#!/bin/bash # MY Network Production Deployment Script # Скрипт для развертывания MY Network с nginx, SSL и полной инфраструктурой set -e # Выход при ошибке # Цвета для вывода RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # ASCII Art заставка print_header() { echo -e "${CYAN}" cat << "EOF" ╔══════════════════════════════════════════════════════════════════════════════╗ ║ MY NETWORK v2.0 ║ ║ Production Deployment Script ║ ║ Distributed Content Protocol Installer ║ ╚══════════════════════════════════════════════════════════════════════════════╝ EOF echo -e "${NC}" } # Логирование log_info() { echo -e "${GREEN}[INFO]${NC} $1" } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" } log_step() { echo -e "${BLUE}[STEP]${NC} $1" } # Конфигурационные переменные DOMAIN=${DOMAIN:-"my-network.local"} EMAIL=${EMAIL:-"admin@${DOMAIN}"} HTTP_PORT=${HTTP_PORT:-80} HTTPS_PORT=${HTTPS_PORT:-443} APP_PORT=${APP_PORT:-15100} REDIS_PORT=${REDIS_PORT:-6379} DB_PORT=${DB_PORT:-3306} # Проверка прав root check_root() { if [[ $EUID -ne 0 ]]; then log_error "This script must be run as root" exit 1 fi } # Проверка операционной системы check_os() { log_step "Checking operating system..." if [[ -f /etc/os-release ]]; then . /etc/os-release OS=$NAME VER=$VERSION_ID log_info "Detected OS: $OS $VER" else log_error "Cannot detect operating system" exit 1 fi } # Установка зависимостей install_dependencies() { log_step "Installing system dependencies..." if [[ "$OS" == *"Ubuntu"* ]] || [[ "$OS" == *"Debian"* ]]; then apt update apt install -y \ nginx \ certbot \ python3-certbot-nginx \ docker.io \ docker-compose \ curl \ wget \ git \ htop \ ufw \ fail2ban elif [[ "$OS" == *"CentOS"* ]] || [[ "$OS" == *"Red Hat"* ]]; then yum update -y yum install -y \ nginx \ certbot \ python3-certbot-nginx \ docker \ docker-compose \ curl \ wget \ git \ htop \ firewalld else log_warn "Unsupported OS, attempting generic installation..." fi # Запустить Docker systemctl enable docker systemctl start docker log_info "Dependencies installed successfully" } # Настройка файрвола setup_firewall() { log_step "Configuring firewall..." if command -v ufw &> /dev/null; then # Ubuntu/Debian firewall ufw --force reset ufw default deny incoming ufw default allow outgoing # Разрешить SSH ufw allow 22/tcp # Разрешить HTTP/HTTPS ufw allow $HTTP_PORT/tcp ufw allow $HTTPS_PORT/tcp # Разрешить порт приложения ufw allow $APP_PORT/tcp # MY Network P2P порты ufw allow 8000:8010/tcp ufw allow 8000:8010/udp ufw --force enable elif command -v firewall-cmd &> /dev/null; then # CentOS/RHEL firewall systemctl enable firewalld systemctl start firewalld firewall-cmd --permanent --add-service=ssh firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-port=$APP_PORT/tcp firewall-cmd --permanent --add-port=8000-8010/tcp firewall-cmd --permanent --add-port=8000-8010/udp firewall-cmd --reload fi log_info "Firewall configured successfully" } # Создание пользователя для приложения create_app_user() { log_step "Creating application user..." if ! id "my-network" &>/dev/null; then useradd -r -s /bin/false -d /opt/my-network -m my-network usermod -aG docker my-network log_info "User 'my-network' created" else log_info "User 'my-network' already exists" fi } # Настройка директорий setup_directories() { log_step "Setting up directories..." # Создать основные директории mkdir -p /opt/my-network/{app,data,logs,storage,config,ssl} mkdir -p /var/log/my-network # Создать директории для хранения mkdir -p /opt/my-network/storage/{uploads,previews,encrypted,my-network} # Права доступа chown -R my-network:my-network /opt/my-network chown -R my-network:my-network /var/log/my-network chmod 755 /opt/my-network chmod 750 /opt/my-network/config chmod 700 /opt/my-network/ssl log_info "Directories configured successfully" } # Копирование файлов приложения deploy_application() { log_step "Deploying MY Network application..." # Копировать исходники cp -r . /opt/my-network/app/ # Установить права chown -R my-network:my-network /opt/my-network/app # Создать .env файл для продакшена cat > /opt/my-network/app/.env << EOF # MY Network Production Configuration PROJECT_NAME=MY-Network PROJECT_VERSION=2.0.0 DEBUG=False ENVIRONMENT=production # Database Configuration DATABASE_URL=mysql://mymusic:mymusic_password@localhost:$DB_PORT/mymusic DATABASE_POOL_SIZE=20 DATABASE_MAX_OVERFLOW=30 # Redis Configuration REDIS_URL=redis://localhost:$REDIS_PORT/0 REDIS_PASSWORD= # Application Settings SECRET_KEY=$(openssl rand -hex 32) MAX_FILE_SIZE=5368709120 STORAGE_PATH=/opt/my-network/storage # MY Network Settings MY_NETWORK_ENABLED=True MY_NETWORK_NODE_ID=$(uuidgen) MY_NETWORK_BOOTSTRAP_NODES=[] MY_NETWORK_P2P_PORT=8001 MY_NETWORK_API_PORT=$APP_PORT # SSL Settings SSL_ENABLED=True SSL_CERT_PATH=/opt/my-network/ssl/fullchain.pem SSL_KEY_PATH=/opt/my-network/ssl/privkey.pem # Logging LOG_LEVEL=INFO LOG_FILE=/var/log/my-network/app.log # Monitoring METRICS_ENABLED=True PROMETHEUS_PORT=9090 EOF log_info "Application deployed successfully" } # Настройка nginx setup_nginx() { log_step "Configuring nginx..." # Создать конфигурацию nginx cat > /etc/nginx/sites-available/my-network << EOF # MY Network Nginx Configuration upstream my_network_backend { server 127.0.0.1:$APP_PORT; keepalive 32; } # HTTP -> HTTPS redirect server { listen $HTTP_PORT; server_name $DOMAIN; # Для Let's Encrypt challenge location /.well-known/acme-challenge/ { root /var/www/html; } # Редирект на HTTPS location / { return 301 https://\$server_name\$request_uri; } } # HTTPS сервер server { listen $HTTPS_PORT ssl http2; server_name $DOMAIN; # SSL сертификаты ssl_certificate /opt/my-network/ssl/fullchain.pem; ssl_certificate_key /opt/my-network/ssl/privkey.pem; # SSL настройки ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Безопасность add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY always; add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Основное приложение location / { proxy_pass http://my_network_backend; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_cache_bypass \$http_upgrade; proxy_read_timeout 86400; # Ограничения client_max_body_size 5G; proxy_request_buffering off; } # MY Network мониторинг location /api/my/monitor/ { proxy_pass http://my_network_backend; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host \$host; proxy_cache_bypass \$http_upgrade; # Разрешить для всех allow all; } # Статические файлы location /static/ { alias /opt/my-network/storage/static/; expires 30d; add_header Cache-Control "public, immutable"; } # Логи access_log /var/log/nginx/my-network-access.log; error_log /var/log/nginx/my-network-error.log; } EOF # Включить сайт ln -sf /etc/nginx/sites-available/my-network /etc/nginx/sites-enabled/ rm -f /etc/nginx/sites-enabled/default # Проверить конфигурацию nginx -t log_info "Nginx configured successfully" } # Получение SSL сертификата setup_ssl() { log_step "Setting up SSL certificate..." # Запустить nginx для получения сертификата systemctl start nginx # Получить сертификат Let's Encrypt if certbot --nginx -d $DOMAIN --email $EMAIL --agree-tos --non-interactive --redirect; then log_info "SSL certificate obtained successfully" # Копировать сертификаты в нашу директорию cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/my-network/ssl/ cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/my-network/ssl/ chown my-network:my-network /opt/my-network/ssl/* # Настроить автообновление echo "0 3 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx" | crontab - else log_warn "Failed to obtain SSL certificate, generating self-signed..." # Создать самоподписанный сертификат openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /opt/my-network/ssl/privkey.pem \ -out /opt/my-network/ssl/fullchain.pem \ -subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN" chown my-network:my-network /opt/my-network/ssl/* fi } # Создание docker-compose для продакшена create_docker_compose() { log_step "Creating production docker-compose..." cat > /opt/my-network/docker-compose.prod.yml << EOF version: '3.8' services: # MariaDB Database mariadb: image: mariadb:11.2 container_name: my-network-db restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: \${MYSQL_ROOT_PASSWORD:-root_password} MYSQL_DATABASE: mymusic MYSQL_USER: mymusic MYSQL_PASSWORD: \${MYSQL_PASSWORD:-mymusic_password} volumes: - /opt/my-network/data/mysql:/var/lib/mysql - /opt/my-network/storage:/Storage ports: - "127.0.0.1:$DB_PORT:3306" networks: - my-network healthcheck: test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] interval: 30s timeout: 10s retries: 5 # Redis Cache redis: image: redis:7-alpine container_name: my-network-redis restart: unless-stopped command: redis-server --appendonly yes volumes: - /opt/my-network/data/redis:/data ports: - "127.0.0.1:$REDIS_PORT:6379" networks: - my-network healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 30s timeout: 10s retries: 3 # MY Network Application my-network-app: build: context: /opt/my-network/app dockerfile: Dockerfile.prod container_name: my-network-app restart: unless-stopped environment: - ENVIRONMENT=production volumes: - /opt/my-network/app:/app - /opt/my-network/storage:/Storage - /opt/my-network/ssl:/ssl:ro - /var/log/my-network:/var/log/my-network ports: - "127.0.0.1:$APP_PORT:$APP_PORT" - "$((APP_PORT + 1)):$((APP_PORT + 1))" # P2P порт networks: - my-network depends_on: mariadb: condition: service_healthy redis: condition: service_healthy healthcheck: test: ["CMD", "curl", "-f", "http://localhost:$APP_PORT/health"] interval: 30s timeout: 10s retries: 3 networks: my-network: driver: bridge volumes: mysql_data: redis_data: EOF # Создать Dockerfile для продакшена cat > /opt/my-network/app/Dockerfile.prod << EOF FROM python:3.11-slim # Установить системные зависимости RUN apt-get update && apt-get install -y \\ gcc \\ g++ \\ libmariadb-dev \\ pkg-config \\ curl \\ && rm -rf /var/lib/apt/lists/* # Создать пользователя приложения RUN useradd -r -s /bin/false -d /app mynetwork # Установить зависимости Python WORKDIR /app COPY requirements_new.txt . RUN pip install --no-cache-dir -r requirements_new.txt # Копировать приложение COPY . . RUN chown -R mynetwork:mynetwork /app # Создать директории RUN mkdir -p /var/log/my-network && \\ chown mynetwork:mynetwork /var/log/my-network USER mynetwork # Порты EXPOSE $APP_PORT $((APP_PORT + 1)) # Команда запуска CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "$APP_PORT"] EOF log_info "Docker configuration created successfully" } # Создание systemd сервиса create_systemd_service() { log_step "Creating systemd service..." cat > /etc/systemd/system/my-network.service << EOF [Unit] Description=MY Network Distributed Protocol Service After=docker.service Requires=docker.service [Service] Type=oneshot RemainAfterExit=yes WorkingDirectory=/opt/my-network ExecStart=/usr/bin/docker-compose -f docker-compose.prod.yml up -d ExecStop=/usr/bin/docker-compose -f docker-compose.prod.yml down User=my-network Group=my-network [Install] WantedBy=multi-user.target EOF # Перезагрузить systemd и запустить сервис systemctl daemon-reload systemctl enable my-network log_info "Systemd service created successfully" } # Настройка мониторинга setup_monitoring() { log_step "Setting up monitoring..." # Создать скрипт проверки здоровья cat > /opt/my-network/health_check.sh << 'EOF' #!