#!/bin/bash # =========================== # MY Network v2.0 - Main Bootstrap Node Deployment # Target: my-public-node-3.projscale.dev # Execution: Local on server as root (no SSH) # =========================== set -e echo "===========================================================" echo "🚀 MY NETWORK v2.0 - MAIN BOOTSTRAP NODE DEPLOYMENT" echo "Target: my-public-node-3.projscale.dev" echo "Components: web2-client + uploader-bot + converter-module" echo "===========================================================" # =========================== # CONFIGURATION # =========================== DOMAIN="my-public-node-3.projscale.dev" MY_NETWORK_PORT="15100" WEB_CLIENT_PORT="3000" CONVERTER_PORT="8080" PROJECT_NAME="my-network-bootstrap" INSTALL_DIR="/opt/$PROJECT_NAME" CURRENT_DIR=$(pwd) echo "" echo "=== BOOTSTRAP NODE CONFIGURATION ===" echo "Domain: $DOMAIN" echo "MY Network Port: $MY_NETWORK_PORT" echo "Web Client Port: $WEB_CLIENT_PORT" echo "Converter Port: $CONVERTER_PORT" echo "Install Directory: $INSTALL_DIR" echo "Current Directory: $CURRENT_DIR" # =========================== # SYSTEM PREPARATION # =========================== echo "" echo "=== 1. SYSTEM PREPARATION ===" echo "📦 Updating system packages..." apt-get update -y apt-get install -y curl wget unzip git nginx certbot python3-certbot-nginx ufw echo "🐳 Installing Docker and Docker Compose..." if ! command -v docker &> /dev/null; then curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh systemctl enable docker systemctl start docker rm -f get-docker.sh fi if ! command -v docker-compose &> /dev/null; then curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose fi echo "✅ System preparation completed" # =========================== # PROJECT DEPLOYMENT # =========================== echo "" echo "=== 2. PROJECT DEPLOYMENT ===" echo "📁 Creating project structure..." mkdir -p $INSTALL_DIR/{data,logs,web2-client,converter-module} echo "📤 Copying project files..." if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then cp -r $CURRENT_DIR/* $INSTALL_DIR/ cd $INSTALL_DIR fi echo "⚙️ Creating main bootstrap configuration..." # Main Bootstrap .env cat > $INSTALL_DIR/.env << EOF # MY Network v2.0 - Main Bootstrap Node Configuration MY_NETWORK_VERSION=v2.0 MY_NETWORK_PORT=$MY_NETWORK_PORT MY_NETWORK_HOST=0.0.0.0 # Node Type NODE_TYPE=main_bootstrap BOOTSTRAP_NODE=true PUBLIC_NODE=true # Production Database DATABASE_URL=sqlite+aiosqlite:///./data/my_network_main.db DB_TYPE=sqlite # Security SECRET_KEY=$(openssl rand -hex 32) JWT_SECRET=$(openssl rand -hex 32) # API Configuration API_VERSION=v1 DEBUG=false # Bootstrap Configuration BOOTSTRAP_CONFIG_PATH=bootstrap_main.json # Monitoring ENABLE_MONITORING=true MONITORING_THEME=matrix # Network Settings - Main Bootstrap MAX_PEERS=500 SYNC_INTERVAL=15 PEER_DISCOVERY_INTERVAL=30 BOOTSTRAP_TIMEOUT=10 # Production Settings ENVIRONMENT=production LOG_LEVEL=INFO HOST_DOMAIN=$DOMAIN EXTERNAL_URL=https://$DOMAIN # SSL Configuration SSL_ENABLED=true SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem # Web2 Client Configuration WEB2_CLIENT_PORT=$WEB_CLIENT_PORT WEB2_CLIENT_HOST=0.0.0.0 # Converter Module Configuration CONVERTER_PORT=$CONVERTER_PORT CONVERTER_HOST=0.0.0.0 # Telegram Bots (Main Bootstrap has both enabled) TELEGRAM_BOT_TOKEN=YOUR_BOT_TOKEN_HERE UPLOADER_BOT_TOKEN=YOUR_UPLOADER_BOT_TOKEN_HERE EOF # Main Bootstrap Config cat > $INSTALL_DIR/bootstrap_main.json << EOF { "network": { "name": "MY Network v2.0 Main Bootstrap", "version": "2.0", "protocol_version": "1.0", "port": $MY_NETWORK_PORT, "host": "0.0.0.0", "external_url": "https://$DOMAIN", "node_type": "main_bootstrap", "is_bootstrap": true, "is_public": true }, "bootstrap_nodes": [ { "id": "main-bootstrap-node", "host": "$DOMAIN", "port": $MY_NETWORK_PORT, "public_key": "main-bootstrap-key", "weight": 1000, "priority": 1, "region": "global", "node_type": "main_bootstrap" } ], "security": { "encryption_enabled": true, "authentication_required": true, "ssl_enabled": true, "rate_limiting": { "requests_per_minute": 