Compare commits
No commits in common. "897e75b016b9280dc32386ebe86f78ff786a5340" and "fd0c615dac0236730deb4bc55c95aa8188a3f602" have entirely different histories.
897e75b016
...
fd0c615dac
@ -7,7 +7,7 @@ export WWW_SERVER_MAC_ADDRESS=
|
|||||||
export DEPLOY_BTCPPAY_SERVER=false
|
export DEPLOY_BTCPPAY_SERVER=false
|
||||||
|
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
export DEPLOY_NOSTR_RELAY=false
|
export DEPLOY_NOSTR=false
|
||||||
export DEPLOY_ONION_SITE=false
|
export DEPLOY_ONION_SITE=false
|
||||||
export DEPLOY_NEXTCLOUD=false
|
export DEPLOY_NEXTCLOUD=false
|
||||||
export DEPLOY_GITEA=false
|
export DEPLOY_GITEA=false
|
||||||
|
19
deploy.sh
19
deploy.sh
@ -28,13 +28,15 @@ DOMAIN_NAME=
|
|||||||
RESTORE_ARCHIVE=
|
RESTORE_ARCHIVE=
|
||||||
VPS_HOSTING_TARGET=lxd
|
VPS_HOSTING_TARGET=lxd
|
||||||
RUN_CERT_RENEWAL=false
|
RUN_CERT_RENEWAL=false
|
||||||
|
|
||||||
RESTORE_WWW=false
|
RESTORE_WWW=false
|
||||||
BACKUP_CERTS=true
|
BACKUP_CERTS=true
|
||||||
BACKUP_APPS=true
|
BACKUP_GHOST=true
|
||||||
BACKUP_BTCPAY=false
|
|
||||||
RESTORE_BTCPAY=false
|
RESTORE_BTCPAY=false
|
||||||
|
BACKUP_BTCPAY=false
|
||||||
MIGRATE_WWW=false
|
MIGRATE_WWW=false
|
||||||
MIGRATE_BTCPAY=false
|
MIGRATE_BTCPAY=false
|
||||||
|
|
||||||
USER_SKIP_WWW=false
|
USER_SKIP_WWW=false
|
||||||
USER_SKIP_BTCPAY=false
|
USER_SKIP_BTCPAY=false
|
||||||
UPDATE_BTCPAY=false
|
UPDATE_BTCPAY=false
|
||||||
@ -51,14 +53,13 @@ for i in "$@"; do
|
|||||||
;;
|
;;
|
||||||
--restore-www)
|
--restore-www)
|
||||||
RESTORE_WWW=true
|
RESTORE_WWW=true
|
||||||
BACKUP_APPS=false
|
BACKUP_GHOST=false
|
||||||
RUN_CERT_RENEWAL=false
|
RUN_CERT_RENEWAL=false
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--restore-btcpay)
|
--restore-btcpay)
|
||||||
RESTORE_BTCPAY=true
|
RESTORE_BTCPAY=true
|
||||||
BACKUP_BTCPAY=false
|
BACKUP_BTCPAY=false
|
||||||
RUN_CERT_RENEWAL=false
|
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--backup-certs)
|
--backup-certs)
|
||||||
@ -86,7 +87,7 @@ for i in "$@"; do
|
|||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--backup-ghost)
|
--backup-ghost)
|
||||||
BACKUP_APPS=true
|
BACKUP_GHOST=true
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--backup-btcpay)
|
--backup-btcpay)
|
||||||
@ -129,7 +130,7 @@ export RESTORE_ARCHIVE="$RESTORE_ARCHIVE"
|
|||||||
export RESTORE_WWW="$RESTORE_WWW"
|
export RESTORE_WWW="$RESTORE_WWW"
|
||||||
|
|
||||||
export BACKUP_CERTS="$BACKUP_CERTS"
|
export BACKUP_CERTS="$BACKUP_CERTS"
|
||||||
export BACKUP_APPS="$BACKUP_APPS"
|
export BACKUP_GHOST="$BACKUP_GHOST"
|
||||||
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
|
export RESTORE_BTCPAY="$RESTORE_BTCPAY"
|
||||||
export BACKUP_BTCPAY="$RESTORE_BTCPAY"
|
export BACKUP_BTCPAY="$RESTORE_BTCPAY"
|
||||||
export MIGRATE_WWW="$MIGRATE_WWW"
|
export MIGRATE_WWW="$MIGRATE_WWW"
|
||||||
@ -425,13 +426,15 @@ function stub_site_definition {
|
|||||||
export DOMAIN_NAME="${DOMAIN_NAME}"
|
export DOMAIN_NAME="${DOMAIN_NAME}"
|
||||||
export SITE_LANGUAGE_CODES="en"
|
export SITE_LANGUAGE_CODES="en"
|
||||||
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||||
|
# AWS only
|
||||||
|
#export DDNS_PASSWORD=
|
||||||
#export BTCPAY_HOSTNAME_IN_CERT="store"
|
#export BTCPAY_HOSTNAME_IN_CERT="store"
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
export DEPLOY_NEXTCLOUD=true
|
export DEPLOY_NEXTCLOUD=true
|
||||||
