-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.sh
48 lines (38 loc) · 1.46 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash
cd $1/
mv script/* ./
source ./.env
echo "IP ADDR $IP"
# test that docker-compose and docker are installed
apt update;
apt install docker-compose docker ufw certbot;
ufw disable
#configure firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 443/tcp
mkdir -p certs
# Comment if using LetsEncrypt
# openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
# -subj "/C=US/ST=UT/L=Orem/O=Altamir/CN=$DOMAIN" \
# -keyout certs/certificate.key -out certs/certificate.cert
# export SSL_CERT_LOCATION=/opt/certs/certificate.cert
# export SSL_KEY_LOCATION=/opt/certs/certificate.key
source ./.env
export DOMAIN_NAME=$DOMAIN
# Uncomment for LetsEncrypt certification
certbot certonly --standalone -n -d $DOMAIN --email $DOMAIN_CONTACT --agree-tos;
export SSL_CERT_LOCATION=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
export SSL_KEY_LOCATION=/etc/letsencrypt/live/$DOMAIN/privkey.pem
crontab -l | { cat; echo "@daily certbot renew --pre-hook \"docker-compose -f $LOCATION/docker-compose.yml down\" --post-hook \"docker-compose -f $LOCATION/docker-compose.yml up -d\""; } | crontab -
envsubst '\$DOMAIN_NAME \$SSL_CERT_LOCATION \$SSL_KEY_LOCATION \$APPLICATION_PORT' < nginx.default.conf > nginx.conf;
cat nginx.conf;
systemctl start docker;
systemctl enable docker;
#if the system was unable to start docker, restart
# ! systemctl is-active --quiet docker && exit 1;
docker-compose down
docker-compose up -d
ufw --force enable
exit;