2000, "burst_size": 200 } }, "api": { "endpoints": { "health": "/health", "metrics": "/api/metrics", "monitor": "/api/my/monitor/", "websocket": "/api/my/monitor/ws", "sync": "/api/sync", "peers": "/api/peers", "bootstrap": "/api/bootstrap", "register": "/api/register" }, "cors": { "enabled": true, "origins": ["https://$DOMAIN", "http://localhost:3000"] } }, "monitoring": { "enabled": true, "theme": "matrix", "real_time_updates": true, "websocket_path": "/api/my/monitor/ws", "dashboard_path": "/api/my/monitor/", "metrics_enabled": true, "public_metrics": true }, "storage": { "type": "sqlite", "path": "./data/my_network_main.db", "backup_enabled": true, "backup_interval": 1800 }, "p2p": { "max_peers": 500, "sync_interval": 15, "discovery_interval": 30, "connection_timeout": 30, "keep_alive": true, "bootstrap_timeout": 10 }, "logging": { "level": "INFO", "file_path": "./logs/my_network_main.log", "max_size": "500MB", "backup_count": 10 }, "services": { "web2_client": { "enabled": true, "port": $WEB_CLIENT_PORT, "host": "0.0.0.0" }, "converter": { "enabled": true, "port": $CONVERTER_PORT, "host": "0.0.0.0" }, "telegram_bots": { "enabled": true, "client_bot": true, "uploader_bot": true } } } EOF # Docker Compose for Main Bootstrap cat > $INSTALL_DIR/docker-compose.yml << EOF version: '3.8' services: # MY Network v2.0 Core my-network: build: . container_name: my-network-main restart: unless-stopped ports: - "$MY_NETWORK_PORT:$MY_NETWORK_PORT" volumes: - ./data:/app/data - ./logs:/app/logs - ./.env:/app/.env - ./bootstrap_main.json:/app/bootstrap.json environment: - NODE_TYPE=main_bootstrap - BOOTSTRAP_NODE=true networks: - mynetwork depends_on: - web2-client - converter # Web2 Client web2-client: build: ./web2-client container_name: web2-client-main restart: unless-stopped ports: - "$WEB_CLIENT_PORT:3000" environment: - NEXT_PUBLIC_API_URL=https://$DOMAIN - NEXT_PUBLIC_WS_URL=wss://$DOMAIN networks: - mynetwork # Converter Module converter: build: ./converter-module container_name: converter-main restart: unless-stopped ports: - "$CONVERTER_PORT:8080" volumes: - ./data/converter:/app/data networks: - mynetwork networks: mynetwork: driver: bridge EOF echo "✅ Project deployment completed" # =========================== # FIREWALL CONFIGURATION # =========================== echo "" echo "=== 3. FIREWALL CONFIGURATION ===" echo "🔥 Configuring UFW firewall..." ufw --force reset ufw default deny incoming ufw default allow outgoing # Essential ports ufw allow 22/tcp # SSH ufw allow 80/tcp # HTTP ufw allow 443/tcp # HTTPS ufw allow $MY_NETWORK_PORT/tcp # MY Network ufw allow $WEB_CLIENT_PORT/tcp # Web Client ufw allow $CONVERTER_PORT/tcp # Converter ufw --force enable echo "✅ Firewall configured" # =========================== # NGINX CONFIGURATION # =========================== echo "" echo "=== 4. NGINX CONFIGURATION ===" echo "🌐 Creating Nginx configuration..." cat > /etc/nginx/sites-available/my-network-main << EOF # MY Network v2.0 Main Bootstrap Node Configuration server { listen 80; server_name $DOMAIN; return 301 https://\$server_name\$request_uri; } server { listen 443 ssl http2; server_name $DOMAIN; # SSL Configuration ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Main web interface (Web2 Client) location / { proxy_pass http://localhost:$WEB_CLIENT_PORT; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } # MY Network v2.0 API location /api/ { proxy_pass http://localhost:$MY_NETWORK_PORT/api/; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } # Health check location /health { proxy_pass http://localhost:$MY_NETWORK_PORT/health; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; } # Matrix Monitoring Dashboard location /monitor/ { proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; } # WebSocket for real-time monitoring location /ws/monitor { proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/ws; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; } # Converter