export DEPLOY_NOSTR_RELAY=false
|
export DEPLOY_NOSTR=false
|
||||||
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
|
export NOSTR_ACCOUNT_PUBKEY="CHANGE_ME"
|
||||||
export DEPLOY_GITEA=false
|
export DEPLOY_GITEA=false
|
||||||
#export DEPLOY_ONION_SITE=false
|
export DEPLOY_ONION_SITE=false
|
||||||
export GHOST_MYSQL_PASSWORD="$(new_pass)"
|
export GHOST_MYSQL_PASSWORD="$(new_pass)"
|
||||||
export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
export GHOST_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||||
export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"
|
export NEXTCLOUD_MYSQL_PASSWORD="$(new_pass)"
|
||||||
|
@ -3,29 +3,53 @@
|
|||||||
set -eux
|
set -eux
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
|
||||||
|
#$1 should be the app path (ghost,nextcloud,gitea)
|
||||||
|
#$2 should be the domain to backup
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "ERROR: the app path was not specified."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# TODO: We are using extra space on the remote VPS at the moment for the duplicity backup files.
|
# TODO: We are using extra space on the remote VPS at the moment for the duplicity backup files.
|
||||||
# we could eliminate that and simply save duplicity backups to the management machine running the script
|
# we could eliminate that and simply save duplicity backups to the management machine running the script
|
||||||
# this could be done by using a local path and mounting it on the remote VPS.
|
# this could be done by using a local path and mounting it on the remote VPS.
|
||||||
# maybe something like https://superuser.com/questions/616182/how-to-mount-local-directory-to-remote-like-sshfs
|
# maybe something like https://superuser.com/questions/616182/how-to-mount-local-directory-to-remote-like-sshfs
|
||||||
|
|
||||||
|
REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||||
|
REMOTE_BACKUP_LOCATION="$REMOTE_BACKUP_PATH/$1/$DOMAIN_NAME"
|
||||||
|
|
||||||
# step 1: run duplicity on the remote system to backup all files to the remote system.
|
# step 1: run duplicity on the remote system to backup all files to the remote system.
|
||||||
# --allow-source-mismatch
|
# --allow-source-mismatch
|
||||||
|
REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$1/$DOMAIN_NAME"
|
||||||
|
|
||||||
# if the source files to backup don't exist on the remote host, we return.
|
# if the source files to backup don't exist on the remote host, we return.
|
||||||
if ! ssh "$PRIMARY_WWW_FQDN" "[ -d $REMOTE_SOURCE_BACKUP_PATH ]"; then
|
if ! ssh "$PRIMARY_WWW_FQDN" "[ -d $REMOTE_SOURCE_BACKUP_PATH"; then
|
||||||
echo "INFO: The path to backup does not exist. There's nothing to backup! That's ok, execution will continue."
|
echo "INFO: The path to backup does not exist. There's nothing to backup! That's ok, execution will continue."
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity "$REMOTE_SOURCE_BACKUP_PATH" "file://$REMOTE_BACKUP_PATH"
|
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity "$REMOTE_SOURCE_BACKUP_PATH" "file://$REMOTE_BACKUP_LOCATION"
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_PATH"
|
ssh "$PRIMARY_WWW_FQDN" sudo chown -R ubuntu:ubuntu "$REMOTE_BACKUP_LOCATION"
|
||||||
|
|
||||||
|
|
||||||
SSHFS_PATH="/tmp/sshfs_temp"
|
SSHFS_PATH="/tmp/sshfs_temp"
|
||||||
mkdir -p "$SSHFS_PATH"
|
mkdir -p "$SSHFS_PATH"
