From 5a158222d7e93674d48993065048e1b9e0f59569 Mon Sep 17 00:00:00 2001 From: user Date: Mon, 14 Jul 2025 22:22:21 +0300 Subject: [PATCH] edit scripts --- MY_NETWORK_V2_DEPLOYMENT_GUIDE.md | 291 ++++++++++++++ deploy_local_production.sh | 453 ++++++++++++++++++++++ deploy_main_bootstrap_node.sh | 551 ++++++++++++++++++++++++++ deploy_regular_node.sh | 620 ++++++++++++++++++++++++++++++ 4 files changed, 1915 insertions(+) create mode 100644 MY_NETWORK_V2_DEPLOYMENT_GUIDE.md create mode 100755 deploy_local_production.sh create mode 100755 deploy_main_bootstrap_node.sh create mode 100755 deploy_regular_node.sh diff --git a/MY_NETWORK_V2_DEPLOYMENT_GUIDE.md b/MY_NETWORK_V2_DEPLOYMENT_GUIDE.md new file mode 100644 index 0000000..374ef2a --- /dev/null +++ b/MY_NETWORK_V2_DEPLOYMENT_GUIDE.md @@ -0,0 +1,291 @@ +# MY Network v2.0 - Deployment Guide + +## 🎯 Обзор + +MY Network v2.0 - это распределенная P2P сеть для репликации контента с Matrix-мониторингом и полной автоматизацией развертывания. + +### Компоненты системы: +- **MY Network Core** - основной P2P протокол (порт 15100) +- **Web2 Client** - веб-интерфейс (порт 3000) +- **Converter Module** - модуль конвертации (порт 8080) +- **Telegram Bots** - клиентский и uploader боты (опционально) + +## 🚀 Типы развертывания + +### 1. Main Bootstrap Node (my-public-node-3.projscale.dev) + +**Назначение:** Главная нода сети, к которой подключаются все остальные ноды. + +**Скрипт:** [`deploy_main_bootstrap_node.sh`](deploy_main_bootstrap_node.sh) + +**Выполнение:** +```bash +# На сервере my-public-node-3.projscale.dev как root: +chmod +x deploy_main_bootstrap_node.sh +./deploy_main_bootstrap_node.sh +``` + +**Что делает:** +- ✅ Устанавливает Docker + Docker Compose +- ✅ Настраивает UFW firewall (22, 80, 443, 15100) +- ✅ Настраивает Nginx reverse proxy +- ✅ Получает SSL сертификат Let's Encrypt +- ✅ Развертывает все компоненты (MY Network + Web Client + Converter) +- ✅ Создает systemd service +- ✅ Настраивает автообновление SSL + +**Результат:** +- 🌐 **Web Interface:** https://my-public-node-3.projscale.dev/ +- 🎛️ **Matrix Dashboard:** https://my-public-node-3.projscale.dev/monitor/ +- ❤️ **Health Check:** https://my-public-node-3.projscale.dev/health +- 🔗 **Bootstrap API:** https://my-public-node-3.projscale.dev/api/bootstrap +- 🔌 **WebSocket:** wss://my-public-node-3.projscale.dev/ws/monitor + +### 2. Regular Node (подключение к сети) + +**Назначение:** Обычная нода, которая подключается к существующей сети. + +**Скрипт:** [`deploy_regular_node.sh`](deploy_regular_node.sh) + +**Выполнение:** +```bash +chmod +x deploy_regular_node.sh +./deploy_regular_node.sh +``` + +**Интерактивная настройка:** +1. **Node Name** - имя ноды (по умолчанию: my-node-timestamp) +2. **Public Domain** - публичный домен (опционально для приватных нод) +3. **Telegram Bot Token** - токен клиентского бота (опционально) +4. **Uploader Bot Token** - токен uploader бота (опционально) + +**Типы нод:** +- **Public Regular Node** - с доменом, SSL, Nginx, веб-интерфейсом +- **Private Regular Node** - только локальный доступ, без публичного домена + +**Что делает:** +- 🔍 Подключается к main bootstrap node +- 📡 Получает конфигурацию сети +- 🐳 Развертывает контейнеры согласно типу ноды +- 🌐 Настраивает публичный доступ (если указан домен) +- 🤖 Включает Telegram ботов (если указаны токены) +- 🔄 Инициирует синхронизацию с сетью + +## 📋 Управление нодами + +### Main Bootstrap Node +```bash +# Просмотр логов +docker-compose -f /opt/my-network-bootstrap/docker-compose.yml logs -f + +# Перезапуск +systemctl restart my-network-main + +# Статус +systemctl status my-network-main + +# Контейнеры +docker-compose ps +``` + +### Regular Node +```bash +# Просмотр логов (замените NODE_NAME на имя вашей ноды) +docker-compose -f /opt/my-network-NODE_NAME/docker-compose.yml logs -f + +# Перезапуск +systemctl restart my-network-NODE_NAME + +# Статус +systemctl status my-network-NODE_NAME +``` + +## 🔧 Конфигурация + +### Основные файлы: +- **`.env`** - переменные окружения +- **`bootstrap_main.json`** / **`bootstrap_regular.json`** - конфигурация ноды +- **`docker-compose.yml`** - конфигурация контейнеров + +### Порты: +- **15100** - MY Network Protocol v2.0 +- **3000** - Web2 Client (только для публичных нод) +- **8080** - Converter Module +- **80/443** - HTTP/HTTPS (Nginx) + +### Firewall (UFW): +```bash +# Основные порты +ufw allow 22/tcp # SSH +ufw allow 80/tcp # HTTP +ufw allow 443/tcp # HTTPS +ufw allow 15100/tcp # MY Network +``` + +## 🌐 Сетевая архитектура + +``` +┌─────────────────────────────────────┐ +│ Main Bootstrap Node │ +│ my-public-node-3.projscale.dev │ +│ │ +│ ┌─────────────┐ ┌─────────────┐ │ +│ │ MY Network │ │ Web Client │ │ +│ │ :15100 │ │ :3000 │ │ +│ └─────────────┘ └─────────────┘ │ +│ ┌─────────────┐ ┌─────────────┐ │ +│ │ Converter │ │ Nginx+SSL │ │ +│ │ :8080 │ │ :80/:443 │ │ +│ └─────────────┘ └─────────────┘ │ +└─────────────────────────────────────┘ + │ + │ Bootstrap API + │ + ┌─────────┼─────────┐ + │ │ │ +┌───▼───┐ ┌───▼───┐ ┌───▼───┐ +│Regular│ │Regular│ │Regular│ +│Node 1 │ │Node 2 │ │Node N │ +│ │ │ │ │ │ +│Public │ │Private│ │Public │ +└───────┘ └───────┘ └───────┘ +``` + +## 🔒 Безопасность + +### SSL/TLS: +- Автоматическое получение сертификатов Let's Encrypt +- Автообновление сертификатов (cron job) +- HTTPS редирект для всех публичных нод + +### Firewall: +- UFW настроен для минимального доступа +- Только необходимые порты открыты +- Защита от DDoS на уровне Nginx + +### Аутентификация: +- JWT токены для API +- Шифрование P2P соединений +- Rate limiting для API endpoints + +## 🤖 Telegram Боты + +### Клиентский бот: +- Взаимодействие с пользователями +- Просмотр контента +- Управление аккаунтом + +### Uploader бот: +- Загрузка контента в сеть +- Конвертация файлов +- Управление метаданными + +### Настройка: +```bash +# В .env файле ноды: +TELEGRAM_BOT_TOKEN=your_client_bot_token +UPLOADER_BOT_TOKEN=your_uploader_bot_token +``` + +## 📊 Мониторинг + +### Matrix Dashboard: +- Real-time статистика сети +- Информация о пирах +- Статус синхронизации +- WebSocket обновления + +### Endpoints: +- **Health:** `/health` +- **Metrics:** `/api/metrics` +- **Dashboard:** `/api/my/monitor/` +- **WebSocket:** `/api/my/monitor/ws` + +## 🔄 Синхронизация + +### Процесс подключения новой ноды: +1. Подключение к bootstrap node +2. Получение списка активных пиров +3. Установка P2P соединений +4. Синхронизация данных +5. Регистрация в сети + +### Интервалы: +- **Sync Interval:** 30 секунд (regular) / 15 секунд (main) +- **Discovery Interval:** 60 секунд (regular) / 30 секунд (main) +- **Connection Timeout:** 30 секунд + +## 🛠️ Troubleshooting + +### Проблемы с подключением: +```bash +# Проверка доступности bootstrap node +curl -f https://my-public-node-3.projscale.dev/health + +# Проверка локального health check +curl -f http://localhost:15100/health +``` + +### Проблемы с SSL: +```bash +# Проверка сертификата +certbot certificates + +# Обновление сертификата +certbot renew --dry-run +``` + +### Проблемы с Docker: +```bash +# Перезапуск контейнеров +docker-compose down && docker-compose up -d --build + +# Просмотр логов +docker-compose logs -f +``` + +## 📁 Структура файлов + +``` +/opt/my-network-*/ +├── .env # Переменные окружения +├── bootstrap_*.json # Конфигурация ноды +├── docker-compose.yml # Docker конфигурация +├── data/ # База данных +├── logs/ # Логи приложения +├── app/ # Исходный код +├── web2-client/ # Веб-клиент +└── converter-module/ # Модуль конвертации +``` + +## ✅ Проверка развертывания + +### Main Bootstrap Node: +```bash +# Проверка всех endpoints +curl -f https://my-public-node-3.projscale.dev/health +curl -f https://my-public-node-3.projscale.dev/api/bootstrap +curl -f https://my-public-node-3.projscale.dev/monitor/ +``` + +### Regular Node: +```bash +# Локальная проверка +curl -f http://localhost:15100/health + +# Публичная проверка (если есть домен) +curl -f https://your-domain.com/health +``` + +## 🎉 Заключение + +MY Network v2.0 предоставляет полную автоматизацию развертывания распределенной P2P сети с возможностью: + +- ⚡ Быстрого развертывания main bootstrap node +- 🔧 Гибкой настройки regular нод +- 🤖 Опциональных Telegram ботов +- 🌐 Публичного и приватного доступа +- 🔒 Автоматической настройки SSL +- 📊 Real-time мониторинга + +**Готово к production использованию!** \ No newline at end of file diff --git a/deploy_local_production.sh b/deploy_local_production.sh new file mode 100755 index 0000000..f0bb8c9 --- /dev/null +++ b/deploy_local_production.sh @@ -0,0 +1,453 @@ +#!/bin/bash + +# =========================== +# MY Network v2.0 Local Production Deployment Script +# For execution directly on my-public-node-3.projscale.dev as root +# =========================== + +set -e + +echo "==================================================" +echo "🚀 MY NETWORK v2.0 LOCAL PRODUCTION DEPLOYMENT" +echo "Running directly on: my-public-node-3.projscale.dev" +echo "==================================================" + +# =========================== +# CONFIGURATION +# =========================== +PRODUCTION_HOST="my-public-node-3.projscale.dev" +MY_NETWORK_PORT="15100" +PROJECT_NAME="my-uploader-bot" +DOMAIN="my-public-node-3.projscale.dev" +INSTALL_DIR="/opt/$PROJECT_NAME" +CURRENT_DIR=$(pwd) + +echo "" +echo "=== CONFIGURATION ===" +echo "Host: $PRODUCTION_HOST" +echo "MY Network Port: $MY_NETWORK_PORT" +echo "Domain: $DOMAIN" +echo "Install Directory: $INSTALL_DIR" +echo "Current Directory: $CURRENT_DIR" + +# =========================== +# PRODUCTION .ENV GENERATION +# =========================== +echo "" +echo "=== 1. CREATING PRODUCTION .ENV ===" + +cat > .env.production << EOF +# MY Network v2.0 Production Configuration +MY_NETWORK_VERSION=v2.0 +MY_NETWORK_PORT=15100 +MY_NETWORK_HOST=0.0.0.0 + +# Production Database +DATABASE_URL=sqlite+aiosqlite:///./data/my_network_production.db +DB_TYPE=sqlite + +# Security (CHANGE THESE IN PRODUCTION!) +SECRET_KEY=$(openssl rand -hex 32) +JWT_SECRET=$(openssl rand -hex 32) + +# API Configuration +API_VERSION=v1 +DEBUG=false + +# Bootstrap Configuration +BOOTSTRAP_CONFIG_PATH=bootstrap.json + +# Monitoring +ENABLE_MONITORING=true +MONITORING_THEME=matrix + +# Network Settings +MAX_PEERS=100 +SYNC_INTERVAL=30 +PEER_DISCOVERY_INTERVAL=60 + +# Production Settings +ENVIRONMENT=production +LOG_LEVEL=INFO +HOST_DOMAIN=$DOMAIN +EXTERNAL_URL=https://$DOMAIN + +# SSL Configuration +SSL_ENABLED=true +SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem +SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem +EOF + +echo "✅ Production .env created" + +# =========================== +# PRODUCTION BOOTSTRAP CONFIG +# =========================== +echo "" +echo "=== 2. CREATING PRODUCTION BOOTSTRAP CONFIG ===" + +cat > bootstrap.production.json << EOF +{ + "network": { + "name": "MY Network v2.0 Production", + "version": "2.0", + "protocol_version": "1.0", + "port": 15100, + "host": "0.0.0.0", + "external_url": "https://$DOMAIN" + }, + "bootstrap_nodes": [ + { + "id": "main-bootstrap-node", + "host": "$DOMAIN", + "port": 15100, + "public_key": "production-key-placeholder", + "weight": 100, + "priority": 1, + "region": "global" + } + ], + "security": { + "encryption_enabled": true, + "authentication_required": true, + "ssl_enabled": true, + "rate_limiting": { + "requests_per_minute": 1000, + "burst_size": 100 + } + }, + "api": { + "endpoints": { + "health": "/health", + "metrics": "/api/metrics", + "monitor": "/api/my/monitor/", + "websocket": "/api/my/monitor/ws", + "sync": "/api/sync", + "peers": "/api/peers" + }, + "cors": { + "enabled": true, + "origins": ["https://$DOMAIN"] + } + }, + "monitoring": { + "enabled": true, + "theme": "matrix", + "real_time_updates": true, + "websocket_path": "/api/my/monitor/ws", + "dashboard_path": "/api/my/monitor/", + "metrics_enabled": true + }, + "storage": { + "type": "sqlite", + "path": "./data/my_network_production.db", + "backup_enabled": true, + "backup_interval": 3600 + }, + "p2p": { + "max_peers": 100, + "sync_interval": 30, + "discovery_interval": 60, + "connection_timeout": 30, + "keep_alive": true + }, + "logging": { + "level": "INFO", + "file_path": "./logs/my_network_production.log", + "max_size": "100MB", + "backup_count": 