508 lines
13 KiB
Bash
Executable File
508 lines
13 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# ===========================
|
|
# MY Network v2.0 - Main Bootstrap Node Deployment
|
|
# Target: my-public-node-3.projscale.dev
|
|
# Execution: Local on server as root (no SSH)
|
|
# ===========================
|
|
|
|
set -e
|
|
|
|
echo "==========================================================="
|
|
echo "🚀 MY NETWORK v2.0 - MAIN BOOTSTRAP NODE DEPLOYMENT"
|
|
echo "Target: my-public-node-3.projscale.dev"
|
|
echo "Components: web2-client + uploader-bot + converter-module"
|
|
echo "==========================================================="
|
|
|
|
# ===========================
|
|
# CONFIGURATION
|
|
# ===========================
|
|
DOMAIN="my-public-node-3.projscale.dev"
|
|
MY_NETWORK_PORT="15100"
|
|
WEB_CLIENT_PORT="3000"
|
|
CONVERTER_PORT="8080"
|
|
PROJECT_NAME="my-network-bootstrap"
|
|
INSTALL_DIR="/opt/$PROJECT_NAME"
|
|
CURRENT_DIR=$(pwd)
|
|
|
|
echo ""
|
|
echo "=== BOOTSTRAP NODE CONFIGURATION ==="
|
|
echo "Domain: $DOMAIN"
|
|
echo "MY Network Port: $MY_NETWORK_PORT"
|
|
echo "Web Client Port: $WEB_CLIENT_PORT"
|
|
echo "Converter Port: $CONVERTER_PORT"
|
|
echo "Install Directory: $INSTALL_DIR"
|
|
echo "Current Directory: $CURRENT_DIR"
|
|
|
|
# ===========================
|
|
# SYSTEM PREPARATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 1. SYSTEM PREPARATION ==="
|
|
|
|
echo "📦 Updating system packages..."
|
|
apt-get update -y
|
|
apt-get install -y curl wget unzip git nginx certbot python3-certbot-nginx ufw
|
|
|
|
echo "🐳 Installing Docker and Docker Compose..."
|
|
if ! command -v docker &> /dev/null; then
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
systemctl enable docker
|
|
systemctl start docker
|
|
rm -f get-docker.sh
|
|
fi
|
|
|
|
if ! command -v docker-compose &> /dev/null; then
|
|
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
chmod +x /usr/local/bin/docker-compose
|
|
fi
|
|
|
|
echo "✅ System preparation completed"
|
|
|
|
# ===========================
|
|
# PROJECT DEPLOYMENT
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 2. PROJECT DEPLOYMENT ==="
|
|
|
|
echo "📁 Creating project structure..."
|
|
mkdir -p $INSTALL_DIR/{data,logs,web2-client,converter-module}
|
|
|
|
echo "📤 Copying project files..."
|
|
if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then
|
|
cp -r $CURRENT_DIR/* $INSTALL_DIR/
|
|
cd $INSTALL_DIR
|
|
fi
|
|
|
|
echo "⚙️ Creating main bootstrap configuration..."
