From 3025f3c2d86ccaef5690c81399525274bfacd33d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB=20=D0=9A=D0=B0=D0=BF?= =?UTF-8?q?=D0=B5=D0=BB=D1=8C=D0=BA=D0=BE?= Date: Sat, 24 Jan 2026 05:01:42 +0100 Subject: [PATCH] 25K4 (#7) --- README.md | 2 +- cert/clientRenew | 7 +++++++ cert.setup => cert/clientSetup | 2 +- cert/vpsRenew | 23 +++++++++++++++++++++++ nginx.setup | 5 ----- nginx/acme.cfg | 10 ++++++++++ nginx/{cfg => prod.cfg} | 1 + nginx/setup | 9 +++++++++ publish.dbg | 3 +++ publish.prod | 1 + publish.setup | 2 +- squid/cfg | 2 +- step/copyNginxACMEConfig | 5 +++++ step/copyNginxProdConfig | 5 +++++ step/createACMEChallenge | 6 ++++++ step/deleteACMEChallenge | 6 ++++++ step/ensureRootUser | 9 +++++++++ step/installNginx | 5 +++++ cert.renew => step/renewCertbot | 5 ++++- step/restartNginx | 5 +++++ step/waitForReturnKey | 5 +++++ 21 files changed, 108 insertions(+), 10 deletions(-) create mode 100755 cert/clientRenew rename cert.setup => cert/clientSetup (80%) create mode 100755 cert/vpsRenew delete mode 100755 nginx.setup create mode 100644 nginx/acme.cfg rename nginx/{cfg => prod.cfg} (97%) create mode 100755 nginx/setup create mode 100644 step/copyNginxACMEConfig create mode 100644 step/copyNginxProdConfig create mode 100644 step/createACMEChallenge create mode 100644 step/deleteACMEChallenge create mode 100644 step/ensureRootUser create mode 100644 step/installNginx rename cert.renew => step/renewCertbot (50%) mode change 100755 => 100644 create mode 100644 step/restartNginx create mode 100644 step/waitForReturnKey diff --git a/README.md b/README.md index a88e335..e1dd4d1 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -Some scripts to automate VPS setup +Scripts to automate VPS setup and maintenance diff --git a/cert/clientRenew b/cert/clientRenew new file mode 100755 index 0000000..99c8fd3 --- /dev/null +++ b/cert/clientRenew @@ -0,0 +1,7 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/renewCertbot diff --git a/cert.setup b/cert/clientSetup similarity index 80% rename from cert.setup rename to cert/clientSetup index a2323f6..eecff6e 100755 --- a/cert.setup +++ b/cert/clientSetup @@ -1,3 +1,3 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ brew install certbot diff --git a/cert/vpsRenew b/cert/vpsRenew new file mode 100755 index 0000000..86eb0a9 --- /dev/null +++ b/cert/vpsRenew @@ -0,0 +1,23 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +ACME_FILE=$1 +ACME_VALUE=$2 + +if [ -z "$ACME_FILE" ] || [ -z "$ACME_VALUE" ]; then + echo "Usage: $0 ACME_FILE ACME_VALUE" + exit 1 +fi + +ACME_DIR="/var/www/html/.well-known/acme-challenge" + +STEP=0 +source $T/ensureRootUser +source $T/copyNginxACMEConfig +source $T/restartNginx +source $T/createACMEChallenge +source $T/waitForReturnKey +source $T/deleteACMEChallenge +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/nginx.setup b/nginx.setup deleted file mode 100755 index 4fc31be..0000000 --- a/nginx.setup +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -apt install nginx -cp nginx/cfg /etc/nginx/sites-enabled/default -systemctl restart nginx diff --git a/nginx/acme.cfg b/nginx/acme.cfg new file mode 100644 index 0000000..043ea19 --- /dev/null +++ b/nginx/acme.cfg @@ -0,0 +1,10 @@ +# Serve only through HTTP while updating the certificate +server { + listen 80; + server_name kornerr.ru; + root /var/www/html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/nginx/cfg b/nginx/prod.cfg similarity index 97% rename from nginx/cfg rename to nginx/prod.cfg index c065037..c2e7549 100644 --- a/nginx/cfg +++ b/nginx/prod.cfg @@ -5,6 +5,7 @@ server { return 301 https://$server_name$request_uri; } +# Serve through HTTPS only server { listen 443 ssl; server_name kornerr.ru; diff --git a/nginx/setup b/nginx/setup new file mode 100755 index 0000000..b2d36bb --- /dev/null +++ b/nginx/setup @@ -0,0 +1,9 