diff --git a/Makefile b/Makefile index 3914a4f..e37a6a0 100644 --- a/Makefile +++ b/Makefile @@ -13,9 +13,8 @@ CONTAINER_NAME = $(COMPOSE_PROJECT)-$(SERVICE)-1 ENV_REQUIRED := TELEGRAM_API_KEY CLIENT_TELEGRAM_API_KEY POSTGRES_DB POSTGRES_USER POSTGRES_PASSWORD DATABASE_URL SANIC_PORT BACKEND_HTTP_PORT # Derive external domain and ports from .env for nginx/bootstrap helpers. -# PUBLIC_HOST may look like https://my-public-node-103.projscale.dev or be empty. -PUBLIC_HOST_RAW := $(shell awk -F= '$$1=="PUBLIC_HOST"{print $$2}' $(ENV_FILE) 2>/dev/null | tail -n1) -DOMAIN_FROM_ENV := $(shell printf '%s\n' "$(PUBLIC_HOST_RAW)" | sed -E 's#^https?://##; s#/.*$$##') +# PUBLIC_HOST may look like "https://my-public-node-103.projscale.dev" or have whitespace. +DOMAIN_FROM_ENV := $(shell awk -F= '$$1=="PUBLIC_HOST"{print $$2}' $(ENV_FILE) 2>/dev/null | tail -n1 | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$$//; s#^https?://##; s#/.*$$##') DOMAIN ?= $(DOMAIN_FROM_ENV) BACKEND_HTTP_PORT ?= $(shell awk -F= '$$1=="BACKEND_HTTP_PORT"{print $$2}' $(ENV_FILE) 2>/dev/null | tail -n1) FRONTEND_HTTP_PORT ?= $(shell awk -F= '$$1=="FRONTEND_HTTP_PORT"{print $$2}' $(ENV_FILE) 2>/dev/null | tail -n1) @@ -137,9 +136,9 @@ nuke destroy: # # This target: # - Validates that DOMAIN and ports are known (PUBLIC_HOST/BACKEND_HTTP_PORT/FRONTEND_HTTP_PORT/TUSD_HTTP_PORT) -# - Renders /etc/nginx/sites-available/$(DOMAIN).conf from configs/nginx.conf with the correct domain/ports -# - Enables the site and reloads nginx -# - Optionally runs certbot --nginx if available to obtain TLS certificates +# - Stops nginx, obtains/renews a certificate via certbot --standalone (port 80) +# - Renders /etc/nginx/conf.d/$(DOMAIN).conf from configs/nginx.conf with the correct domain/ports +# - Starts nginx with the new vhost config setup-nginx: @if [ "$$(id -u)" -ne 0 ]; then \ echo "setup-nginx must be run as root (to write /etc/nginx and run certbot)"; \ @@ -160,14 +159,28 @@ setup-nginx: echo "Ensure ./start.sh finished and .env contains these ports, then retry." >&2; \ exit 1; \ fi - @echo "Configuring nginx for domain $(DOMAIN) ..." + @echo "Configuring nginx for domain '$(DOMAIN)' ..." @echo " Backend HTTP port: $(BACKEND_HTTP_PORT)" @echo " Frontend HTTP port: $(FRONTEND_HTTP_PORT)" @echo " tusd HTTP port: $(TUSD_HTTP_PORT)" + @if ! command -v nginx >/dev/null 2>&1; then \ + echo "nginx binary not found; install nginx (e.g. 'apt install nginx') and retry." >&2; \ + exit 1; \ + fi @nginx_conf="/etc/nginx/conf.d/$(DOMAIN).conf"; \ mkdir -p /etc/nginx/conf.d; \ - # Render nginx.conf template with actual domain and ports into a dedicated vhost file. - # We do NOT touch the distro's default site; this file will coexist alongside it. + if ! command -v certbot >/dev/null 2>&1; then \ + echo "certbot not found; install it (e.g. 'apt install certbot') and rerun 'make setup-nginx'." >&2; \ + exit 1; \ + fi; \ + echo "Stopping nginx (if running) to free port 80 for certbot ..."; \ + systemctl stop nginx 2>/dev/null || nginx -s stop 2>/dev/null || true; \ + echo "Obtaining/renewing TLS certificate via certbot --standalone for $(DOMAIN) ..."; \ + if ! certbot certonly --standalone -d "$(DOMAIN)"; then \ + echo "certbot failed; cannot proceed with nginx SSL setup. Start nginx manually if needed." >&2; \ + exit 1; \ + fi; \ + echo "Rendering nginx vhost config at $$nginx_conf ..."; \ sed -e 's/my-public-node-8\.projscale\.dev/$(DOMAIN)/g' \ -e 's|/etc/letsencrypt/live/my-public-node-8\.projscale\.dev/|/etc/letsencrypt/live/$(DOMAIN)/|g' \ -e 's/server 127\.0\.0\.1:13200;/server 127.0.0.1:$(BACKEND_HTTP_PORT);/' \ @@ -175,15 +188,9 @@ setup-nginx: -e 's/server 127\.0\.0\.1:13400;/server 127.0.0.1:$(TUSD_HTTP_PORT);/' \ "$(CURDIR)/nginx.conf" > "$$nginx_conf"; \ if ! nginx -t; then \ - echo "nginx configuration test failed; not reloading." >&2; \ + echo "nginx configuration test failed; not starting nginx." >&2; \ exit 1; \ fi; \ - systemctl reload nginx || nginx -s reload || true; \ - if command -v certbot >/dev/null 2>&1; then \ - echo "Attempting to obtain/renew TLS certificate via certbot for $(DOMAIN) ..."; \ - certbot --nginx -d "$(DOMAIN)" || echo "certbot failed or was cancelled; ensure certificates are configured manually."; \ - else \ - echo "certbot not found; install certbot (e.g. 'apt install certbot python3-certbot-nginx') and run:"; \ - echo " certbot --nginx -d $(DOMAIN)"; \ - fi; \ + echo "Starting nginx with new configuration ..."; \ + systemctl start nginx 2>/dev/null || nginx || true; \ echo "Nginx setup for $(DOMAIN) complete. Verify HTTPS availability in a browser."