|
||||||
|
|
||||||
# now let's pull down the latest files from the backup directory.
|
# now let's pull down the latest files from the backup directory.
|
||||||
# create a temp directory to serve as the mountpoint for the remote machine backups directory
|
# create a temp directory to serve as the mountpoint for the remote machine backups directory
|
||||||
sshfs "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH" "$SSHFS_PATH"
|
sshfs "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_LOCATION" "$SSHFS_PATH"
|
||||||
|
|
||||||
|
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
|
||||||
|
LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$BACKUP_TIMESTAMP"
|
||||||
|
if [ "$1" = letsencrypt ]; then
|
||||||
|
LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/letsencrypt"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
|
||||||
|
mkdir -p "$LOCAL_BACKUP_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
# rsync the files from the remote server to our local backup path.
|
# rsync the files from the remote server to our local backup path.
|
||||||
rsync -av "$SSHFS_PATH/" "$LOCAL_BACKUP_PATH/"
|
rsync -av "$SSHFS_PATH/" "$LOCAL_BACKUP_PATH/"
|
||||||
|
@ -55,7 +55,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$DEPLOY_NOSTR_RELAY" = true ]; then
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||||
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
echo "ERROR: Ensure NOSTR_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||||
exit 1
|
exit 1
|
||||||
@ -85,10 +85,24 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
|
|
||||||
TOR_CONFIG_PATH=
|
TOR_CONFIG_PATH=
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
./stop_docker_stacks.sh
|
./stop_docker_stacks.sh
|
||||||
|
|
||||||
|
if [ "$RESTORE_WWW" = true ]; then
|
||||||
|
# Generally speaking we try to restore data. But if the BACKUP directory was
|
||||||
|
# just created, we know that we'll deploy fresh.
|
||||||
|
./restore.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ "$DEPLOY_ONION_SITE" = true ]; then
|
if [ "$DEPLOY_ONION_SITE" = true ]; then
|
||||||
# ensure the tor image is built
|
# ensure the tor image is built
|
||||||
docker build -t tor:latest ./tor
|
docker build -t tor:latest ./tor
|
||||||
@ -115,13 +129,7 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
bash -c ./stub/nginx_yml.sh
|
bash -c ./stub/nginx_yml.sh
|
||||||
|
|
||||||
sleep 3
|
|
||||||
|
|
||||||
bash -c ./stub/ghost_yml.sh
|
bash -c ./stub/ghost_yml.sh
|
||||||
|
|
||||||
sleep 3
|
|
||||||
|
|
||||||
bash -c ./stub/gitea_yml.sh
|
bash -c ./stub/gitea_yml.sh
|
||||||
|
|
||||||
|
|
||||||
|
19
deployment/www/restore.sh
Executable file
19
deployment/www/restore.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -exu
|
||||||
|
|
||||||
|
# first, this is a restore operation. We need to ask the administrator
|
||||||
|
# if they want to continue because it results in data loss.
|
||||||
|
# indeed, our first step is the delete the home directory on the remote server.
|
||||||
|
|
||||||
|
# delete the home directory so we know we are restoring all files from the duplicity archive.
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" sudo rm -rf "$REMOTE_HOME/*"
|
||||||
|
|
||||||
|
# scp our local backup directory to the remote machine
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_BACKUP_PATH"
|
||||||
|
|
||||||
|
# TODO instead of scp the files up there, lets' mount the local backup folder to a remote folder then just run a duplicity restore.
|
||||||
|
scp -r "$LOCAL_BACKUP_PATH" "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH"
|
||||||
|
|
||||||
|
# now we run duplicity to restore the archive.
|
||||||
|
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/$BACKUP_TIMESTAMP" "$REMOTE_HOME/"
|
@ -1,31 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -eux
|
|
||||||
cd "$(dirname "$0")"
|
|
||||||
|
|
||||||
FILE_COUNT="$(find "$LOCAL_BACKUP_PATH" -type f | wc -l)"
|
|
||||||
if [ "$FILE_COUNT" = 0 ]; then
|
|
||||||
echo "ERROR: there are no files in the local backup path '$LOCAL_BACKUP_PATH'."
|
|
||||||
echo "We're going to continue with execution."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
RESPONSE=
|
|
||||||
read -r -p "Are you sure you want to restore the local path '$LOCAL_BACKUP_PATH' to the remote server at '$PRIMARY_WWW_FQDN' (y/n)": RESPONSE
|
|
||||||
if [ "$RESPONSE" != y ]; then
|
|
||||||
echo "STOPPING."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# delete the target backup path so we can push restoration files from the management machine.