5 + } +} +EOF + +echo "✅ Production bootstrap config created" + +# =========================== +# LOCAL DEPLOYMENT +# =========================== +echo "" +echo "=== 3. LOCAL DEPLOYMENT ===" + +echo "📁 Creating production directories..." +mkdir -p $INSTALL_DIR/data $INSTALL_DIR/logs +chown -R root:root $INSTALL_DIR + +echo "📤 Copying project files..." +# Stop if the service is running +if systemctl is-active --quiet my-network-v2; then + echo "🛑 Stopping existing MY Network v2.0 service..." + systemctl stop my-network-v2 +fi + +# Copy current directory to install location +if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then + echo " Copying from $CURRENT_DIR to $INSTALL_DIR..." + cp -r $CURRENT_DIR/* $INSTALL_DIR/ + + # Copy production configs + cp .env.production $INSTALL_DIR/.env + cp bootstrap.production.json $INSTALL_DIR/bootstrap.json + + cd $INSTALL_DIR +else + echo " Already in install directory" + # Just copy production configs + cp .env.production .env + cp bootstrap.production.json bootstrap.json +fi + +echo "✅ Project files copied" + +echo "" +echo "🐳 Installing Docker and Docker Compose..." +# Update system +apt-get update -y +apt-get install -y curl wget unzip + +# Install Docker +if ! command -v docker &> /dev/null; then + echo " Installing Docker..." + curl -fsSL https://get.docker.com -o get-docker.sh + sh get-docker.sh + systemctl enable docker + systemctl start docker + rm -f get-docker.sh +else + echo " Docker already installed" +fi + +# Install Docker Compose +if ! command -v docker-compose &> /dev/null; then + echo " Installing Docker Compose..." + curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose +else + echo " Docker Compose already installed" +fi + +echo "✅ Docker installation completed" + +echo "" +echo "🔥 Setting up firewall..." +# Install UFW if not present +apt-get install -y ufw + +# Configure firewall +ufw --force reset +ufw default deny incoming +ufw default allow outgoing + +# Allow essential ports +ufw allow 22/tcp # SSH +ufw allow 80/tcp # HTTP +ufw allow 443/tcp # HTTPS +ufw allow $MY_NETWORK_PORT/tcp # MY Network v2.0 + +# Enable firewall +ufw --force enable + +echo "✅ Firewall configured" + +echo "" +echo "🌐 Setting up Nginx..." +# Install Nginx +apt-get install -y nginx + +# Create Nginx configuration +cat > /etc/nginx/sites-available/mynetwork << 'NGINX_EOF' +server { + listen 80; + server_name my-public-node-3.projscale.dev; + + # Redirect HTTP to HTTPS + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name my-public-node-3.projscale.dev; + + # SSL Configuration (will be set up by Certbot) + ssl_certificate /etc/letsencrypt/live/my-public-node-3.projscale.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/my-public-node-3.projscale.dev/privkey.pem; + + # Security headers + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + # MY Network v2.0 API + location /api/ { + proxy_pass http://localhost:15100/api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Health check + location /health { + proxy_pass http://localhost:15100/health; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + + # Matrix Monitoring Dashboard + location /api/my/monitor/ { + proxy_pass http://localhost:15100/api/my/monitor/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + + # WebSocket for real-time monitoring + location /api/my/monitor/ws { + proxy_pass http://localhost:15100/api/my/monitor/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + } +} +NGINX_EOF + +# Enable site +ln -sf /etc/nginx/sites-available/mynetwork /etc/nginx/sites-enabled/ +rm -f /etc/nginx/sites-enabled/default + +# Test configuration +nginx -t + +echo "✅ Nginx configured" + +echo "" +echo "🔒 Setting up SSL with Let's Encrypt..." +# Install Certbot +apt-get install -y certbot python3-certbot-nginx + +# Get SSL certificate (non-interactive) +if [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then + echo " Obtaining SSL certificate..." + certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect +else + echo " SSL certificate already exists" +fi + +# Set up auto-renewal +crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab - + +echo "✅ SSL certificate configured" + +echo "" +echo "🚀 Deploying MY Network v2.0..." +cd $INSTALL_DIR + +# Build and start containers +echo " Building and starting containers..." +docker-compose --profile main-node up -d --build + +echo "✅ MY Network v2.0 containers started" + +echo "" +echo "📊 Creating systemd service..." +cat > /etc/systemd/system/my-network-v2.service << 'SERVICE_EOF' +[Unit] +Description=MY Network v2.0 Production Service +After=docker.service +Requires=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/opt/my-uploader-bot +ExecStart=/usr/local/bin/docker-compose --profile main-node up -d +ExecStop=/usr/local/bin/docker-compose down +ExecReload=/usr/local/bin/docker-compose restart app +TimeoutStartSec=300 +TimeoutStopSec=120 +User=root +Environment="MY_NETWORK_PORT=15100" +Environment="MY_NETWORK_VERSION=v2.0" + +[Install] +WantedBy=multi-user.target +SERVICE_EOF + +systemctl daemon-reload +systemctl enable my-network-v2 +systemctl start my-network-v2 + +echo "✅ SystemD service created and started" + +echo "" +echo "🔄 Restarting Nginx..." +systemctl restart nginx + +# =========================== +# FINAL VERIFICATION +# =========================== +echo "" +echo "=== 4. FINAL VERIFICATION ===" + +echo "⏳ Waiting for services to start..." +sleep 30 + +echo "🔍 Testing endpoints..." +for endpoint in "https://$DOMAIN/health" "https://$DOMAIN/api/my/monitor/"; do + if curl -f -s -k "$endpoint" > /dev/null; then + echo "✅ $endpoint - OK" + else + echo "❌ $endpoint - FAILED" + fi +done + +echo "" +echo "📊 Service Status:" +echo "🐳 Docker containers:" +docker-compose ps + +echo "" +echo "🔧 SystemD service:" +systemctl status my-network-v2 --no-pager -l + +echo "" +echo "🌐 Nginx status:" +systemctl status nginx --no-pager -l + +# =========================== +# DEPLOYMENT SUMMARY +# =========================== +echo "" +echo "==================================================" +echo "🎉 MY NETWORK v2.0 