1
1

Backup/Restore kinda working.

This commit is contained in:
Derek Smith 2022-10-08 12:44:46 -04:00
parent fd0c615dac
commit 472ac25617
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
14 changed files with 183 additions and 133 deletions

View File

@ -7,7 +7,7 @@ export WWW_SERVER_MAC_ADDRESS=
export DEPLOY_BTCPPAY_SERVER=false
export DEPLOY_GHOST=true
export DEPLOY_NOSTR=false
export DEPLOY_NOSTR_RELAY=false
export DEPLOY_ONION_SITE=false
export DEPLOY_NEXTCLOUD=false
export DEPLOY_GITEA=false

View File

@ -27,16 +27,14 @@ fi
DOMAIN_NAME=
RESTORE_ARCHIVE=
VPS_HOSTING_TARGET=lxd
RUN_CERT_RENEWAL=false
RUN_CERT_RENEWAL=true
RESTORE_WWW=false
BACKUP_CERTS=true
BACKUP_GHOST=true
RESTORE_BTCPAY=false
BACKUP_CERTS=false
BACKUP_APPS=false
BACKUP_BTCPAY=false
RESTORE_BTCPAY=false
MIGRATE_WWW=false
MIGRATE_BTCPAY=false
USER_SKIP_WWW=false
USER_SKIP_BTCPAY=false
UPDATE_BTCPAY=false
@ -53,13 +51,14 @@ for i in "$@"; do
;;
--restore-www)
RESTORE_WWW=true
BACKUP_GHOST=false
BACKUP_APPS=false
RUN_CERT_RENEWAL=false
shift
;;
--restore-btcpay)
RESTORE_BTCPAY=true
BACKUP_BTCPAY=false
RUN_CERT_RENEWAL=false
shift
;;
--backup-certs)
@ -87,7 +86,7 @@ for i in "$@"; do
shift
;;
--backup-ghost)
BACKUP_GHOST=true
BACKUP_APPS=true
shift
;;
--backup-btcpay)
@ -130,7 +129,7 @@ export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
export RESTORE_WWW="$RESTORE_WWW"
export BACKUP_CERTS="$BACKUP_CERTS"
export BACKUP_GHOST="$BACKUP_GHOST"
export BACKUP_APPS="$BACKUP_APPS"
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
export BACKUP_BTCPAY="$RESTORE_BTCPAY"
export MIGRATE_WWW="$MIGRATE_WWW"
@ -426,15 +425,13 @@ function stub_site_definition {
export DOMAIN_NAME="${DOMAIN_NAME}"
export SITE_LANGUAGE_CODES="en"
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
# AWS only
#export DDNS_PASSWORD=
#export BTCPAY_HOSTNAME_IN_CERT="store"
export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true
export DEPLOY_NOSTR=false
export DEPLOY_NOSTR_RELAY=false
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
export DEPLOY_GITEA=false
export DEPLOY_ONION_SITE=false
#export DEPLOY_ONION_SITE=false
export GHOST_MYSQL_PASSWORD="$(new_pass)"
export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"

View File

@ -3,53 +3,29 @@
set -eux
cd "$(dirname "$0")"
#$1 should be the app path (ghost,nextcloud,gitea)
#$2 should be the domain to backup
if [ -z "$1" ]; then
echo "ERROR: the app path was not specified."
exit 1
fi
# TODO: We are using extra space on the remote VPS at the moment for the duplicity backup files.
# we could eliminate that and simply save duplicity backups to the management machine running the script
# this could be done by using a local path and mounting it on the remote VPS.
# maybe something like https://superuser.com/questions/616182/how-to-mount-local-directory-to-remote-like-sshfs
REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
REMOTE_BACKUP_LOCATION="$REMOTE_BACKUP_PATH/$1/$DOMAIN_NAME"
# step 1: run duplicity on the remote system to backup all files to the remote system.
# --allow-source-mismatch
REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$1/$DOMAIN_NAME"
# if the source files to backup don't exist on the remote host, we return.
if ! ssh "$PRIMARY_WWW_FQDN" "[ -d $REMOTE_SOURCE_BACKUP_PATH"; then
if ! ssh "$PRIMARY_WWW_FQDN" "[ -d $REMOTE_SOURCE_BACKUP_PATH ]"; then
echo "INFO: The path to backup does not exist. There's nothing to backup! That's ok, execution will continue."
exit 0
fi
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity "$REMOTE_SOURCE_BACKUP_PATH" "file://$REMOTE_BACKUP_LOCATION"
ssh "$PRIMARY_WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_LOCATION"
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity "$REMOTE_SOURCE_BACKUP_PATH" "file://$REMOTE_BACKUP_PATH"
ssh "$PRIMARY_WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_PATH"
SSHFS_PATH="/tmp/sshfs_temp"
mkdir -p "$SSHFS_PATH"
# now let's pull down the latest files from the backup directory.
# create a temp directory to serve as the mountpoint for the remote machine backups directory
sshfs "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_LOCATION" "$SSHFS_PATH"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$BACKUP_TIMESTAMP"
if [ "$1" = letsencrypt ]; then
LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/letsencrypt"
fi
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
mkdir -p "$LOCAL_BACKUP_PATH"
fi
sshfs "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH" "$SSHFS_PATH"
# rsync the files from the remote server to our local backup path.
rsync -av "$SSHFS_PATH/" "$LOCAL_BACKUP_PATH/"