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo rm -rf "$REMOTE_SOURCE_BACKUP_PATH"
|
|
||||||
|
|
||||||
# scp our local backup directory to the remote machine
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_BACKUP_PATH"
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_BACKUP_PATH"
|
|
||||||
|
|
||||||
scp -r "$LOCAL_BACKUP_PATH" "$PRIMARY_WWW_FQDN:$REMOTE_BACKUP_PATH"
|
|
||||||
|
|
||||||
# now we run duplicity to restore the archive.
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo PASSPHRASE="$DUPLICITY_BACKUP_PASSPHRASE" duplicity --force restore "file://$REMOTE_BACKUP_PATH/$BACKUP_TIMESTAMP" "$REMOTE_SOURCE_BACKUP_PATH/"
|
|
||||||
|
|
@ -24,26 +24,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
sleep 2
|
sleep 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# these variable are used by both backup/restore scripts.
|
./backup_path.sh "$APP"
|
||||||
export APP="$APP"
|
|
||||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
|
||||||
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
|
|
||||||
|
|
||||||
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
|
|
||||||
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP/$BACKUP_TIMESTAMP"
|
|
||||||
|
|
||||||
# ensure our local backup path exists.
|
|
||||||
if [ ! -d "$LOCAL_BACKUP_PATH" ]; then
|
|
||||||
mkdir -p "$LOCAL_BACKUP_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$RESTORE_WWW" = true ]; then
|
|
||||||
./restore_path.sh
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
|
||||||
elif [ "$BACKUP_APPS" = true ]; then
|
|
||||||
# if we're not restoring, then we may or may not back up.
|
|
||||||
./backup_path.sh
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
@ -55,8 +36,6 @@ if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then
|
|||||||
# wait for all docker containers to stop.
|
# wait for all docker containers to stop.
|
||||||
# TODO see if there's a way to check for this.
|
# TODO see if there's a way to check for this.
|
||||||
sleep 10
|
sleep 10
|
||||||
|
|
||||||
docker system prune -f
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# generate the certs and grab a backup
|
# generate the certs and grab a backup
|
||||||
@ -64,33 +43,18 @@ if [ "$RUN_CERT_RENEWAL" = true ]; then
|
|||||||
./generate_certs.sh
|
./generate_certs.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Back each domain's certificates under /home/ubuntu/letsencrypt/domain
|
if [ "$BACKUP_CERTS" = true ]; then
|
||||||
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
# Back each domain's certificates under /home/ubuntu/letsencrypt/domain
|
||||||
export DOMAIN_NAME="$DOMAIN_NAME"
|
for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
||||||
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||||
|
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||||
|
|
||||||
# source the site path so we know what features it has.
|
# source the site path so we know what features it has.
|
||||||
source ../../reset_env.sh
|
source ../../reset_env.sh
|
||||||
source "$SITE_PATH/site_definition"
|
source "$SITE_PATH/site_definition"
|
||||||
source ../../domain_env.sh
|
source ../../domain_env.sh
|
||||||
|
|
||||||
# these variable are used by both backup/restore scripts.
|
./backup_path.sh "letsencrypt"
|
||||||
export APP="letsencrypt"
|
done
|
||||||
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOCKER_STACK_SUFFIX"
|
|
||||||
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_HOME/$APP/$DOMAIN_NAME"
|
|
||||||
|
|
||||||
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
|
fi
|
||||||
export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP/$BACKUP_TIMESTAMP"
|
|
||||||
mkdir -p "$LOCAL_BACKUP_PATH"
|
|
||||||
|
|
||||||
if [ "$RESTORE_WWW" = true ]; then
|
|
||||||
sleep 5
|
|
||||||
echo "STARTING restore_path.sh for letsencrypt."