LOCAL PRODUCTION DEPLOYMENT COMPLETE!" +echo "==================================================" +echo "" +echo "🌐 Access Points:" +echo " • Matrix Dashboard: https://$DOMAIN/api/my/monitor/" +echo " • Health Check: https://$DOMAIN/health" +echo " • WebSocket: wss://$DOMAIN/api/my/monitor/ws" +echo " • API Docs: https://$DOMAIN:$MY_NETWORK_PORT/docs" +echo "" +echo "🛠️ Management Commands:" +echo " • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f" +echo " • Restart service: systemctl restart my-network-v2" +echo " • Check status: systemctl status my-network-v2" +echo " • Check containers: docker-compose ps" +echo "" +echo "🔒 Security:" +echo " • SSL/TLS: Enabled with Let's Encrypt" +echo " • Firewall: UFW configured for ports 22, 80, 443, $MY_NETWORK_PORT" +echo " • Auto-renewal: SSL certificates will auto-renew" +echo "" +echo "✅ MY Network v2.0 is now live on production!" + +# Cleanup local temporary files +if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then + cd $CURRENT_DIR + rm -f .env.production bootstrap.production.json +fi + +echo "" +echo "🧹 Cleanup completed" +echo "🚀 Local production deployment successful!" \ No newline at end of file diff --git a/deploy_main_bootstrap_node.sh b/deploy_main_bootstrap_node.sh new file mode 100755 index 0000000..2fec8aa --- /dev/null +++ b/deploy_main_bootstrap_node.sh @@ -0,0 +1,551 @@ +#!/bin/bash + +# =========================== +# MY Network v2.0 - Main Bootstrap Node Deployment +# Target: my-public-node-3.projscale.dev +# Execution: Local on server as root (no SSH) +# =========================== + +set -e + +echo "===========================================================" +echo "🚀 MY NETWORK v2.0 - MAIN BOOTSTRAP NODE DEPLOYMENT" +echo "Target: my-public-node-3.projscale.dev" +echo "Components: web2-client + uploader-bot + converter-module" +echo "===========================================================" + +# =========================== +# CONFIGURATION +# =========================== +DOMAIN="my-public-node-3.projscale.dev" +MY_NETWORK_PORT="15100" +WEB_CLIENT_PORT="3000" +CONVERTER_PORT="8080" +PROJECT_NAME="my-network-bootstrap" +INSTALL_DIR="/opt/$PROJECT_NAME" +CURRENT_DIR=$(pwd) + +echo "" +echo "=== BOOTSTRAP NODE CONFIGURATION ===" +echo "Domain: $DOMAIN" +echo "MY Network Port: $MY_NETWORK_PORT" +echo "Web Client Port: $WEB_CLIENT_PORT" +echo "Converter Port: $CONVERTER_PORT" +echo "Install Directory: $INSTALL_DIR" +echo "Current Directory: $CURRENT_DIR" + +# =========================== +# SYSTEM PREPARATION +# =========================== +echo "" +echo "=== 1. SYSTEM PREPARATION ===" + +echo "📦 Updating system packages..." +apt-get update -y +apt-get install -y curl wget unzip git nginx certbot python3-certbot-nginx ufw + +echo "🐳 Installing Docker and Docker Compose..." +if ! command -v docker &> /dev/null; then + curl -fsSL https://get.docker.com -o get-docker.sh + sh get-docker.sh + systemctl enable docker + systemctl start docker + rm -f get-docker.sh +fi + +if ! command -v docker-compose &> /dev/null; then + curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose +fi + +echo "✅ System preparation completed" + +# =========================== +# PROJECT DEPLOYMENT +# =========================== +echo "" +echo "=== 2. PROJECT DEPLOYMENT ===" + +echo "📁 Creating project structure..." +mkdir -p $INSTALL_DIR/{data,logs,web2-client,converter-module} + +echo "📤 Copying project files..." +if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then + cp -r $CURRENT_DIR/* $INSTALL_DIR/ + cd $INSTALL_DIR +fi + +echo "⚙️ Creating main bootstrap configuration..." + +# Main Bootstrap .env +cat > $INSTALL_DIR/.env << EOF +# MY Network v2.0 - Main Bootstrap Node Configuration +MY_NETWORK_VERSION=v2.0 +MY_NETWORK_PORT=$MY_NETWORK_PORT +MY_NETWORK_HOST=0.0.0.0 + +# Node Type +NODE_TYPE=main_bootstrap +BOOTSTRAP_NODE=true +PUBLIC_NODE=true + +# Production Database +DATABASE_URL=sqlite+aiosqlite:///./data/my_network_main.db +DB_TYPE=sqlite + +# Security +SECRET_KEY=$(openssl rand -hex 32) +JWT_SECRET=$(openssl rand -hex 32) + +# API Configuration +API_VERSION=v1 +DEBUG=false + +# Bootstrap Configuration +BOOTSTRAP_CONFIG_PATH=bootstrap_main.json + +# Monitoring +ENABLE_MONITORING=true +MONITORING_THEME=matrix + +# Network Settings - Main Bootstrap +MAX_PEERS=500 +SYNC_INTERVAL=15 +PEER_DISCOVERY_INTERVAL=30 +BOOTSTRAP_TIMEOUT=10 + +# Production Settings +ENVIRONMENT=production +LOG_LEVEL=INFO +HOST_DOMAIN=$DOMAIN +EXTERNAL_URL=https://$DOMAIN + +# SSL Configuration +SSL_ENABLED=true +SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem +SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem + +# Web2 Client Configuration +WEB2_CLIENT_PORT=$WEB_CLIENT_PORT +WEB2_CLIENT_HOST=0.0.0.0 + +# Converter Module Configuration +CONVERTER_PORT=$CONVERTER_PORT +CONVERTER_HOST=0.0.0.0 + +# Telegram Bots (Main Bootstrap has both enabled) +TELEGRAM_BOT_TOKEN=YOUR_BOT_TOKEN_HERE +UPLOADER_BOT_TOKEN=YOUR_UPLOADER_BOT_TOKEN_HERE +EOF + +# Main Bootstrap Config +cat > $INSTALL_DIR/bootstrap_main.json << EOF +{ + "network": { + "name": "MY Network v2.0 Main Bootstrap", + "version": "2.0", + "protocol_version": "1.0", + "port": $MY_NETWORK_PORT, + "host": "0.0.0.0", + "external_url": "https://$DOMAIN", + "node_type": "main_bootstrap", + "is_bootstrap": true, + "is_public": true + }, + "bootstrap_nodes": [ + { + "id": "main-bootstrap-node", + "host": "$DOMAIN", + "port": $MY_NETWORK_PORT, + "public_key": "main-bootstrap-key", + "weight": 1000, + "priority": 1, + "region": "global", + "node_type": "main_bootstrap" + } + ], + "security": { + "encryption_enabled": true, + "authentication_required": true, + "ssl_enabled": true, + "rate_limiting": { + "requests_per_minute": 2000, + "burst_size": 200 + } + }, + "api": { + "endpoints": { + "health": "/health", + "metrics": "/api/metrics", + "monitor": "/api/my/monitor/", + "websocket": "/api/my/monitor/ws", + "sync": "/api/sync", + "peers": "/api/peers", + "bootstrap": "/api/bootstrap", + "register": "/api/register" + }, + "cors": { + "enabled": true, + "origins": ["https://$DOMAIN", "http://localhost:3000"] + } + }, + "monitoring": { + "enabled": true, + "theme": "matrix", + "real_time_updates": true, + "websocket_path": "/api/my/monitor/ws", + "dashboard_path": "/api/my/monitor/", + "metrics_enabled": true, + "public_metrics": true + }, + "storage": { + "type": "sqlite", + "path": "./data/my_network_main.db", + "backup_enabled": true, + "backup_interval": 1800 + }, + "p2p": { + "max_peers": 500, + "sync_interval": 15, + "discovery_interval": 30, + "connection_timeout": 30, + "keep_alive": true, + "bootstrap_timeout": 10 + }, + "logging": { + "level": "INFO", + "file_path": "./logs/my_network_main.log", + "max_size": "500MB", + "backup_count": 10 + }, + "services": { + "web2_client": { + "enabled": true, + "port": $WEB_CLIENT_PORT, + "host": "0.0.0.0" + }, + "converter": { + "enabled": true, + "port": $CONVERTER_PORT, + "host": "0.0.0.0" + }, + "telegram_bots": { + "enabled": true, + "client_bot": true, + "uploader_bot": true + } + } +} +EOF + +# Docker Compose for Main Bootstrap +cat > $INSTALL_DIR/docker-compose.yml << EOF +version: '3.8' + +services: + # MY Network v2.0 Core + my-network: + build: . + container_name: my-network-main + restart: unless-stopped + ports: + - "$MY_NETWORK_PORT:$MY_NETWORK_PORT" + volumes: + - ./data:/app/data + - ./logs:/app/logs + - ./.env:/app/.env + - ./bootstrap_main.json:/app/bootstrap.json + environment: + - NODE_TYPE=main_bootstrap + - BOOTSTRAP_NODE=true + networks: + - mynetwork + depends_on: + - web2-client + - converter + + # Web2 Client + web2-client: + build: ./web2-client + container_name: web2-client-main + restart: unless-stopped + ports: + - "$WEB_CLIENT_PORT:3000" + environment: + - NEXT_PUBLIC_API_URL=https://$DOMAIN + - NEXT_PUBLIC_WS_URL=wss://$DOMAIN + networks: + - mynetwork + + # Converter Module + converter: + build: ./converter-module + container_name: converter-main + restart: unless-stopped + ports: + - "$CONVERTER_PORT:8080" + volumes: + - ./data/converter:/app/data + networks: + - mynetwork + +networks: + mynetwork: + driver: bridge +EOF + +echo "✅ Project deployment completed" + +# =========================== +# FIREWALL CONFIGURATION +# =========================== +echo "" +echo "=== 3. FIREWALL CONFIGURATION ===" + +echo "🔥 Configuring UFW firewall..." +ufw --force reset +ufw default deny incoming +ufw default allow outgoing + +# Essential ports +ufw allow 22/tcp # SSH +ufw allow 80/tcp # HTTP +ufw allow 443/tcp # HTTPS +ufw allow $MY_NETWORK_PORT/tcp # MY Network +ufw allow $WEB_CLIENT_PORT/tcp # Web Client +ufw allow $CONVERTER_PORT/tcp # Converter + +ufw --force enable + +echo "✅ Firewall configured" + +# =========================== +# NGINX CONFIGURATION +# =========================== +echo "" +echo "=== 4. NGINX CONFIGURATION ===" + +echo "🌐 Creating Nginx configuration..." +cat > /etc/nginx/sites-available/my-network-main << EOF +# MY Network v2.0 Main Bootstrap Node Configuration + +server { + listen 80; + server_name $DOMAIN; + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl http2; + server_name $DOMAIN; + + # SSL Configuration + ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; + + # Security headers + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # Main web interface (Web2 Client) + location / { + proxy_pass http://localhost:$WEB_CLIENT_PORT; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + # MY Network v2.0 API + location /api/ { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + # Health check + location /health { + proxy_pass http://localhost:$MY_NETWORK_PORT/health; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + } + + # Matrix Monitoring Dashboard + location /monitor/ { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + } + + # WebSocket for real-time monitoring + location /ws/monitor { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host \$host; + } + + # Converter API + location /convert/ { + proxy_pass http://localhost:$CONVERTER_PORT/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } +} +EOF + +# Enable site +ln -sf /etc/nginx/sites-available/my-network-main /etc/nginx/sites-enabled/ +rm -f /etc/nginx/sites-enabled/default + +# Test configuration +nginx -t + +echo "✅ Nginx configured" + +# =========================== +# SSL CERTIFICATE +# =========================== +echo "" +echo "=== 5. SSL CERTIFICATE ===" + +echo "🔒 Obtaining SSL certificate..." +if [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then + certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect +else + echo " SSL certificate already exists" +fi + +# Set up auto-renewal +crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab - + +echo "✅ SSL certificate configured" + +# =========================== +# CONTAINER DEPLOYMENT +# =========================== +echo "" +echo "=== 6. CONTAINER DEPLOYMENT ===" + +echo "🚀 Building and starting containers..." +cd $INSTALL_DIR + +# Stop existing services +if systemctl is-active --quiet my-network-main; then + systemctl stop my-network-main +fi + +# Build and start containers +docker-compose down 2>/dev/null || true +docker-compose up -d --build + +echo "✅ Containers deployed" + +# =========================== +# SYSTEMD SERVICE +# =========================== +echo "" +echo "=== 7. SYSTEMD SERVICE ===" + +echo "📊 Creating systemd service..." +cat > /etc/systemd/system/my-network-main.service << EOF +[Unit] +Description=MY Network v2.0 Main Bootstrap Node +After=docker.service network.target +Requires=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=$INSTALL_DIR +ExecStart=/usr/local/bin/docker-compose up -d +ExecStop=/usr/local/bin/docker-compose down +ExecReload=/usr/local/bin/docker-compose restart +TimeoutStartSec=300 +TimeoutStopSec=120 +User=root +Environment="COMPOSE_PROJECT_NAME=my-network-main" + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable my-network-main +systemctl start my-network-main + +echo "✅ SystemD service created" + +# =========================== +# FINAL VERIFICATION +# =========================== +echo "" +echo "=== 8. FINAL VERIFICATION ===" + +echo "⏳ Waiting for services to start..." +sleep 30 + +echo "🔍 Testing