View File

@ -55,7 +55,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
fi
fi
if [ "$DEPLOY_NOSTR" = true ]; then
if [ "$DEPLOY_NOSTR_RELAY" = true ]; then
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
exit 1
@ -85,24 +85,10 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
TOR_CONFIG_PATH=
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
fi
done
./stop_docker_stacks.sh
if [ "$RESTORE_WWW" = true ]; then
# Generally speaking we try to restore data. But if the BACKUP directory was
# just created, we know that we'll deploy fresh.
./restore.sh
fi
if [ "$DEPLOY_ONION_SITE" = true ]; then
# ensure the tor image is built
docker build -t tor:latest ./tor
@ -129,7 +115,13 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
fi
bash -c ./stub/nginx_yml.sh
sleep 3
bash -c ./stub/ghost_yml.sh
sleep 3
bash -c ./stub/gitea_yml.sh

View File

@ -1,19 +0,0 @@
#!/bin/bash
set -exu
# first, this is a restore operation. We need to ask the administrator
# if they want to continue because it results in data loss.
# indeed, our first step is the delete the home directory on the remote server.
# delete the home directory so we know we are restoring all files from the duplicity archive.
ssh "$PRIMARY_WWW_FQDN" sudo rm -rf "$REMOTE_HOME/*"
# scp our local backup directory to the remote machine
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_BACKUP_PATH"
# TODO instead of scp the files up there, lets' mount the local backup folder to a remote folder then just run a duplicity restore.
scp -r "$LOCAL_BACKUP_PATH" "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH"
# now we run duplicity to restore the archive.
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/$BACKUP_TIMESTAMP" "$REMOTE_HOME/"

28
deployment/www/restore_path.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
set -eux
cd "$(dirname "$0")"
FILE_COUNT="$(find "$LOCAL_BACKUP_PATH" -type f | wc -l)"
if [ "$FILE_COUNT" = 0 ]; then
echo "ERROR: there are no files in the local backup path '$LOCAL_BACKUP_PATH'."
echo "We're going to continue with execution."
exit 0
fi
RESPONSE=
read -r -p "Are you sure you want to restore the local path '$LOCAL_BACKUP_PATH' to the remote server at '$PRIMARY_WWW_FQDN' (y/n)": RESPONSE
if [ "$RESPONSE" != y ]; then
echo "STOPPING."
exit 0
fi
# delete the target backup path so we can push restoration files from the management machine.
ssh "$PRIMARY_WWW_FQDN" sudo rm -rf "$REMOTE_SOURCE_BACKUP_PATH"
# scp our local backup directory to the remote machine
ssh "$PRIMARY_WWW_FQDN" "sudo mkdir -p $REMOTE_BACKUP_PATH && sudo chown ubuntu:ubuntu $REMOTE_BACKUP_PATH"
scp -r "$LOCAL_BACKUP_PATH" "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH"
# now we run duplicity to restore the archive.
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/$BACKUP_TIMESTAMP" "$REMOTE_HOME/"