|
|
||||||
./restore_path.sh
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
|
||||||
elif [ "$BACKUP_APPS" = true ]; then
|
|
||||||
# if we're not restoring, then we may or may not back up.
|
|
||||||
./backup_path.sh
|
|
||||||
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
@ -47,17 +47,9 @@ EOL
|
|||||||
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/ghost:/var/lib/ghost/content
|
- ${REMOTE_HOME}/ghost/${DOMAIN_NAME}/${LANGUAGE_CODE}/ghost:/var/lib/ghost/content
|
||||||
environment:
|
environment:
|
||||||
EOL
|
EOL
|
||||||
if [ "$LANGUAGE_CODE" = "en" ]; then
|
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
|
||||||
- url=https://${WWW_FQDN}
|
|
||||||
EOL
|
|
||||||
else
|
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
|
||||||
- url=https://${WWW_FQDN}/${LANGUAGE_CODE}
|
|
||||||
EOL
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||||
|
- url=https://${WWW_FQDN}/${LANGUAGE_CODE}
|
||||||
- database__client=mysql
|
- database__client=mysql
|
||||||
- database__connection__host=${GHOST_DB_STACK_TAG}
|
- database__connection__host=${GHOST_DB_STACK_TAG}
|
||||||
- database__connection__user=ghost
|
- database__connection__user=ghost
|
||||||
|
@ -15,13 +15,17 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
if [ "$DEPLOY_GITEA" = true ]; then
|
if [ "$DEPLOY_GITEA" = true ]; then
|
||||||
GITEA_PATH="$REMOTE_GITEA_PATH/$DOMAIN_NAME/${LANGUAGE_CODE}"
|
GITEA_PATH="$REMOTE_GITEA_PATH/$DOMAIN_NAME/${LANGUAGE_CODE}"
|
||||||
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH/data" "$GITEA_PATH/db"
|
ssh "$PRIMARY_WWW_FQDN" mkdir -p "$GITEA_PATH"
|
||||||
|
|
||||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||||
|
|
||||||
export STACK_TAG="gitea-$STACK_NAME"
|
export STACK_TAG="gitea-$STACK_NAME"
|
||||||
export DB_STACK_TAG="giteadb-$STACK_NAME"
|
export DB_STACK_TAG="giteadb-$STACK_NAME"
|
||||||
export DOCKER_YAML_PATH="$SITE_PATH/webstack/gitea-en.yml"
|
|
||||||
|
# todo append domain number or port number.
|
||||||
|
WEBSTACK_PATH="$SITE_PATH/webstack"
|
||||||
|
mkdir -p "$WEBSTACK_PATH" "$WEBSTACK_PATH/data" "$WEBSTACK_PATH/db"
|
||||||
|
export DOCKER_YAML_PATH="$WEBSTACK_PATH/gitea-en.yml"
|
||||||
|
|
||||||
NET_NAME="giteanet-$DOCKER_STACK_SUFFIX"
|
NET_NAME="giteanet-$DOCKER_STACK_SUFFIX"
|
||||||
DBNET_NAME="giteadbnet-$DOCKER_STACK_SUFFIX"
|
DBNET_NAME="giteadbnet-$DOCKER_STACK_SUFFIX"
|
||||||
|
@ -1,10 +1,6 @@
|
|||||||
|
|
||||||
|
|
||||||
if [ "$DEPLOY_NEXTCLOUD" = true ]; then
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/data"
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/db/logs"
|
|
||||||
ssh "$PRIMARY_WWW_FQDN" "mkdir -p $REMOTE_NEXTCLOUD_PATH/html"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -170,7 +170,8 @@ EOL
|
|||||||
# this map allows us to route the clients request to the correct Ghost instance
|
# this map allows us to route the clients request to the correct Ghost instance
|
||||||
# based on the clients browser language setting.
|
# based on the clients browser language setting.
|
||||||
map \$http_accept_language \$lang {
|
map \$http_accept_language \$lang {
|
||||||
default "";
|
default "en";
|
||||||
|
~en en;
|
||||||
~es es;
|
~es es;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -191,13 +192,13 @@ EOL
|
|||||||
|
|
||||||
# catch all; send request to ${WWW_FQDN}
|
# catch all; send request to ${WWW_FQDN}
|
||||||
location / {
|
location / {
|
||||||
return 301 https://${WWW_FQDN}\$request_uri;
|
return 301 https://${WWW_FQDN}/\$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