|
|
|
|
# Main Bootstrap .env
|
|
cat > $INSTALL_DIR/.env << EOF
|
|
# MY Network v2.0 - Main Bootstrap Node Configuration
|
|
MY_NETWORK_VERSION=v2.0
|
|
MY_NETWORK_PORT=$MY_NETWORK_PORT
|
|
MY_NETWORK_HOST=0.0.0.0
|
|
|
|
# Node Type
|
|
NODE_TYPE=main_bootstrap
|
|
BOOTSTRAP_NODE=true
|
|
PUBLIC_NODE=true
|
|
|
|
# Production Database
|
|
DATABASE_URL=sqlite+aiosqlite:///./data/my_network_main.db
|
|
DB_TYPE=sqlite
|
|
|
|
# Security
|
|
SECRET_KEY=$(openssl rand -hex 32)
|
|
JWT_SECRET=$(openssl rand -hex 32)
|
|
|
|
# API Configuration
|
|
API_VERSION=v1
|
|
DEBUG=false
|
|
|
|
# Bootstrap Configuration
|
|
BOOTSTRAP_CONFIG_PATH=bootstrap_main.json
|
|
|
|
# Monitoring
|
|
ENABLE_MONITORING=true
|
|
MONITORING_THEME=matrix
|
|
|
|
# Network Settings - Main Bootstrap
|
|
MAX_PEERS=500
|
|
SYNC_INTERVAL=15
|
|
PEER_DISCOVERY_INTERVAL=30
|
|
BOOTSTRAP_TIMEOUT=10
|
|
|
|
# Production Settings
|
|
ENVIRONMENT=production
|
|
LOG_LEVEL=INFO
|
|
HOST_DOMAIN=$DOMAIN
|
|
EXTERNAL_URL=https://$DOMAIN
|
|
|
|
# SSL Configuration
|
|
SSL_ENABLED=true
|
|
SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
|
|
SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem
|
|
|
|
# Web2 Client Configuration
|
|
WEB2_CLIENT_PORT=$WEB_CLIENT_PORT
|
|
WEB2_CLIENT_HOST=0.0.0.0
|
|
|
|
# Converter Module Configuration
|
|
CONVERTER_PORT=$CONVERTER_PORT
|
|
CONVERTER_HOST=0.0.0.0
|
|
|
|
# Telegram Bots (Main Bootstrap has both enabled)
|
|
TELEGRAM_BOT_TOKEN=YOUR_BOT_TOKEN_HERE
|
|
UPLOADER_BOT_TOKEN=YOUR_UPLOADER_BOT_TOKEN_HERE
|
|
EOF
|
|
|
|
# Main Bootstrap Config
|
|
cat > $INSTALL_DIR/bootstrap_main.json << EOF
|
|
{
|
|
"network": {
|
|
"name": "MY Network v2.0 Main Bootstrap",
|
|
"version": "2.0",
|
|
"protocol_version": "1.0",
|
|
"port": $MY_NETWORK_PORT,
|
|
"host": "0.0.0.0",
|
|
"external_url": "https://$DOMAIN",
|
|
"node_type": "main_bootstrap",
|
|
"is_bootstrap": true,
|
|
"is_public": true
|
|
},
|
|
"bootstrap_nodes": [
|
|
{
|
|
"id": "main-bootstrap-node",
|
|
"host": "$DOMAIN",
|
|
"port": $MY_NETWORK_PORT,
|
|
"public_key": "main-bootstrap-key",
|
|
"weight": 1000,
|
|
"priority": 1,
|
|
"region": "global",
|
|
"node_type": "main_bootstrap"
|
|
}
|
|
],
|
|
"security": {
|
|
"encryption_enabled": true,
|
|
"authentication_required": true,
|
|
"ssl_enabled": true,
|
|
"rate_limiting": {
|
|
"requests_per_minute": 2000,
|
|
"burst_size": 200
|
|
}
|
|
},
|
|
"api": {
|
|
"endpoints": {
|
|
"health": "/health",
|
|
"metrics": "/api/metrics",
|
|
"monitor": "/api/my/monitor/",
|
|
"websocket": "/api/my/monitor/ws",
|
|
"sync": "/api/sync",
|
|
"peers": "/api/peers",
|
|
"bootstrap": "/api/bootstrap",
|
|
"register": "/api/register"
|
|
},
|
|
"cors": {
|
|
"enabled": true,
|
|
"origins": ["https://$DOMAIN", "http://localhost:3000"]
|
|
}
|
|
},
|
|
"monitoring": {
|
|
"enabled": true,
|
|
"theme": "matrix",
|
|
"real_time_updates": true,
|
|
"websocket_path": "/api/my/monitor/ws",
|
|
"dashboard_path": "/api/my/monitor/",
|
|
"metrics_enabled": true,
|
|
"public_metrics": true
|
|
},
|
|
"storage": {
|
|
"type": "sqlite",
|
|
"path": "./data/my_network_main.db",
|
|
"backup_enabled": true,
|
|
"backup_interval": 1800
|
|
},
|
|
"p2p": {
|
|
"max_peers": 500,
|
|
"sync_interval": 15,
|
|
"discovery_interval": 30,
|
|
"connection_timeout": 30,
|
|
"keep_alive": true,
|
|
"bootstrap_timeout": 10
|
|
},
|
|
"logging": {
|
|
"level": "INFO",
|
|
"file_path": "./logs/my_network_main.log",
|
|
"max_size": "500MB",
|
|
"backup_count": 10
|
|
},
|
|
"services": {
|
|
"web2_client": {
|
|
"enabled": true,
|
|
"port": $WEB_CLIENT_PORT,
|
|
"host": "0.0.0.0"
|
|
},
|
|
"converter": {
|
|
"enabled": true,
|
|
"port": $CONVERTER_PORT,
|
|
"host": "0.0.0.0"
|
|
},
|
|
"telegram_bots": {
|
|
"enabled": true,
|
|
"client_bot": true,
|
|
"uploader_bot": true
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Docker Compose for Main Bootstrap (только MY Network)
|
|
cat > $INSTALL_DIR/docker-compose.yml << EOF
|
|
version: '3.8'
|
|
|
|
services:
|
|
# MY Network v2.0 Core
|
|
my-network:
|
|
build: .