View File

@ -24,7 +24,26 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
sleep 2
fi
./backup_path.sh "$APP"
# these variable are used by both backup/restore scripts.
export APP="$APP"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP/$BACKUP_TIMESTAMP"
# ensure our local backup path exists.
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
mkdir -p "$LOCAL_BACKUP_PATH"
fi
if [ "$RESTORE_WWW" = true ]; then
./restore_path.sh
elif [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up.
./backup_path.sh
fi
done
done
done
@ -36,6 +55,8 @@ if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then
# wait for all docker containers to stop.
# TODO see if there's a way to check for this.
sleep 10
docker system prune -f
fi
# generate the certs and grab a backup
@ -54,7 +75,15 @@ if [ "$BACKUP_CERTS" = true ]; then
source "$SITE_PATH/site_definition"
source ../../domain_env.sh
./backup_path.sh "letsencrypt"
done
# these variable are used by both backup/restore scripts.
export APP="letsencrypt"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP/$BACKUP_TIMESTAMP"
mkdir -p "$LOCAL_BACKUP_PATH"
./backup_path.sh
done
fi

View File

@ -47,9 +47,17 @@ EOL
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/ghost:/var/lib/ghost/content
environment:
EOL
if [ "$LANGUAGE_CODE" = "en" ]; then
cat >>"$DOCKER_YAML_PATH" <<EOL
- url=https://${WWW_FQDN}
EOL
else
cat >>"$DOCKER_YAML_PATH" <<EOL
- url=https://${WWW_FQDN}/${LANGUAGE_CODE}
EOL
fi
cat >>"$DOCKER_YAML_PATH" <<EOL
- url=https://${WWW_FQDN}/${LANGUAGE_CODE}
- database__client=mysql
- database__connection__host=${GHOST_DB_STACK_TAG}
- database__connection__user=ghost

View File

@ -15,17 +15,13 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
if [ "$DEPLOY_GITEA" = true ]; then
GITEA_PATH="$REMOTE_GITEA_PATH/$DOMAIN_NAME/${LANGUAGE_CODE}"
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH"
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH/data" "$GITEA_PATH/db"
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
export STACK_TAG="gitea-$STACK_NAME"
export DB_STACK_TAG="giteadb-$STACK_NAME"
# todo append domain number or port number.
WEBSTACK_PATH="$SITE_PATH/webstack"
mkdir -p "$WEBSTACK_PATH" "$WEBSTACK_PATH/data" "$WEBSTACK_PATH/db"
export DOCKER_YAML_PATH="$WEBSTACK_PATH/gitea-en.yml"
export DOCKER_YAML_PATH="$SITE_PATH/webstack/gitea-en.yml"
NET_NAME="giteanet-$DOCKER_STACK_SUFFIX"
DBNET_NAME="giteadbnet-$DOCKER_STACK_SUFFIX"

