#!/bin/bash set -exu cd "$(dirname "$0")" # redirect all docker commands to the remote host. DOCKER_HOST="ssh://ubuntu@$WWW_FQDN" export DOCKER_HOST="$DOCKER_HOST" # Create the nginx config file which covers all domainys. bash -c ./stub/nginx_config.sh BUILD_CLAMS=false for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do export DOMAIN_NAME="$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" # source the site path so we know what features it has. source ../project_defaults.sh source "$SITE_PATH/site.conf" source ../domain_env.sh if [ "$DEPLOY_CLAMS" = true ]; then BUILD_CLAMS=true fi ### Let's check to ensure all the requiredsettings are set. if [ "$DEPLOY_GHOST" = true ]; then if [ -z "$GHOST_MYSQL_PASSWORD" ]; then echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site.conf." exit 1 fi if [ -z "$GHOST_MYSQL_ROOT_PASSWORD" ]; then echo "ERROR: Ensure GHOST_MYSQL_ROOT_PASSWORD is configured in your site.conf." exit 1 fi fi if [ "$DEPLOY_GITEA" = true ]; then if [ -z "$GITEA_MYSQL_PASSWORD" ]; then echo "ERROR: Ensure GITEA_MYSQL_PASSWORD is configured in your site.conf." exit 1 fi if [ -z "$GITEA_MYSQL_ROOT_PASSWORD" ]; then echo "ERROR: Ensure GITEA_MYSQL_ROOT_PASSWORD is configured in your site.conf." exit 1 fi fi if [ "$DEPLOY_NEXTCLOUD" = true ]; then if [ -z "$NEXTCLOUD_MYSQL_ROOT_PASSWORD" ]; then echo "ERROR: Ensure NEXTCLOUD_MYSQL_ROOT_PASSWORD is configured in your site.conf." exit 1 fi if [ -z "$NEXTCLOUD_MYSQL_PASSWORD" ]; then echo "ERROR: Ensure NEXTCLOUD_MYSQL_PASSWORD is configured in your site.conf." exit 1 fi fi if [ "$DEPLOY_NOSTR" = true ]; then if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then echo "ERROR: When deploying nostr, you MUST specify NOSTR_ACCOUNT_PUBKEY." exit 1 fi fi if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site.conf." exit 1 fi if [ -z "$DOMAIN_NAME" ]; then echo "ERROR: Ensure DOMAIN_NAME is configured in your site.conf." exit 1 fi done ./stop_docker_stacks.sh # TODO check if there are any other stacks that are left running (other than reverse proxy) # if so, this may mean the user has disabled one or more domains and that existing sites/services # are still running. We should prompt the user of this and quit. They have to go manually docker stack remove these. if [[ $(docker stack list | wc -l) -gt 2 ]]; then echo "WARNING! You still have stacks running. If you have modified the SITES list, you may need to go remove the docker stacks runnong the remote machine." echo "exiting." exit 1 fi # ok, the backend stacks are stopped. if [ "$RESTART_FRONT_END" = true ]; then # generate the certs and grab a backup if [ "$RUN_CERT_RENEWAL" = true ] && [ "$RESTORE_CERTS" = false ]; then if [ "$STOP_SERVICES" = false ]; then ./generate_certs.sh fi fi # let's backup all our letsencrypt certs export APP="letsencrypt" for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do export DOMAIN_NAME="$DOMAIN_NAME" export SITE_PATH="$SITES_PATH/$DOMAIN_NAME" # source the site path so we know what features it has. source ../../deployment_defaults.sh source ../project_defaults.sh source "$SITE_PATH/site.conf" source ../domain_env.sh # these variable are used by both backup/restore scripts. export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/www/$APP/$DOMAIN_IDENTIFIER" export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME" # ensure our local backup path exists so we can pull down the duplicity archive to the management machine. export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP" mkdir -p "$LOCAL_BACKUP_PATH" # we grab a backup of the certs unless we're restoring. if [ "$RESTORE_CERTS" = true ]; then ./restore_path.sh else ./backup_path.sh fi done else exit 0 fi # build the clams docker image if [ "$BUILD_CLAMS" = true ]; then ./clams/build.sh fi # nginx gets deployed first since it "owns" the docker networks of downstream services. ./stub/nginx_yml.sh # next run our application stub logic. These deploy the apps too if configured to do so. ./stub/ghost_yml.sh ./stub/nextcloud_yml.sh ./stub/gitea_yml.sh ./stub/nostr_yml.sh # # start a browser session; point it to port 80 to ensure HTTPS redirect. # # WWW_FQDN is in our certificate, so we resolve to that. # wait-for-it -t 320 "$WWW_FQDN:80" # wait-for-it -t 320 "$WWW_FQDN:443" # # open bowser tabs. # if [ "$DEPLOY_GHOST" = true ]; then # xdg-open "http://$WWW_FQDN" > /dev/null 2>&1 # fi # if [ "$DEPLOY_NEXTCLOUD" = true ]; then # xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1 # fi # if [ "$DEPLOY_GITEA" = true ]; then # xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1 # fi