|
|
container_name: my-network-main
|
|
restart: unless-stopped
|
|
ports:
|
|
- "$MY_NETWORK_PORT:$MY_NETWORK_PORT"
|
|
volumes:
|
|
- ./data:/app/data
|
|
- ./logs:/app/logs
|
|
- ./.env:/app/.env
|
|
- ./bootstrap_main.json:/app/bootstrap.json
|
|
environment:
|
|
- NODE_TYPE=main_bootstrap
|
|
- BOOTSTRAP_NODE=true
|
|
networks:
|
|
- mynetwork
|
|
|
|
networks:
|
|
mynetwork:
|
|
driver: bridge
|
|
EOF
|
|
|
|
echo "✅ Project deployment completed"
|
|
|
|
# ===========================
|
|
# FIREWALL CONFIGURATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 3. FIREWALL CONFIGURATION ==="
|
|
|
|
echo "🔥 Configuring UFW firewall..."
|
|
ufw --force reset
|
|
ufw default deny incoming
|
|
ufw default allow outgoing
|
|
|
|
# Essential ports
|
|
ufw allow 22/tcp # SSH
|
|
ufw allow 80/tcp # HTTP
|
|
ufw allow 443/tcp # HTTPS
|
|
ufw allow $MY_NETWORK_PORT/tcp # MY Network
|
|
|
|
ufw --force enable
|
|
|
|
echo "✅ Firewall configured"
|
|
|
|
# ===========================
|
|
# NGINX CONFIGURATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 4. NGINX CONFIGURATION ==="
|
|
|
|
echo "🌐 Creating Nginx configuration..."
|
|
cat > /etc/nginx/sites-available/my-network-main << EOF
|
|
# MY Network v2.0 Main Bootstrap Node Configuration
|
|
|
|
server {
|
|
listen 80;
|
|
server_name $DOMAIN;
|
|
return 301 https://\$server_name\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name $DOMAIN;
|
|
|
|
# SSL Configuration
|
|
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
# Default location - MY Network API
|
|
location / {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
|
|
# MY Network v2.0 API
|
|
location /api/ {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
|
|
# Health check
|
|
location /health {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/health;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
}
|
|
|
|
# Matrix Monitoring Dashboard
|
|
location /monitor/ {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
}
|
|
|
|
# WebSocket for real-time monitoring
|
|
location /ws/monitor {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/ws;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host \$host;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Enable site
|
|
ln -sf /etc/nginx/sites-available/my-network-main /etc/nginx/sites-enabled/
|
|
rm -f /etc/nginx/sites-enabled/default
|
|
|
|
# Test configuration
|
|
nginx -t
|
|
|
|
echo "✅ Nginx configured"
|
|
|
|
# ===========================
|
|
# SSL CERTIFICATE
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 5. SSL CERTIFICATE ==="
|
|
|
|
echo "🔒 Obtaining SSL certificate..."
|
|
if [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
|
|
certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect
|
|
else
|
|
echo " SSL certificate already exists"
|
|
fi
|
|
|
|
# Set up auto-renewal
|
|
crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab -
|
|
|
|
echo "✅ SSL certificate configured"
|
|
|
|
# ===========================
|
|
# CONTAINER DEPLOYMENT
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 6. CONTAINER DEPLOYMENT ==="
|
|
|
|
echo "🚀 Building and starting containers..."