endpoints..." +systemctl restart nginx + +endpoints=( + "https://$DOMAIN/health" + "https://$DOMAIN/api/bootstrap" + "https://$DOMAIN/monitor/" + "https://$DOMAIN/" +) + +for endpoint in "${endpoints[@]}"; do + if curl -f -s -k "$endpoint" > /dev/null 2>&1; then + echo "✅ $endpoint - OK" + else + echo "❌ $endpoint - FAILED" + fi +done + +# =========================== +# DEPLOYMENT SUMMARY +# =========================== +echo "" +echo "=============================================================" +echo "🎉 MY NETWORK v2.0 MAIN BOOTSTRAP NODE DEPLOYMENT COMPLETE!" +echo "=============================================================" +echo "" +echo "🌐 Main Access Points:" +echo " • Web Interface: https://$DOMAIN/" +echo " • Matrix Dashboard: https://$DOMAIN/monitor/" +echo " • Health Check: https://$DOMAIN/health" +echo " • Bootstrap API: https://$DOMAIN/api/bootstrap" +echo " • WebSocket: wss://$DOMAIN/ws/monitor" +echo " • API Docs: https://$DOMAIN/api/docs" +echo "" +echo "🔧 Service Ports:" +echo " • MY Network: $MY_NETWORK_PORT" +echo " • Web Client: $WEB_CLIENT_PORT" +echo " • Converter: $CONVERTER_PORT" +echo "" +echo "🛠️ Management Commands:" +echo " • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f" +echo " • Restart: systemctl restart my-network-main" +echo " • Status: systemctl status my-network-main" +echo " • Containers: docker-compose ps" +echo "" +echo "🔒 Security:" +echo " • SSL/TLS: Enabled with Let's Encrypt" +echo " • Firewall: UFW configured" +echo " • Auto-renewal: SSL certificates will auto-renew" +echo "" +echo "📝 Configuration Files:" +echo " • Main config: $INSTALL_DIR/bootstrap_main.json" +echo " • Environment: $INSTALL_DIR/.env" +echo " • Docker: $INSTALL_DIR/docker-compose.yml" +echo "" +echo "✅ Main Bootstrap Node is live and ready to accept connections!" +echo "🌐 Other nodes can now connect to: https://$DOMAIN/api/bootstrap" \ No newline at end of file diff --git a/deploy_regular_node.sh b/deploy_regular_node.sh new file mode 100755 index 0000000..a109c6c --- /dev/null +++ b/deploy_regular_node.sh @@ -0,0 +1,620 @@ +#!/bin/bash + +# =========================== +# MY Network v2.0 - Regular Node Deployment +# Connects to existing network via bootstrap nodes +# Optional: Telegram bots, public domain, SSL +# =========================== + +set -e + +echo "=========================================================" +echo "🌐 MY NETWORK v2.0 - REGULAR NODE DEPLOYMENT" +echo "Connects to: my-public-node-3.projscale.dev" +echo "Components: MY Network + Optional (bots, web, converter)" +echo "=========================================================" + +# =========================== +# CONFIGURATION INPUT +# =========================== +echo "" +echo "=== NODE CONFIGURATION ===" + +# Get node configuration +read -p "Enter node name (default: my-node-$(date +%s)): " NODE_NAME +NODE_NAME=${NODE_NAME:-"my-node-$(date +%s)"} + +read -p "Enter public domain (optional, leave empty for private node): " PUBLIC_DOMAIN +read -p "Enter Telegram Bot Token (optional): " TELEGRAM_BOT_TOKEN +read -p "Enter Uploader Bot Token (optional): " UPLOADER_BOT_TOKEN + +# Determine node type based on configuration +if [ -n "$PUBLIC_DOMAIN" ]; then + NODE_TYPE="public_regular" + PUBLIC_NODE="true" + echo "🌐 Configuring as PUBLIC regular node with domain: $PUBLIC_DOMAIN" +else + NODE_TYPE="private_regular" + PUBLIC_NODE="false" + echo "🔒 Configuring as PRIVATE regular node" +fi + +# Bot configuration +if [ -n "$TELEGRAM_BOT_TOKEN" ] || [ -n "$UPLOADER_BOT_TOKEN" ]; then + ENABLE_BOTS="true" + echo "🤖 Telegram bots will be enabled" +else + ENABLE_BOTS="false" + echo "🤖 Telegram bots will be disabled" +fi + +# Ports +MY_NETWORK_PORT="15100" +WEB_CLIENT_PORT="3000" +CONVERTER_PORT="8080" +INSTALL_DIR="/opt/my-network-$NODE_NAME" + +echo "" +echo "=== FINAL CONFIGURATION ===" +echo "Node Name: $NODE_NAME" +echo "Node Type: $NODE_TYPE" +echo "Public Domain: ${PUBLIC_DOMAIN:-"None (private node)"}" +echo "Enable Bots: $ENABLE_BOTS" +echo "Install Directory: $INSTALL_DIR" + +read -p "Continue with this configuration? (y/N): " CONFIRM +if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then + echo "❌ Deployment cancelled" + exit 1 +fi + +# =========================== +# SYSTEM PREPARATION +# =========================== +echo "" +echo "=== 1. SYSTEM PREPARATION ===" + +echo "📦 Installing dependencies..." +apt-get update -y +apt-get install -y curl wget unzip git jq + +echo "🐳 Installing Docker and Docker Compose..." +if ! command -v docker &> /dev/null; then + curl -fsSL https://get.docker.com -o get-docker.sh + sh get-docker.sh + systemctl enable docker + systemctl start docker + rm -f get-docker.sh +fi + +if ! command -v docker-compose &> /dev/null; then + curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose +fi + +echo "✅ System preparation completed" + +# =========================== +# BOOTSTRAP DISCOVERY +# =========================== +echo "" +echo "=== 2. BOOTSTRAP DISCOVERY ===" + +echo "🔍 Connecting to main bootstrap node..." +BOOTSTRAP_URL="https://my-public-node-3.projscale.dev/api/bootstrap" + +if ! curl -f -s "$BOOTSTRAP_URL" > /dev/null; then + echo "❌ Cannot connect to bootstrap node: $BOOTSTRAP_URL" + echo "Please ensure the main bootstrap node is running" + exit 1 +fi + +echo "📡 Fetching network configuration..." +BOOTSTRAP_CONFIG=$(curl -s "$BOOTSTRAP_URL" | jq -r '.') +if [ "$BOOTSTRAP_CONFIG" = "null" ]; then + echo "❌ Failed to fetch bootstrap configuration" + exit 1 +fi + +echo "✅ Bootstrap discovery completed" + +# =========================== +# PROJECT DEPLOYMENT +# =========================== +echo "" +echo "=== 3. PROJECT DEPLOYMENT ===" + +echo "📁 Creating project structure..." +mkdir -p $INSTALL_DIR/{data,logs} + +# Copy current project if in project directory +CURRENT_DIR=$(pwd) +if [ -f "$CURRENT_DIR/start_my_network.py" ]; then + echo "📤 Copying project files..." + cp -r $CURRENT_DIR/* $INSTALL_DIR/ +fi + +cd $INSTALL_DIR + +echo "⚙️ Creating regular node configuration..." + +# Regular Node .env +cat > $INSTALL_DIR/.env << EOF +# MY Network v2.0 - Regular Node Configuration +MY_NETWORK_VERSION=v2.0 +MY_NETWORK_PORT=$MY_NETWORK_PORT +MY_NETWORK_HOST=0.0.0.0 + +# Node Configuration +NODE_NAME=$NODE_NAME +NODE_TYPE=$NODE_TYPE +BOOTSTRAP_NODE=false +PUBLIC_NODE=$PUBLIC_NODE + +# Production Database +DATABASE_URL=sqlite+aiosqlite:///./data/my_network_${NODE_NAME}.db +DB_TYPE=sqlite + +# Security +SECRET_KEY=$(openssl rand -hex 32) +JWT_SECRET=$(openssl rand -hex 32) + +# API Configuration +API_VERSION=v1 +DEBUG=false + +# Bootstrap Configuration +BOOTSTRAP_CONFIG_PATH=bootstrap_regular.json +MAIN_BOOTSTRAP_URL=https://my-public-node-3.projscale.dev + +# Monitoring +ENABLE_MONITORING=true +MONITORING_THEME=matrix + +# Network Settings - Regular Node +MAX_PEERS=100 +SYNC_INTERVAL=30 +PEER_DISCOVERY_INTERVAL=60 +BOOTSTRAP_TIMEOUT=30 + +# Environment +ENVIRONMENT=production +LOG_LEVEL=INFO + +# Public Domain Configuration +$([ -n "$PUBLIC_DOMAIN" ] && cat << DOMAIN_EOF +HOST_DOMAIN=$PUBLIC_DOMAIN +EXTERNAL_URL=https://$PUBLIC_DOMAIN +SSL_ENABLED=true +SSL_CERT_PATH=/etc/letsencrypt/live/$PUBLIC_DOMAIN/fullchain.pem +SSL_KEY_PATH=/etc/letsencrypt/live/$PUBLIC_DOMAIN/privkey.pem +DOMAIN_EOF +) + +# Service Configuration +WEB2_CLIENT_PORT=$WEB_CLIENT_PORT +WEB2_CLIENT_HOST=0.0.0.0 +CONVERTER_PORT=$CONVERTER_PORT +CONVERTER_HOST=0.0.0.0 + +# Telegram Bots Configuration +ENABLE_TELEGRAM_BOTS=$ENABLE_BOTS +$([ -n "$TELEGRAM_BOT_TOKEN" ] && echo "TELEGRAM_BOT_TOKEN=$TELEGRAM_BOT_TOKEN") +$([ -n "$UPLOADER_BOT_TOKEN" ] && echo "UPLOADER_BOT_TOKEN=$UPLOADER_BOT_TOKEN") +EOF + +# Regular Node Bootstrap Config +cat > $INSTALL_DIR/bootstrap_regular.json << EOF +{ + "network": { + "name": "MY Network v2.0 Regular Node - $NODE_NAME", + "version": "2.0", + "protocol_version": "1.0", + "port": $MY_NETWORK_PORT, + "host": "0.0.0.0", + $([ -n "$PUBLIC_DOMAIN" ] && echo "\"external_url\": \"https://$PUBLIC_DOMAIN\",") + "node_name": "$NODE_NAME", + "node_type": "$NODE_TYPE", + "is_bootstrap": false, + "is_public": $PUBLIC_NODE + }, + "bootstrap_nodes": [ + { + "id": "main-bootstrap-node", + "host": "my-public-node-3.projscale.dev", + "port": 15100, + "public_key": "main-bootstrap-key", + "weight": 1000, + "priority": 1, + "region": "global", + "node_type": "main_bootstrap" + } + ], + "discovery": { + "bootstrap_url": "https://my-public-node-3.projscale.dev/api/bootstrap", + "peer_discovery_url": "https://my-public-node-3.projscale.dev/api/peers", + "sync_url": "https://my-public-node-3.projscale.dev/api/sync" + }, + "security": { + "encryption_enabled": true, + "authentication_required": true, + "ssl_enabled": $([ -n "$PUBLIC_DOMAIN" ] && echo "true" || echo "false"), + "rate_limiting": { + "requests_per_minute": 1000, + "burst_size": 100 + } + }, + "api": { + "endpoints": { + "health": "/health", + "metrics": "/api/metrics", + "monitor": "/api/my/monitor/", + "websocket": "/api/my/monitor/ws", + "sync": "/api/sync", + "peers": "/api/peers" + }, + "cors": { + "enabled": true, + "origins": $([ -n "$PUBLIC_DOMAIN" ] && echo "[\"https://$PUBLIC_DOMAIN\", \"http://localhost:3000\"]" || echo "[\"http://localhost:3000\"]") + } + }, + "monitoring": { + "enabled": true, + "theme": "matrix", + "real_time_updates": true, + "websocket_path": "/api/my/monitor/ws", + "dashboard_path": "/api/my/monitor/", + "metrics_enabled": true, + "public_metrics": $PUBLIC_NODE + }, + "storage": { + "type": "sqlite", + "path": "./data/my_network_${NODE_NAME}.db", + "backup_enabled": true, + "backup_interval": 3600 + }, + "p2p": { + "max_peers": 100, + "sync_interval": 30, + "discovery_interval": 60, + "connection_timeout": 30, + "keep_alive": true, + "bootstrap_timeout": 30 + }, + "logging": { + "level": "INFO", + "file_path": "./logs/my_network_${NODE_NAME}.log", + "max_size": "100MB", + "backup_count": 5 + }, + "services": { + "web2_client": { + "enabled": $PUBLIC_NODE, + "port": $WEB_CLIENT_PORT, + "host": "0.0.0.0" + }, + "converter": { + "enabled": true, + "port": $CONVERTER_PORT, + "host": "0.0.0.0" + }, + "telegram_bots": { + "enabled": $ENABLE_BOTS, + "client_bot": $([ -n "$TELEGRAM_BOT_TOKEN" ] && echo "true" || echo "false"), + "uploader_bot": $([ -n "$UPLOADER_BOT_TOKEN" ] && echo "true" || echo "false") + } + } +} +EOF + +# Docker Compose for Regular Node +cat > $INSTALL_DIR/docker-compose.yml << EOF +version: '3.8' + +services: + # MY Network v2.0 Core + my-network: + build: . + container_name: my-network-$NODE_NAME + restart: unless-stopped + ports: + - "$MY_NETWORK_PORT:$MY_NETWORK_PORT" + volumes: + - ./data:/app/data + - ./logs:/app/logs + - ./.env:/app/.env + - ./bootstrap_regular.json:/app/bootstrap.json + environment: + - NODE_TYPE=$NODE_TYPE + - BOOTSTRAP_NODE=false + - NODE_NAME=$NODE_NAME + networks: + - mynetwork +$([ "$PUBLIC_NODE" = "true" ] && cat << SERVICES_EOF + depends_on: + - web2-client + - converter + + # Web2 Client (only for public nodes) + web2-client: + build: ./web2-client + container_name: web2-client-$NODE_NAME + restart: unless-stopped + ports: + - "$WEB_CLIENT_PORT:3000" + environment: + - NEXT_PUBLIC_API_URL=$([ -n "$PUBLIC_DOMAIN" ] && echo "https://$PUBLIC_DOMAIN" || echo "http://localhost:$MY_NETWORK_PORT") + - NEXT_PUBLIC_WS_URL=$([ -n "$PUBLIC_DOMAIN" ] && echo "wss://$PUBLIC_DOMAIN" || echo "ws://localhost:$MY_NETWORK_PORT") + networks: + - mynetwork +SERVICES_EOF +) + + # Converter Module + converter: + build: ./converter-module + container_name: converter-$NODE_NAME + restart: unless-stopped + ports: + - "$CONVERTER_PORT:8080" + volumes: + - ./data/converter:/app/data + networks: + - mynetwork + +networks: + mynetwork: + driver: bridge +EOF + +echo "✅ Project deployment completed" + +# =========================== +# PUBLIC NODE SETUP +# =========================== +if [ "$PUBLIC_NODE" = "true" ] && [ -n "$PUBLIC_DOMAIN" ]; then + echo "" + echo "=== 4. PUBLIC NODE SETUP ===" + + echo "🔥 Configuring firewall..." + apt-get install -y ufw + ufw --force reset + ufw default deny incoming + ufw default allow outgoing + ufw allow 22/tcp + ufw allow 80/tcp + ufw allow 443/tcp + ufw allow $MY_NETWORK_PORT/tcp + ufw allow $WEB_CLIENT_PORT/tcp + ufw allow $CONVERTER_PORT/tcp + ufw --force