|
|
||||||
if [ "$DEPLOY_NOSTR_RELAY" = true ]; then
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
# We return a JSON object with name/pubkey mapping per NIP05.
|
# We return a JSON object with name/pubkey mapping per NIP05.
|
||||||
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
|
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
|
||||||
@ -293,20 +294,20 @@ EOL
|
|||||||
# EOL
|
# EOL
|
||||||
# fi
|
# fi
|
||||||
|
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
# if the client is accesssing https://${WWW_FQDN}/ , then we check the client
|
||||||
|
# langauge header and send them to the correct ghost instance based on language
|
||||||
|
location / {
|
||||||
|
rewrite (.*) \$1/\$lang;
|
||||||
|
}
|
||||||
|
|
||||||
|
EOL
|
||||||
|
|
||||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||||
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
STACK_NAME="$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE"
|
||||||
|
|
||||||
if [ "$LANGUAGE_CODE" = en ]; then
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
location ~ ^/(ghost/|p/|private/) {
|
|
||||||
EOL
|
|
||||||
else
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
location ~ ^/${LANGUAGE_CODE}/(ghost/|p/|private/) {
|
|
||||||
EOL
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
location ~ ^/${LANGUAGE_CODE}/(ghost/|p/|private/) {
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
proxy_set_header Host \$http_host;
|
proxy_set_header Host \$http_host;
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
@ -314,41 +315,16 @@ EOL
|
|||||||
proxy_intercept_errors on;
|
proxy_intercept_errors on;
|
||||||
proxy_pass http://ghost-${STACK_NAME}:2368;
|
proxy_pass http://ghost-${STACK_NAME}:2368;
|
||||||
}
|
}
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
ROOT_SITE_LANGUAGE_CODES="$SITE_LANGUAGE_CODES"
|
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||||
for LANGUAGE_CODE in ${ROOT_SITE_LANGUAGE_CODES//,/ }; do
|
|
||||||
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
# Location block to back https://${WWW_FQDN}/${LANGUAGE_CODE} or https://${WWW_FQDN}/ if english.
|
# Location block to back https://${WWW_FQDN}/${LANGUAGE_CODE}
|
||||||
EOL
|
|
||||||
|
|
||||||
if [ "$LANGUAGE_CODE" = en ]; then
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
location / {
|
|
||||||
EOL
|
|
||||||
if (( "$LANGUAGE_CODE_COUNT" > 1 )); then
|
|
||||||
# we only need this clause if we know there is more than once lanuage being rendered.
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
# Redirect the user to the correct language using the map above.
|
|
||||||
if ( \$http_accept_language !~* '^en(.*)\$' ) {
|
|
||||||
#rewrite (.*) \$1/\$lang;
|
|
||||||
return 302 https://${WWW_FQDN}/\$lang;
|
|
||||||
}
|
|
||||||
|
|
||||||
EOL
|
|
||||||
fi
|
|
||||||
|
|
||||||
else
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
location /${LANGUAGE_CODE} {
|
location /${LANGUAGE_CODE} {
|
||||||
EOL
|
#set_from_accept_language \$lang en es;
|
||||||
fi
|
|
||||||
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
proxy_set_header Host \$http_host;
|
proxy_set_header Host \$http_host;
|
||||||
|
|
||||||
@ -386,37 +362,18 @@ EOL
|
|||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
# this is the closing server block for the ghost HTTPS segment
|
# this is the closing server block for the ghost HTTPS segment
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
# TODO this MIGHT be part of the solution for Twitter Cards.
|
|
||||||
# location /contents {
|
|
||||||
# resolver 127.0.0.11 ipv6=off valid=5m;
|
|
||||||
# proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
# proxy_set_header Host \$http_host;
|
|
||||||
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
# proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
# proxy_intercept_errors on;
|
|
||||||
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
|
|
||||||
# }
|
|
||||||
# this piece is for GITEA.
|
# this piece is for GITEA.
|
||||||
|
|
||||||
if [ "$DEPLOY_GITEA" = true ]; then
|
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
# TLS listener for ${GITEA_FQDN}
|
# TLS listener for ${GITEA_FQDN}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
|
||||||
ssl_certificate_key $CONTAINER_TLS_PATH/privkey.pem;
|
|
||||||
ssl_trusted_certificate $CONTAINER_TLS_PATH/fullchain.pem;
|
|
||||||
|
|
||||||
server_name ${GITEA_FQDN};
|
server_name ${GITEA_FQDN};
|
||||||
|
|
||||||
@ -429,12 +386,25 @@ EOL
|
|||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
proxy_set_header X-NginX-Proxy true;
|
proxy_set_header X-NginX-Proxy true;
|
||||||
|
|
||||||
proxy_pass http://gitea-${DOCKER_STACK_SUFFIX}-en:3000;
|
proxy_pass http://gitea:3000;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
