diff --git a/README.md b/README.md index a88e335..e1dd4d1 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -Some scripts to automate VPS setup +Scripts to automate VPS setup and maintenance diff --git a/cert/clientRenew b/cert/clientRenew new file mode 100755 index 0000000..99c8fd3 --- /dev/null +++ b/cert/clientRenew @@ -0,0 +1,7 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/renewCertbot diff --git a/cert.setup b/cert/clientSetup similarity index 80% rename from cert.setup rename to cert/clientSetup index a2323f6..eecff6e 100755 --- a/cert.setup +++ b/cert/clientSetup @@ -1,3 +1,3 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ brew install certbot diff --git a/cert/vpsRenew b/cert/vpsRenew new file mode 100755 index 0000000..86eb0a9 --- /dev/null +++ b/cert/vpsRenew @@ -0,0 +1,23 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +ACME_FILE=$1 +ACME_VALUE=$2 + +if [ -z "$ACME_FILE" ] || [ -z "$ACME_VALUE" ]; then + echo "Usage: $0 ACME_FILE ACME_VALUE" + exit 1 +fi + +ACME_DIR="/var/www/html/.well-known/acme-challenge" + +STEP=0 +source $T/ensureRootUser +source $T/copyNginxACMEConfig +source $T/restartNginx +source $T/createACMEChallenge +source $T/waitForReturnKey +source $T/deleteACMEChallenge +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/nginx.setup b/nginx.setup deleted file mode 100755 index 4fc31be..0000000 --- a/nginx.setup +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -apt install nginx -cp nginx/cfg /etc/nginx/sites-enabled/default -systemctl restart nginx diff --git a/nginx/acme.cfg b/nginx/acme.cfg new file mode 100644 index 0000000..043ea19 --- /dev/null +++ b/nginx/acme.cfg @@ -0,0 +1,10 @@ +# Serve only through HTTP while updating the certificate +server { + listen 80; + server_name kornerr.ru; + root /var/www/html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/nginx/cfg b/nginx/prod.cfg similarity index 97% rename from nginx/cfg rename to nginx/prod.cfg index c065037..c2e7549 100644 --- a/nginx/cfg +++ b/nginx/prod.cfg @@ -5,6 +5,7 @@ server { return 301 https://$server_name$request_uri; } +# Serve through HTTPS only server { listen 443 ssl; server_name kornerr.ru; diff --git a/nginx/setup b/nginx/setup new file mode 100755 index 0000000..b2d36bb --- /dev/null +++ b/nginx/setup @@ -0,0 +1,9 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/installNginx +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/publish.dbg b/publish.dbg index 4a3d5ae..7c11484 100755 --- a/publish.dbg +++ b/publish.dbg @@ -15,7 +15,9 @@ fi # Get the latest changes cd $REPO_DIR git checkout -f $MAIN_BRANCH +git clean -fd git fetch --all +git pull # Find out the latest commit in the whole repo #git branch -av --sort=-committerdate diff --git a/publish.prod b/publish.prod index ec07515..8271b35 100755 --- a/publish.prod +++ b/publish.prod @@ -13,3 +13,4 @@ rsync -aivc --delete $DBG_DIR/ $DST_DIR cd $DST_DIR ln -s ../cbr ln -s ../dbg +ln -s ../vid diff --git a/step/copyNginxACMEConfig b/step/copyNginxACMEConfig new file mode 100644 index 0000000..124a7d1 --- /dev/null +++ b/step/copyNginxACMEConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME" +cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default diff --git a/step/copyNginxProdConfig b/step/copyNginxProdConfig new file mode 100644 index 0000000..01ef89f --- /dev/null +++ b/step/copyNginxProdConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx" +cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default diff --git a/step/createACMEChallenge b/step/createACMEChallenge new file mode 100644 index 0000000..4beee79 --- /dev/null +++ b/step/createACMEChallenge @@ -0,0 +1,6 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Создаём файл проверки для ACME" +mkdir -p $ACME_DIR +echo "$ACME_VALUE" > "$ACME_DIR/$ACME_FILE" diff --git a/step/deleteACMEChallenge b/step/deleteACMEChallenge new file mode 100644 index 0000000..e4a19fa --- /dev/null +++ b/step/deleteACMEChallenge @@ -0,0 +1,6 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Удаляем файл проверки для ACME" +rm $ACME_DIR/$ACME_FILE +rmdir $ACME_DIR diff --git a/step/ensureRootUser b/step/ensureRootUser new file mode 100644 index 0000000..c63ca65 --- /dev/null +++ b/step/ensureRootUser @@ -0,0 +1,9 @@ +#!/bin/bash +# https://askubuntu.com/a/15856 + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root" +if [[ $EUID -ne 0 ]]; then + echo "ОШИБКА: Перезапустите как root" + exit 1 +fi diff --git a/step/installNginx b/step/installNginx new file mode 100644 index 0000000..5b39d75 --- /dev/null +++ b/step/installNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx" +apt install nginx diff --git a/cert.renew b/step/renewCertbot old mode 100755 new mode 100644 similarity index 50% rename from cert.renew rename to step/renewCertbot index e5907d4..c8bb52f --- a/cert.renew +++ b/step/renewCertbot @@ -1,3 +1,6 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Просим certbot обновить" certbot certonly --manual --preferred-challenges http -d "kornerr.ru" diff --git a/step/restartNginx b/step/restartNginx new file mode 100644 index 0000000..328fa9a --- /dev/null +++ b/step/restartNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx" +systemctl restart nginx diff --git a/step/waitForReturnKey b/step/waitForReturnKey new file mode 100644 index 0000000..a8bcbe7 --- /dev/null +++ b/step/waitForReturnKey @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Ожидаем нажатия клавиши Return" +read -p "Нажмите Return..."