API location /convert/ { proxy_pass http://localhost:$CONVERTER_PORT/; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; } } EOF # Enable site ln -sf /etc/nginx/sites-available/my-network-main /etc/nginx/sites-enabled/ rm -f /etc/nginx/sites-enabled/default # Test configuration nginx -t echo "✅ Nginx configured" # =========================== # SSL CERTIFICATE # =========================== echo "" echo "=== 5. SSL CERTIFICATE ===" echo "🔒 Obtaining SSL certificate..." if [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect else echo " SSL certificate already exists" fi # Set up auto-renewal crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab - echo "✅ SSL certificate configured" # =========================== # CONTAINER DEPLOYMENT # =========================== echo "" echo "=== 6. CONTAINER DEPLOYMENT ===" echo "🚀 Building and starting containers..." cd $INSTALL_DIR # Stop existing services if systemctl is-active --quiet my-network-main; then systemctl stop my-network-main fi # Build and start containers docker-compose down 2>/dev/null || true docker-compose up -d --build echo "✅ Containers deployed" # =========================== # SYSTEMD SERVICE # =========================== echo "" echo "=== 7. SYSTEMD SERVICE ===" echo "📊 Creating systemd service..." cat > /etc/systemd/system/my-network-main.service << EOF [Unit] Description=MY Network v2.0 Main Bootstrap Node After=docker.service network.target Requires=docker.service [Service] Type=oneshot RemainAfterExit=yes WorkingDirectory=$INSTALL_DIR ExecStart=/usr/local/bin/docker-compose up -d ExecStop=/usr/local/bin/docker-compose down ExecReload=/usr/local/bin/docker-compose restart TimeoutStartSec=300 TimeoutStopSec=120 User=root Environment="COMPOSE_PROJECT_NAME=my-network-main" [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable my-network-main systemctl start my-network-main echo "✅ SystemD service created" # =========================== # FINAL VERIFICATION # =========================== echo "" echo "=== 8. FINAL VERIFICATION ===" echo "⏳ Waiting for services to start..." sleep 30 echo "🔍 Testing endpoints..." systemctl restart nginx endpoints=( "https://$DOMAIN/health" "https://$DOMAIN/api/bootstrap" "https://$DOMAIN/monitor/" "https://$DOMAIN/" ) for endpoint in "${endpoints[@]}"; do if curl -f -s -k "$endpoint" > /dev/null 2>&1; then echo "✅ $endpoint - OK" else echo "❌ $endpoint - FAILED" fi done # =========================== # DEPLOYMENT SUMMARY # =========================== echo "" echo "=============================================================" echo "🎉 MY NETWORK v2.0 MAIN BOOTSTRAP NODE DEPLOYMENT COMPLETE!" echo "=============================================================" echo "" echo "🌐 Main Access Points:" echo " • Web Interface: https://$DOMAIN/" echo " • Matrix Dashboard: https://$DOMAIN/monitor/" echo " • Health Check: https://$DOMAIN/health" echo " • Bootstrap API: https://$DOMAIN/api/bootstrap" echo " • WebSocket: wss://$DOMAIN/ws/monitor" echo " • API Docs: https://$DOMAIN/api/docs" echo "" echo "🔧 Service Ports:" echo " • MY Network: $MY_NETWORK_PORT" echo " • Web Client: $WEB_CLIENT_PORT" echo " • Converter: $CONVERTER_PORT" echo "" echo "🛠️ Management Commands:" echo " • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f" echo " • Restart: systemctl restart my-network-main" echo " • Status: systemctl status my-network-main" echo " • Containers: docker-compose ps" echo "" echo "🔒 Security:" echo " • SSL/TLS: Enabled with Let's Encrypt" echo " • Firewall: UFW configured" echo " • Auto-renewal: SSL certificates will auto-renew" echo "" echo "📝 Configuration Files:" echo " • Main config: $INSTALL_DIR/bootstrap_main.json" echo " • Environment: $INSTALL_DIR/.env" echo " • Docker: $INSTALL_DIR/docker-compose.yml" echo "" echo "✅ Main Bootstrap Node is live and ready to accept connections!" echo "🌐 Other nodes can now connect to: https://$DOMAIN/api/bootstrap"