fi
|
|
||||||
|
done
|
||||||
|
|
||||||
|
# TODO this MIGHT be part of the solution for Twitter Cards.
|
||||||
|
# location /contents {
|
||||||
|
# resolver 127.0.0.11 ipv6=off valid=5m;
|
||||||
|
# proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
# proxy_set_header Host \$http_host;
|
||||||
|
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
|
# proxy_intercept_errors on;
|
||||||
|
# proxy_pass http://ghost-${DOCKER_STACK_SUFFIX}-${SITE_LANGUAGE_CODES}::2368\$og_prefix\$request_uri;
|
||||||
|
# }
|
||||||
|
|
||||||
|
|
||||||
iteration=$((iteration+1))
|
iteration=$((iteration+1))
|
||||||
done
|
done
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -euox
|
set -eux
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
#https://github.com/fiatjaf/expensive-relay
|
#https://github.com/fiatjaf/expensive-relay
|
||||||
@ -27,28 +27,22 @@ EOL
|
|||||||
source "$SITE_PATH/site_definition"
|
source "$SITE_PATH/site_definition"
|
||||||
source ../../../domain_env.sh
|
source ../../../domain_env.sh
|
||||||
|
|
||||||
|
# for each language specified in the site_definition, we spawn a separate ghost container
|
||||||
|
# at https://www.domain.com/$LANGUAGE_CODE
|
||||||
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
for LANGUAGE_CODE in ${SITE_LANGUAGE_CODES//,/ }; do
|
||||||
# We create another ghost instance under /
|
|
||||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||||
- ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
|
- ghostnet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
if [ "$LANGUAGE_CODE" = en ]; then
|
|
||||||
if [ "$DEPLOY_GITEA" = "true" ]; then
|
|
||||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
|
||||||
- giteanet-$DOCKER_STACK_SUFFIX-en
|
|
||||||
EOL
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ "$DEPLOY_GITEA" = true ]; then
|
||||||
|
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||||
|
- giteanet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE
|
||||||
|
EOL
|
||||||
|
fi
|
||||||
|
|
||||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||||
volumes:
|
volumes:
|
||||||
@ -98,7 +92,7 @@ EOL
|
|||||||
|
|
||||||
if [ "$DEPLOY_GITEA" = true ]; then
|
if [ "$DEPLOY_GITEA" = true ]; then
|
||||||
cat >> "$DOCKER_YAML_PATH" <<EOL
|
cat >> "$DOCKER_YAML_PATH" <<EOL
|
||||||
giteanet-$DOCKER_STACK_SUFFIX-en:
|
giteanet-$DOCKER_STACK_SUFFIX-$LANGUAGE_CODE:
|
||||||
attachable: true
|
attachable: true
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
@ -24,6 +24,3 @@ UNIX_BACKUP_TIMESTAMP="$(date +%s)"
|
|||||||
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
export BACKUP_TIMESTAMP="$BACKUP_TIMESTAMP"
|
||||||
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
export UNIX_BACKUP_TIMESTAMP="$UNIX_BACKUP_TIMESTAMP"
|
||||||
export DOCKER_STACK_SUFFIX="${DOMAIN_NAME//./-}"
|
export DOCKER_STACK_SUFFIX="${DOMAIN_NAME//./-}"
|
||||||
export LANGUAGE_CODE_COUNT=$(("$(echo "$SITE_LANGUAGE_CODES" | tr -cd , | wc -c)"+1))
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ export DUPLICITY_BACKUP_PASSPHRASE=
|
|||||||
export BTCPAY_HOSTNAME_IN_CERT=
|
export BTCPAY_HOSTNAME_IN_CERT=
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
export DEPLOY_NEXTCLOUD=true
|
export DEPLOY_NEXTCLOUD=true
|
||||||
export DEPLOY_NOSTR_RELAY=false
|
export DEPLOY_NOSTR=false
|
||||||
export NOSTR_ACCOUNT_PUBKEY=
|
export NOSTR_ACCOUNT_PUBKEY=
|
||||||
export DEPLOY_GITEA=false
|
export DEPLOY_GITEA=false
|
||||||
export DEPLOY_ONION_SITE=false
|
export DEPLOY_ONION_SITE=false
|
||||||
|
Loading…
Reference in New Issue
Block a user