View File

@ -1,6 +1,10 @@
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
fi

View File

@ -170,8 +170,7 @@ EOL
# this map allows us to route the clients request to the correct Ghost instance
# based on the clients browser language setting.
map \$http_accept_language \$lang {
default "en";
~en en;
default "";
~es es;
}
@ -192,13 +191,13 @@ EOL
# catch all; send request to ${WWW_FQDN}
location / {
return 301 https://${WWW_FQDN}/\$request_uri;
return 301 https://${WWW_FQDN}\$request_uri;
}
EOL
if [ "$DEPLOY_NOSTR" = true ]; then
if [ "$DEPLOY_NOSTR_RELAY" = true ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
# We return a JSON object with name/pubkey mapping per NIP05.
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
@ -294,20 +293,20 @@ EOL
# EOL
# fi
cat >>"$NGINX_CONF_PATH" <<EOL
# if the client is accesssing https://${WWW_FQDN}/ , then we check the client
# langauge header and send them to the correct ghost instance based on language
location / {
rewrite (.*) \$1/\$lang;
}
EOL
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
cat >>"$NGINX_CONF_PATH" <<EOL
if [ "$LANGUAGE_CODE" = en ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
location ~ ^/(ghost/|p/|private/) {
EOL
else
cat >>"$NGINX_CONF_PATH" <<EOL
location ~ ^/${LANGUAGE_CODE}/(ghost/|p/|private/) {
EOL
fi
cat >>"$NGINX_CONF_PATH" <<EOL
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$http_host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
@ -320,11 +319,36 @@ EOL
done
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
ROOT_SITE_LANGUAGE_CODES="$SITE_LANGUAGE_CODES"
for LANGUAGE_CODE in ${ROOT_SITE_LANGUAGE_CODES//,/ }; do
cat >>"$NGINX_CONF_PATH" <<EOL
# Location block to back https://${WWW_FQDN}/${LANGUAGE_CODE}
# Location block to back https://${WWW_FQDN}/${LANGUAGE_CODE} or https://${WWW_FQDN}/ if english.
EOL
if [ "$LANGUAGE_CODE" = en ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
location / {
EOL
if (( "$LANGUAGE_CODE_COUNT" > 1 )); then
# we only need this clause if we know there is more than once lanuage being rendered.
cat >>"$NGINX_CONF_PATH" <<EOL
# Redirect the user to the correct language using the map above.
if ( \$http_accept_language !~* '^en(.*)\$' ) {
#rewrite (.*) \$1/\$lang;
return 302 https://${WWW_FQDN}/\$lang;
}
EOL
fi
else
cat >>"$NGINX_CONF_PATH" <<EOL
location /${LANGUAGE_CODE} {
#set_from_accept_language \$lang en es;
EOL
fi
cat >>"$NGINX_CONF_PATH" <<EOL
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$http_host;
@ -362,19 +386,38 @@ EOL
EOL
done
# this is the closing server block for the ghost HTTPS segment
cat >>"$NGINX_CONF_PATH" <<EOL
}
EOL
# TODO this MIGHT be part of the solution for Twitter Cards.
# location /contents {
# resolver 127.0.0.11 ipv6=off valid=5m;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_intercept_errors on;
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
# }
# this piece is for GITEA.
if [ "$DEPLOY_GITEA" = true ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
# TLS listener for ${GITEA_FQDN}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
server_name ${GITEA_FQDN};
location / {
@ -386,25 +429,12 @@ EOL
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://gitea:3000;
proxy_pass http://gitea-${DOCKER_STACK_SUFFIX}-en:3000;
}
}
EOL
done
# TODO this MIGHT be part of the solution for Twitter Cards.
# location /contents {
# resolver 127.0.0.11 ipv6=off valid=5m;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_intercept_errors on;
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
# }
fi
iteration=$((iteration+1))
done

View File

@ -1,6 +1,6 @@
#!/bin/bash
set -eux
set -euox
cd "$(dirname "$0")"
#https://github.com/fiatjaf/expensive-relay
@ -27,22 +27,28 @@ EOL
source "$SITE_PATH/site_definition"
source ../../../domain_env.sh
# for each language specified in the site_definition, we spawn a separate ghost container
# at https://www.domain.com/$LANGUAGE_CODE
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
# We create another ghost instance under /
cat >> "$DOCKER_YAML_PATH" <<EOL
- ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
EOL
if [ "$LANGUAGE_CODE" = en ]; then
if [ "$DEPLOY_GITEA" = "true" ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
- giteanet-$DOCKER_STACK_SUFFIX-en
EOL
fi
fi
done
done
if [ "$DEPLOY_GITEA" = true ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
- giteanet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
EOL
fi
cat >> "$DOCKER_YAML_PATH" <<EOL
volumes:
@ -92,7 +98,7 @@ EOL
if [ "$DEPLOY_GITEA" = true ]; then
cat >> "$DOCKER_YAML_PATH" <<EOL
giteanet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE:
giteanet-$DOCKER_STACK_SUFFIX-en:
attachable: true
EOL

View File

@ -24,3 +24,6 @@ UNIX_BACKUP_TIMESTAMP="$(date +%s)"
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
export DOCKER_STACK_SUFFIX="${DOMAIN_NAME//./-}"
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))

View File

@ -7,7 +7,7 @@ export DUPLICITY_BACKUP_PASSPHRASE=
export BTCPAY_HOSTNAME_IN_CERT=
export DEPLOY_GHOST=true
export DEPLOY_NEXTCLOUD=true
export DEPLOY_NOSTR=false
export DEPLOY_NOSTR_RELAY=false
export NOSTR_ACCOUNT_PUBKEY=
export DEPLOY_GITEA=false
export DEPLOY_ONION_SITE=false