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $GITEA_FQDN"; fi if [ "$DEPLOY_GITEA" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $GITEA_FQDN"; fi
if [ "$DEPLOY_CLAMS" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $CLAMS_FQDN"; fi
if [ "$DEPLOY_NOSTR" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NOSTR_FQDN"; fi if [ "$DEPLOY_NOSTR" = true ]; then DOMAIN_STRING="$DOMAIN_STRING -d $NOSTR_FQDN"; fi

117
www/go.sh
View File

@ -1,11 +1,17 @@
#!/bin/bash #!/bin/bash
set -eu set -exu
cd "$(dirname "$0")" cd "$(dirname "$0")"
# redirect all docker commands to the remote host.
DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
export DOCKER_HOST="$DOCKER_HOST"
# Create the nginx config file which covers all domainys. # Create the nginx config file which covers all domainys.
bash -c ./stub/nginx_config.sh bash -c ./stub/nginx_config.sh
BUILD_CLAMS=false
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME" export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
@ -15,6 +21,12 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
source "$SITE_PATH/site.conf" source "$SITE_PATH/site.conf"
source ../domain_env.sh source ../domain_env.sh
if [ "$DEPLOY_CLAMS" = true ]; then
BUILD_CLAMS=true
fi
export BUILD_CLAMS="$BUILD_CLAMS"
### Let's check to ensure all the requiredsettings are set. ### Let's check to ensure all the requiredsettings are set.
if [ "$DEPLOY_GHOST" = true ]; then if [ "$DEPLOY_GHOST" = true ]; then
if [ -z "$GHOST_MYSQL_PASSWORD" ]; then if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
@ -72,50 +84,62 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
done done
./stop_docker_stacks.sh
# TODO check if there are any other stacks that are left running (other than reverse proxy) # TODO check if there are any other stacks that are left running (other than reverse proxy)
# if so, this may mean the user has disabled one or more domains and that existing sites/services # if so, this may mean the user has disabled one or more domains and that existing sites/services
# are still running. We should prompt the user of this and quit. They have to go manually docker stack remove these. # are still running. We should prompt the user of this and quit. They have to go manually docker stack remove these.
STACKS_STILL_RUNNING=false
if [[ $(docker stack list | wc -l) -gt 2 ]]; then if [[ $(docker stack list | wc -l) -gt 2 ]]; then
echo "WARNING! You still have stacks running. If you have modified the SITES list," echo "WARNING! You still have stacks running. If you have modified the SITES list, you may need to go remove the docker stacks runnong the remote machine."
echo " you may need to go remove the docker stacks running the remote machine." echo "exiting."
STACKS_STILL_RUNNING=true exit 1
fi fi
# generate the certs and grab a backup # ok, the backend stacks are stopped.
if [ "$RUN_CERT_RENEWAL" = true ] && [ "$RESTORE_CERTS" = false ] && [ "$STACKS_STILL_RUNNING" = false ]; then if [ "$RESTART_FRONT_END" = true ]; then
./generate_certs.sh
fi
# let's backup all our letsencrypt certs # generate the certs and grab a backup
export APP="letsencrypt" if [ "$RUN_CERT_RENEWAL" = true ] && [ "$RESTORE_CERTS" = false ]; then
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do if [ "$STOP_SERVICES" = false ]; then
export DOMAIN_NAME="$DOMAIN_NAME" ./generate_certs.sh
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
# source the site path so we know what features it has.
source ../../deployment_defaults.sh
source ../project_defaults.sh
source "$SITE_PATH/site.conf"
source ../domain_env.sh
# these variable are used by both backup/restore scripts.
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/www/$APP/$DOMAIN_IDENTIFIER"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP"
mkdir -p "$LOCAL_BACKUP_PATH"
# we grab a backup of the certs unless we're restoring.
if [ "$RESTORE_CERTS" = true ]; then
./restore_path.sh
else
if [ "$BACKUP_WWW_APPS" = true ]; then
./backup_path.sh
fi fi
fi fi
done
# let's backup all our letsencrypt certs
export APP="letsencrypt"
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
# source the site path so we know what features it has.
source ../../deployment_defaults.sh
source ../project_defaults.sh
source "$SITE_PATH/site.conf"
source ../domain_env.sh
# these variable are used by both backup/restore scripts.
export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/www/$APP/$DOMAIN_IDENTIFIER"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP"
mkdir -p "$LOCAL_BACKUP_PATH"
# we grab a backup of the certs unless we're restoring.
if [ "$RESTORE_CERTS" = true ]; then
./restore_path.sh
else
./backup_path.sh
fi
done
else
exit 0
fi
# build the clams docker image
if [ "$BUILD_CLAMS" = true ]; then
./clams/build.sh
fi
# nginx gets deployed first since it "owns" the docker networks of downstream services. # nginx gets deployed first since it "owns" the docker networks of downstream services.
./stub/nginx_yml.sh ./stub/nginx_yml.sh
@ -125,3 +149,24 @@ done
./stub/nextcloud_yml.sh ./stub/nextcloud_yml.sh
./stub/gitea_yml.sh ./stub/gitea_yml.sh
./stub/nostr_yml.sh ./stub/nostr_yml.sh
# # start a browser session; point it to port 80 to ensure HTTPS redirect.
# # WWW_FQDN is in our certificate, so we resolve to that.
# wait-for-it -t 320 "$WWW_FQDN:80"
# wait-for-it -t 320 "$WWW_FQDN:443"
# # open bowser tabs.
# if [ "$DEPLOY_GHOST" = true ]; then
# xdg-open "http://$WWW_FQDN" > /dev/null 2>&1
# fi
# if [ "$DEPLOY_NEXTCLOUD" = true ]; then
# xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1
# fi
# if [ "$DEPLOY_GITEA" = true ]; then
# xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1
# fi