enable + + echo "🌐 Installing and configuring Nginx..." + apt-get install -y nginx certbot python3-certbot-nginx + + cat > /etc/nginx/sites-available/my-network-$NODE_NAME << EOF +server { + listen 80; + server_name $PUBLIC_DOMAIN; + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl http2; + server_name $PUBLIC_DOMAIN; + + ssl_certificate /etc/letsencrypt/live/$PUBLIC_DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$PUBLIC_DOMAIN/privkey.pem; + + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + location / { + proxy_pass http://localhost:$WEB_CLIENT_PORT; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location /api/ { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location /health { + proxy_pass http://localhost:$MY_NETWORK_PORT/health; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + } + + location /monitor/ { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + } + + location /ws/monitor { + proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host \$host; + } + + location /convert/ { + proxy_pass http://localhost:$CONVERTER_PORT/; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + } +} +EOF + + ln -sf /etc/nginx/sites-available/my-network-$NODE_NAME /etc/nginx/sites-enabled/ + rm -f /etc/nginx/sites-enabled/default + nginx -t + + echo "🔒 Obtaining SSL certificate..." + certbot --nginx -d $PUBLIC_DOMAIN --non-interactive --agree-tos --email admin@$PUBLIC_DOMAIN --redirect + + crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab - + + echo "✅ Public node setup completed" +else + echo "" + echo "=== 4. PRIVATE NODE SETUP ===" + echo "🔒 Configuring as private node (no public access)" +fi + +# =========================== +# CONTAINER DEPLOYMENT +# =========================== +echo "" +echo "=== 5. CONTAINER DEPLOYMENT ===" + +echo "🚀 Building and starting containers..." +cd $INSTALL_DIR + +# Stop existing services +if systemctl is-active --quiet my-network-$NODE_NAME; then + systemctl stop my-network-$NODE_NAME +fi + +# Build and start containers +docker-compose down 2>/dev/null || true +docker-compose up -d --build + +echo "✅ Containers deployed" + +# =========================== +# SYSTEMD SERVICE +# =========================== +echo "" +echo "=== 6. SYSTEMD SERVICE ===" + +echo "📊 Creating systemd service..." +cat > /etc/systemd/system/my-network-$NODE_NAME.service << EOF +[Unit] +Description=MY Network v2.0 Regular Node - $NODE_NAME +After=docker.service network.target +Requires=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=$INSTALL_DIR +ExecStart=/usr/local/bin/docker-compose up -d +ExecStop=/usr/local/bin/docker-compose down +ExecReload=/usr/local/bin/docker-compose restart +TimeoutStartSec=300 +TimeoutStopSec=120 +User=root +Environment="COMPOSE_PROJECT_NAME=my-network-$NODE_NAME" + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable my-network-$NODE_NAME +systemctl start my-network-$NODE_NAME + +echo "✅ SystemD service created" + +# =========================== +# NETWORK SYNCHRONIZATION +# =========================== +echo "" +echo "=== 7. NETWORK SYNCHRONIZATION ===" + +echo "⏳ Waiting for services to start..." +sleep 30 + +echo "🔄 Initiating network synchronization..." +if curl -f -s "http://localhost:$MY_NETWORK_PORT/health" > /dev/null; then + echo "✅ Node is running locally" + + # Register with bootstrap node + echo "📡 Registering with bootstrap node..." + REGISTER_DATA="{\"node_name\":\"$NODE_NAME\",\"node_type\":\"$NODE_TYPE\",\"public_node\":$PUBLIC_NODE" + if [ -n "$PUBLIC_DOMAIN" ]; then + REGISTER_DATA+=",\"external_url\":\"https://$PUBLIC_DOMAIN\"" + fi + REGISTER_DATA+="}" + + curl -X POST "https://my-public-node-3.projscale.dev/api/register" \ + -H "Content-Type: application/json" \ + -d "$REGISTER_DATA" || echo "Registration will retry automatically" + + echo "✅ Network synchronization initiated" +else + echo "⚠️ Node starting up, synchronization will begin automatically" +fi + +# =========================== +# FINAL VERIFICATION +# =========================== +echo "" +echo "=== 8. FINAL VERIFICATION ===" + +echo "🔍 Testing local endpoints..." +if curl -f -s "http://localhost:$MY_NETWORK_PORT/health" > /dev/null; then + echo "✅ Local health check - OK" +else + echo "❌ Local health check - FAILED" +fi + +if [ "$PUBLIC_NODE" = "true" ] && [ -n "$PUBLIC_DOMAIN" ]; then + systemctl restart nginx + sleep 10 + + echo "🔍 Testing public endpoints..." + if curl -f -s -k "https://$PUBLIC_DOMAIN/health" > /dev/null; then + echo "✅ Public health check - OK" + else + echo "❌ Public health check - FAILED" + fi +fi + +# =========================== +# DEPLOYMENT SUMMARY +# =========================== +echo "" +echo "============================================================" +echo "🎉 MY NETWORK v2.0 REGULAR NODE DEPLOYMENT COMPLETE!" +echo "============================================================" +echo "" +echo "📋 Node Information:" +echo " • Node Name: $NODE_NAME" +echo " • Node Type: $NODE_TYPE" +echo " • Public Node: $PUBLIC_NODE" +echo " • Telegram Bots: $ENABLE_BOTS" +echo "" +if [ "$PUBLIC_NODE" = "true" ] && [ -n "$PUBLIC_DOMAIN" ]; then +echo "🌐 Public Access Points:" +echo " • Web Interface: https://$PUBLIC_DOMAIN/" +echo " • Matrix Dashboard: https://$PUBLIC_DOMAIN/monitor/" +echo " • Health Check: https://$PUBLIC_DOMAIN/health" +echo " • API: https://$PUBLIC_DOMAIN/api/" +echo "" +fi +echo "🔧 Local Access:" +echo " • Health Check: http://localhost:$MY_NETWORK_PORT/health" +echo " • API: http://localhost:$MY_NETWORK_PORT/api/" +echo " • Dashboard: http://localhost:$MY_NETWORK_PORT/api/my/monitor/" +echo "" +echo "🛠️ Management Commands:" +echo " • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f" +echo " • Restart: systemctl restart my-network-$NODE_NAME" +echo " • Status: systemctl status my-network-$NODE_NAME" +echo " • Containers: docker-compose ps" +echo "" +echo "🌐 Network Connection:" +echo " • Bootstrap Node: https://my-public-node-3.projscale.dev" +echo " • Sync Status: Check dashboard for peer connections" +echo "" +echo "✅ Regular node is live and syncing with MY Network v2.0!" \ No newline at end of file