/bin/bash # MY Network Health Check Script DOMAIN="localhost" PORT="15100" LOG_FILE="/var/log/my-network/health.log" # Функция логирования log_message() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE } # Проверка HTTP эндпоинта check_http() { if curl -f -s "http://$DOMAIN:$PORT/health" > /dev/null; then return 0 else return 1 fi } # Проверка MY Network check_my_network() { if curl -f -s "http://$DOMAIN:$PORT/api/my/health" > /dev/null; then return 0 else return 1 fi } # Основная проверка if check_http && check_my_network; then log_message "Health check PASSED" exit 0 else log_message "Health check FAILED" # Попытаться перезапустить сервис systemctl restart my-network log_message "Service restart attempted" exit 1 fi EOF chmod +x /opt/my-network/health_check.sh chown my-network:my-network /opt/my-network/health_check.sh # Добавить в cron для мониторинга каждые 5 минут echo "*/5 * * * * /opt/my-network/health_check.sh" | crontab -u my-network - log_info "Monitoring configured successfully" } # Запуск всех сервисов start_services() { log_step "Starting all services..." # Запустить nginx systemctl enable nginx systemctl restart nginx # Запустить MY Network systemctl start my-network # Подождать запуска sleep 10 # Проверить статус if systemctl is-active --quiet my-network; then log_info "MY Network service is running" else log_error "MY Network service failed to start" systemctl status my-network exit 1 fi if systemctl is-active --quiet nginx; then log_info "Nginx service is running" else log_error "Nginx service failed to start" systemctl status nginx exit 1 fi } # Финальная информация print_summary() { echo -e "${GREEN}" cat << EOF ╔══════════════════════════════════════════════════════════════════════════════╗ ║ MY NETWORK DEPLOYMENT COMPLETED ║ ╚══════════════════════════════════════════════════════════════════════════════╝ 🌐 Web Interface: https://$DOMAIN 📊 Monitoring: https://$DOMAIN/api/my/monitor/ 🔧 API Documentation: https://$DOMAIN/api/docs ❤️ Health Check: https://$DOMAIN/health 📝 Configuration Files: • Application: /opt/my-network/app/.env • Nginx: /etc/nginx/sites-available/my-network • Docker: /opt/my-network/docker-compose.prod.yml • SSL: /opt/my-network/ssl/ 📋 Management Commands: • Start service: systemctl start my-network • Stop service: systemctl stop my-network • Restart service: systemctl restart my-network • View logs: journalctl -u my-network -f • Health check: /opt/my-network/health_check.sh 🔒 Security Features: ✅ SSL/TLS encryption ✅ Firewall configured ✅ Fail2ban protection ✅ Security headers ✅ Rate limiting 🚀 MY Network Features: ✅ Distributed content protocol ✅ P2P networking ✅ Content synchronization ✅ Load balancing ✅ Real-time monitoring The system is now ready for production use! EOF echo -e "${NC}" } # Главная функция main() { print_header log_info "Starting MY Network production deployment..." check_root check_os install_dependencies setup_firewall create_app_user setup_directories deploy_application setup_nginx setup_ssl create_docker_compose create_systemd_service setup_monitoring start_services print_summary log_info "Deployment completed successfully!" } # Запуск скрипта main "$@"