View File

@ -1,10 +1,8 @@
#!/bin/bash #!/bin/bash
set -eu set -exu
cd "$(dirname "$0")" cd "$(dirname "$0")"
# this scripts brings down the docker stacks on www
# bring down ghost instances. # bring down ghost instances.
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME" export DOMAIN_NAME="$DOMAIN_NAME"
@ -39,6 +37,15 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
mkdir -p "$LOCAL_BACKUP_PATH" mkdir -p "$LOCAL_BACKUP_PATH"
fi fi
if [ "$RESTORE_WWW" = true ]; then
./restore_path.sh
fi
if [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up.
./backup_path.sh
fi
done done
done done
done done

View File

@ -3,9 +3,6 @@
set -eu set -eu
cd "$(dirname "$0")" cd "$(dirname "$0")"
docker pull "$GHOST_IMAGE"
DEPLOY_STACK=false DEPLOY_STACK=false
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME" export DOMAIN_NAME="$DOMAIN_NAME"
@ -73,21 +70,6 @@ EOL
- database__connection__database=ghost - database__connection__database=ghost
- database__pool__min=0 - database__pool__min=0
- privacy__useStructuredData=true - privacy__useStructuredData=true
EOL
# INSERT EMAIL OPTIONS HERE
if [ "$GHOST_DEPLOY_SMTP" = true ]; then
cat >>"$DOCKER_YAML_PATH" <<EOL
- mail__transport=SMTP
- mail__from=${MAILGUN_FROM_ADDRESS}
- mail__options__auth__user=${MAILGUN_SMTP_USERNAME}
- mail__options__auth__pass=${MAILGUN_SMTP_PASSWORD}
- mail__options__host=smtp.mailgun.org
- mail__options__port=587
EOL
fi
cat >>"$DOCKER_YAML_PATH" <<EOL
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
@ -126,7 +108,7 @@ EOL
EOL EOL
fi fi
if [ "$DEPLOY_STACK" = true ]; then if [ "$DEPLOY_STACK" = true ] && [ "$STOP_SERVICES" = false ]; then
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-ghost-$LANGUAGE_CODE" docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-ghost-$LANGUAGE_CODE"
sleep 2 sleep 2
fi fi

View File

@ -3,10 +3,6 @@
set -eu set -eu
cd "$(dirname "$0")" cd "$(dirname "$0")"
docker pull "$GITEA_IMAGE"
docker pull "$GITEA_DB_IMAGE"
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME" export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
@ -84,10 +80,10 @@ EOL
${DBNET_NAME}: ${DBNET_NAME}:
EOL EOL
if [ "$STOP_SERVICES" = false ]; then
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-gitea-$LANGUAGE_CODE" docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-gitea-$LANGUAGE_CODE"
sleep 1 sleep 1
fi
fi fi
done done

View File

@ -3,10 +3,6 @@
set -eu set -eu
cd "$(dirname "$0")" cd "$(dirname "$0")"
docker pull "$NEXTCLOUD_IMAGE"
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
export DOMAIN_NAME="$DOMAIN_NAME" export DOMAIN_NAME="$DOMAIN_NAME"
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
@ -78,7 +74,9 @@ networks:
EOL EOL
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nextcloud-en" if [ "$STOP_SERVICES" = false ]; then
sleep 1 docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nextcloud-en"
sleep 1
fi
fi fi
done done