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/installNginx +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/publish.dbg b/publish.dbg index 4a3d5ae..9d02d69 100755 --- a/publish.dbg +++ b/publish.dbg @@ -15,7 +15,9 @@ fi # Get the latest changes cd $REPO_DIR git checkout -f $MAIN_BRANCH +git clean -fd git fetch --all +git pull # Find out the latest commit in the whole repo #git branch -av --sort=-committerdate @@ -47,4 +49,5 @@ function replace { # Rename references replace $DST_DIR/bank.html "$kmpWas" "$kmpNow" +replace $DST_DIR/budget.html "$kmpWas" "$kmpNow" replace $DST_DIR/quiz.html "$kmpWas" "$kmpNow" diff --git a/publish.prod b/publish.prod index ec07515..8271b35 100755 --- a/publish.prod +++ b/publish.prod @@ -13,3 +13,4 @@ rsync -aivc --delete $DBG_DIR/ $DST_DIR cd $DST_DIR ln -s ../cbr ln -s ../dbg +ln -s ../vid diff --git a/publish.setup b/publish.setup index d863c58..aa527f8 100755 --- a/publish.setup +++ b/publish.setup @@ -1,4 +1,4 @@ #!/bin/bash -CMD="0 20 * * * kornerr /home/kornerr/vps/publish.dbg" +CMD="0 20 * * * root /home/kornerr/vps/publish.dbg" CRON_FILE=/etc/cron.d/dbg echo "$CMD" > $CRON_FILE diff --git a/squid/cfg b/squid/cfg index 621417d..ba54db9 100644 --- a/squid/cfg +++ b/squid/cfg @@ -1,4 +1,4 @@ -acl tul src 83.221.16.86 +acl tul src 37.113.215.50 http_access allow tul http_access deny all http_port 3128 diff --git a/step/copyNginxACMEConfig b/step/copyNginxACMEConfig new file mode 100644 index 0000000..124a7d1 --- /dev/null +++ b/step/copyNginxACMEConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME" +cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default diff --git a/step/copyNginxProdConfig b/step/copyNginxProdConfig new file mode 100644 index 0000000..01ef89f --- /dev/null +++ b/step/copyNginxProdConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx" +cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default diff --git a/step/createACMEChallenge b/step/createACMEChallenge new file mode 100644 index 0000000..4beee79 --- /dev/null +++ b/step/createACMEChallenge @@ -0,0 +1,6 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Создаём файл проверки для ACME" +mkdir -p $ACME_DIR +echo "$ACME_VALUE" > "$ACME_DIR/$ACME_FILE" diff --git a/step/deleteACMEChallenge b/step/deleteACMEChallenge new file mode 100644 index 0000000..e4a19fa --- /dev/null +++ b/step/deleteACMEChallenge @@ -0,0 +1,6 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Удаляем файл проверки для ACME" +rm $ACME_DIR/$ACME_FILE +rmdir $ACME_DIR diff --git a/step/ensureRootUser b/step/ensureRootUser new file mode 100644 index 0000000..c63ca65 --- /dev/null +++ b/step/ensureRootUser @@ -0,0 +1,9 @@ +#!/bin/bash +# https://askubuntu.com/a/15856 + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root" +if [[ $EUID -ne 0 ]]; then + echo "ОШИБКА: Перезапустите как root" + exit 1 +fi diff --git a/step/installNginx b/step/installNginx new file mode 100644 index 0000000..5b39d75 --- /dev/null +++ b/step/installNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx" +apt install nginx diff --git a/cert.renew b/step/renewCertbot old mode 100755 new mode 100644 similarity index 50% rename from cert.renew rename to step/renewCertbot index e5907d4..c8bb52f --- a/cert.renew +++ b/step/renewCertbot @@ -1,3 +1,6 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Просим certbot обновить" certbot certonly --manual --preferred-challenges http -d "kornerr.ru" diff --git a/step/restartNginx b/step/restartNginx new file mode 100644 index 0000000..328fa9a --- /dev/null +++ b/step/restartNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx" +systemctl restart nginx diff --git a/step/waitForReturnKey b/step/waitForReturnKey new file mode 100644 index 0000000..a8bcbe7 --- /dev/null +++ b/step/waitForReturnKey @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Ожидаем нажатия клавиши Return" +read -p "Нажмите Return..."