|
|
cd $INSTALL_DIR
|
|
|
|
# Stop existing services
|
|
if systemctl is-active --quiet my-network-main; then
|
|
systemctl stop my-network-main
|
|
fi
|
|
|
|
# Build and start containers
|
|
docker-compose down 2>/dev/null || true
|
|
docker-compose up -d --build
|
|
|
|
echo "✅ Containers deployed"
|
|
|
|
# ===========================
|
|
# SYSTEMD SERVICE
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 7. SYSTEMD SERVICE ==="
|
|
|
|
echo "📊 Creating systemd service..."
|
|
cat > /etc/systemd/system/my-network-main.service << EOF
|
|
[Unit]
|
|
Description=MY Network v2.0 Main Bootstrap Node
|
|
After=docker.service network.target
|
|
Requires=docker.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
WorkingDirectory=$INSTALL_DIR
|
|
ExecStart=/usr/local/bin/docker-compose up -d
|
|
ExecStop=/usr/local/bin/docker-compose down
|
|
ExecReload=/usr/local/bin/docker-compose restart
|
|
TimeoutStartSec=300
|
|
TimeoutStopSec=120
|
|
User=root
|
|
Environment="COMPOSE_PROJECT_NAME=my-network-main"
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable my-network-main
|
|
systemctl start my-network-main
|
|
|
|
echo "✅ SystemD service created"
|
|
|
|
# ===========================
|
|
# FINAL VERIFICATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 8. FINAL VERIFICATION ==="
|
|
|
|
echo "⏳ Waiting for services to start..."
|
|
sleep 30
|
|
|
|
echo "🔍 Testing endpoints..."
|
|
systemctl restart nginx
|
|
|
|
endpoints=(
|
|
"https://$DOMAIN/health"
|
|
"https://$DOMAIN/api/bootstrap"
|
|
"https://$DOMAIN/monitor/"
|
|
)
|
|
|
|
for endpoint in "${endpoints[@]}"; do
|
|
if curl -f -s -k "$endpoint" > /dev/null 2>&1; then
|
|
echo "✅ $endpoint - OK"
|
|
else
|
|
echo "❌ $endpoint - FAILED"
|
|
fi
|
|
done
|
|
|
|
# ===========================
|
|
# DEPLOYMENT SUMMARY
|
|
# ===========================
|
|
echo ""
|
|
echo "============================================================="
|
|
echo "🎉 MY NETWORK v2.0 MAIN BOOTSTRAP NODE DEPLOYMENT COMPLETE!"
|
|
echo "============================================================="
|
|
echo ""
|
|
echo "🌐 Main Access Points:"
|
|
echo " • Matrix Dashboard: https://$DOMAIN/monitor/"
|
|
echo " • Health Check: https://$DOMAIN/health"
|
|
echo " • Bootstrap API: https://$DOMAIN/api/bootstrap"
|
|
echo " • WebSocket: wss://$DOMAIN/ws/monitor"
|
|
echo " • API Docs: https://$DOMAIN/api/docs"
|
|
echo ""
|
|
echo "🔧 Service Ports:"
|
|
echo " • MY Network: $MY_NETWORK_PORT"
|
|
echo ""
|
|
echo "🛠️ Management Commands:"
|
|
echo " • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f"
|
|
echo " • Restart: systemctl restart my-network-main"
|
|
echo " • Status: systemctl status my-network-main"
|
|
echo " • Containers: docker-compose ps"
|
|
echo ""
|
|
echo "🔒 Security:"
|
|
echo " • SSL/TLS: Enabled with Let's Encrypt"
|
|
echo " • Firewall: UFW configured"
|
|
echo " • Auto-renewal: SSL certificates will auto-renew"
|
|
echo ""
|
|
echo "📝 Configuration Files:"
|
|
echo " • Main config: $INSTALL_DIR/bootstrap_main.json"
|
|
echo " • Environment: $INSTALL_DIR/.env"
|
|
echo " • Docker: $INSTALL_DIR/docker-compose.yml"
|
|
echo ""
|
|
echo "✅ Main Bootstrap Node is live and ready to accept connections!"
|
|
echo "🌐 Other nodes can now connect to: https://$DOMAIN/api/bootstrap" |