README.md

@@ -1 +1 @@
-Some scripts to automate VPS setup
+Scripts to automate VPS setup and maintenance

cert/clientRenew

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/renewCertbot

cert/clientSetup

@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
 brew install certbot

cert/vpsRenew

@@ -0,0 +1,23 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+ACME_FILE=$1
+ACME_VALUE=$2
+
+if [ -z "$ACME_FILE" ] || [ -z "$ACME_VALUE" ]; then
+  echo "Usage: $0 ACME_FILE ACME_VALUE"
+  exit 1
+fi
+
+ACME_DIR="/var/www/html/.well-known/acme-challenge"
+
+STEP=0
+source $T/ensureRootUser
+source $T/copyNginxACMEConfig
+source $T/restartNginx
+source $T/createACMEChallenge
+source $T/waitForReturnKey
+source $T/deleteACMEChallenge
+source $T/copyNginxProdConfig
+source $T/restartNginx

nginx.setup

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-apt install nginx
-cp nginx/cfg /etc/nginx/sites-enabled/default
-systemctl restart nginx

nginx/acme.cfg

@@ -0,0 +1,10 @@
+# Serve only through HTTP while updating the certificate
+server {
+  listen 80;
+  server_name kornerr.ru;
+  root /var/www/html;
+
+  location / {
+    try_files $uri $uri/ =404;
+  }
+}

nginx/prod.cfg

@@ -5,6 +5,7 @@ server {
   return 301 https://$server_name$request_uri;
 }
 
+# Serve through HTTPS only
 server {
   listen 443 ssl;
   server_name kornerr.ru;

nginx/setup

@@ -0,0 +1,9 @@
+#!/bin/bash -e
+SDIR=$(cd "$(dirname "$0")" ; pwd -P)
+T=$SDIR/../step
+
+STEP=0
+source $T/ensureRootUser
+source $T/installNginx
+source $T/copyNginxProdConfig
+source $T/restartNginx

publish.dbg

@@ -15,7 +15,9 @@ fi
 # Get the latest changes
 cd $REPO_DIR
 git checkout -f $MAIN_BRANCH
+git clean -fd
 git fetch --all
+git pull
 
 # Find out the latest commit in the whole repo
 #git branch -av --sort=-committerdate

publish.prod

@@ -13,3 +13,4 @@ rsync -aivc --delete $DBG_DIR/ $DST_DIR
 cd $DST_DIR
 ln -s ../cbr
 ln -s ../dbg
+ln -s ../vid

step/copyNginxACMEConfig

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME"
+cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default

step/copyNginxProdConfig

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx"
+cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default

step/createACMEChallenge

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Создаём файл проверки для ACME"
+mkdir -p $ACME_DIR
+echo "$ACME_VALUE" > "$ACME_DIR/$ACME_FILE"

step/deleteACMEChallenge

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Удаляем файл проверки для ACME"
+rm $ACME_DIR/$ACME_FILE
+rmdir $ACME_DIR

step/ensureRootUser

@@ -0,0 +1,9 @@
+#!/bin/bash
+# https://askubuntu.com/a/15856
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root"
+if [[ $EUID -ne 0 ]]; then
+   echo "ОШИБКА: Перезапустите как root"
+   exit 1
+fi

step/installNginx

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx"
+apt install nginx

step/renewCertbot

@@ -1,3 +1,6 @@
-#!/bin/bash
+#!/bin/bash -e
 # https://habr.com/ru/articles/735712/
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Просим certbot обновить"
 certbot certonly --manual --preferred-challenges http -d "kornerr.ru"

step/restartNginx

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx"
+systemctl restart nginx

step/waitForReturnKey

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+STEP=$((STEP+1))
+echo -e "\n> > > > Шаг №$STEP. Ожидаем нажатия клавиши Return"
+read -p "Нажмите Return..."