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -eu set -e
cd "$(dirname "$0")" cd "$(dirname "$0")"
# here's the NGINX config. We support ghost and nextcloud. # here's the NGINX config. We support ghost and nextcloud.
@ -58,6 +58,24 @@ http {
EOL EOL
fi fi
if [ "$DEPLOY_CLAMS" = true ]; then
# clams-browser-app server
cat >>"$NGINX_CONF_PATH" <<EOL
# https server block for https://${CLAMS_FQDN}
server {
listen 80;
server_name ${CLAMS_FQDN};
location / {
return 301 https://${CLAMS_FQDN}\$request_uri;
}
}
EOL
fi
# ghost http to https redirects. # ghost http to https redirects.
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
# http://${DOMAIN_NAME} redirect to https://${WWW_FQDN} # http://${DOMAIN_NAME} redirect to https://${WWW_FQDN}
@ -172,7 +190,7 @@ EOL
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
# https://${DOMAIN_NAME} redirect to https://${WWW_FQDN} # https://${DOMAIN_NAME} redirect to https://${WWW_FQDN}
server { server {
listen 443 ssl; listen 443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem; ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem; ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
@ -241,7 +259,7 @@ EOL
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
# https server block for https://${BTCPAY_SERVER_NAMES} # https server block for https://${BTCPAY_SERVER_NAMES}
server { server {
listen 443 ssl; listen 443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem; ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem; ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
@ -251,8 +269,8 @@ EOL
# Route everything to the real BTCPay server # Route everything to the real BTCPay server
location / { location / {
#proxy_pass http://${BTCPAY_SERVER_FQDN//./-}.lxd:80; # URL of BTCPay Server on the ss-ovn logical network
proxy_pass http://10.10.10.66:80; proxy_pass http://${BTCPAY_HOSTNAME}-${PRIMARY_DOMAIN//./-}.lxd:80;
proxy_set_header Host \$http_host; proxy_set_header Host \$http_host;
proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
@ -265,6 +283,30 @@ EOL
EOL EOL
if [ "$DEPLOY_CLAMS" = true ]; then
# clams-browser-app server
cat >>"$NGINX_CONF_PATH" <<EOL
# https server block for https://${CLAMS_FQDN}
server {
listen 443 ssl;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
server_name ${CLAMS_FQDN};
server_tokens off;
autoindex off;
gzip_static on;
root /browser-app;
index 200.html;
}
EOL
fi
if [ "$DEPLOY_GHOST" = true ]; then if [ "$DEPLOY_GHOST" = true ]; then
echo " # set up cache paths for nginx caching" >>"$NGINX_CONF_PATH" echo " # set up cache paths for nginx caching" >>"$NGINX_CONF_PATH"
@ -281,7 +323,7 @@ EOL
# Main HTTPS listener for https://${WWW_FQDN} # Main HTTPS listener for https://${WWW_FQDN}
server { server {
listen 443 ssl; listen 443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem; ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem; ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
@ -404,7 +446,7 @@ fi
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
# TLS listener for ${NEXTCLOUD_FQDN} # TLS listener for ${NEXTCLOUD_FQDN}
server { server {
listen 443 ssl; listen 443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem; ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem; ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
@ -437,11 +479,26 @@ EOL
fi fi
# TODO this MIGHT be part of the solution for Twitter Cards.
# location /contents {
# resolver 127.0.0.11 ipv6=off valid=5m;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_intercept_errors on;
# proxy_pass http://ghost-${DOMAIN_IDENTIFIER}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
# }
# this piece is for GITEA.
if [ "$DEPLOY_GITEA" = true ]; then if [ "$DEPLOY_GITEA" = true ]; then
cat >>"$NGINX_CONF_PATH" <<EOL cat >>"$NGINX_CONF_PATH" <<EOL
# TLS listener for ${GITEA_FQDN} # TLS listener for ${GITEA_FQDN}
server { server {
listen 443 ssl; listen 443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem; ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem; ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;

View File

@ -3,8 +3,6 @@
set -e set -e
cd "$(dirname "$0")" cd "$(dirname "$0")"
docker pull "$NGINX_IMAGE"
#https://github.com/fiatjaf/expensive-relay #https://github.com/fiatjaf/expensive-relay
# NOSTR RELAY WHICH REQUIRES PAYMENTS. # NOSTR RELAY WHICH REQUIRES PAYMENTS.
DOCKER_YAML_PATH="$PROJECT_PATH/nginx.yml" DOCKER_YAML_PATH="$PROJECT_PATH/nginx.yml"
@ -139,9 +137,11 @@ EOL
done done
done done
# for some reason we need to wait here. See if there's a fix; poll for service readiness? if [ "$STOP_SERVICES" = false ]; then
sleep 5 # for some reason we need to wait here. See if there's a fix; poll for service readiness?
sleep 5
docker stack deploy -c "$DOCKER_YAML_PATH" reverse-proxy docker stack deploy -c "$DOCKER_YAML_PATH" reverse-proxy
# iterate over all our domains and create the nginx config file. # iterate over all our domains and create the nginx config file.
sleep 3 sleep 3
fi

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -eu set -e
cd "$(dirname "$0")" cd "$(dirname "$0")"
docker pull "$NOSTR_RELAY_IMAGE" docker pull "$NOSTR_RELAY_IMAGE"
@ -85,8 +85,9 @@ pubkey_whitelist = [ "${NOSTR_ACCOUNT_PUBKEY}" ]
domain_whitelist = [ "${DOMAIN_NAME}" ] domain_whitelist = [ "${DOMAIN_NAME}" ]
EOL EOL
docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nostr-$LANGUAGE_CODE" if [ "$STOP_SERVICES" = false ]; then
sleep 1 docker stack deploy -c "$DOCKER_YAML_PATH" "$DOMAIN_IDENTIFIER-nostr-$LANGUAGE_CODE"
sleep 1
fi
fi fi
done done