my-dev
/
uploader-bot
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uploader-bot/scripts/deploy_my_network.sh

718 lines
20 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# MY Network Production Deployment Script
# Скрипт для развертывания MY Network с nginx, SSL и полной инфраструктурой
set -e # Выход при ошибке
# Цвета для вывода
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# ASCII Art заставка
print_header() {
echo -e "${CYAN}"
cat << "EOF"
╔══════════════════════════════════════════════════════════════════════════════╗
║ MY NETWORK v2.0 ║
║ Production Deployment Script ║
║ Distributed Content Protocol Installer ║
╚══════════════════════════════════════════════════════════════════════════════╝
EOF
echo -e "${NC}"
}
# Логирование
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
# Конфигурационные переменные
DOMAIN=${DOMAIN:-"my-network.local"}
EMAIL=${EMAIL:-"admin@${DOMAIN}"}
HTTP_PORT=${HTTP_PORT:-80}
HTTPS_PORT=${HTTPS_PORT:-443}
APP_PORT=${APP_PORT:-15100}
REDIS_PORT=${REDIS_PORT:-6379}
DB_PORT=${DB_PORT:-3306}
# Проверка прав root
check_root() {
if [[ $EUID -ne 0 ]]; then
log_error "This script must be run as root"
exit 1
fi
}
# Проверка операционной системы
check_os() {
log_step "Checking operating system..."
if [[ -f /etc/os-release ]]; then
. /etc/os-release
OS=$NAME
VER=$VERSION_ID
log_info "Detected OS: $OS $VER"
else
log_error "Cannot detect operating system"
exit 1
fi
}
# Установка зависимостей
install_dependencies() {
log_step "Installing system dependencies..."
if [[ "$OS" == *"Ubuntu"* ]] || [[ "$OS" == *"Debian"* ]]; then
apt update
apt install -y \
nginx \
certbot \
python3-certbot-nginx \
docker.io \
docker-compose \
curl \
wget \
git \
htop \
ufw \
fail2ban
elif [[ "$OS" == *"CentOS"* ]] || [[ "$OS" == *"Red Hat"* ]]; then
yum update -y
yum install -y \
nginx \
certbot \
python3-certbot-nginx \
docker \
docker-compose \
curl \
wget \
git \
htop \
firewalld
else
log_warn "Unsupported OS, attempting generic installation..."
fi
# Запустить Docker
systemctl enable docker
systemctl start docker
log_info "Dependencies installed successfully"
}
# Настройка файрвола
setup_firewall() {
log_step "Configuring firewall..."
if command -v ufw &> /dev/null; then
# Ubuntu/Debian firewall
ufw --force reset
ufw default deny incoming
ufw default allow outgoing
# Разрешить SSH
ufw allow 22/tcp
# Разрешить HTTP/HTTPS
ufw allow $HTTP_PORT/tcp
ufw allow $HTTPS_PORT/tcp
# Разрешить порт приложения
ufw allow $APP_PORT/tcp
# MY Network P2P порты
ufw allow 8000:8010/tcp
ufw allow 8000:8010/udp
ufw --force enable
elif command -v firewall-cmd &> /dev/null; then
# CentOS/RHEL firewall
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=$APP_PORT/tcp
firewall-cmd --permanent --add-port=8000-8010/tcp
firewall-cmd --permanent --add-port=8000-8010/udp
firewall-cmd --reload
fi
log_info "Firewall configured successfully"
}
# Создание пользователя для приложения
create_app_user() {
log_step "Creating application user..."
if ! id "my-network" &>/dev/null; then
useradd -r -s /bin/false -d /opt/my-network -m my-network
usermod -aG docker my-network
log_info "User 'my-network' created"
else
log_info "User 'my-network' already exists"
fi
}
# Настройка директорий
setup_directories() {
log_step "Setting up directories..."
# Создать основные директории
mkdir -p /opt/my-network/{app,data,logs,storage,config,ssl}
mkdir -p /var/log/my-network
# Создать директории для хранения
mkdir -p /opt/my-network/storage/{uploads,previews,encrypted,my-network}
# Права доступа
chown -R my-network:my-network /opt/my-network
chown -R my-network:my-network /var/log/my-network
chmod 755 /opt/my-network
chmod 750 /opt/my-network/config
chmod 700 /opt/my-network/ssl
log_info "Directories configured successfully"
}
# Копирование файлов приложения
deploy_application() {
log_step "Deploying MY Network application..."
# Копировать исходники
cp -r . /opt/my-network/app/
# Установить права
chown -R my-network:my-network /opt/my-network/app
# Создать .env файл для продакшена
cat > /opt/my-network/app/.env << EOF
# MY Network Production Configuration
PROJECT_NAME=MY-Network
PROJECT_VERSION=2.0.0
DEBUG=False
ENVIRONMENT=production
# Database Configuration
DATABASE_URL=mysql://mymusic:mymusic_password@localhost:$DB_PORT/mymusic
DATABASE_POOL_SIZE=20
DATABASE_MAX_OVERFLOW=30
# Redis Configuration
REDIS_URL=redis://localhost:$REDIS_PORT/0
REDIS_PASSWORD=
# Application Settings
SECRET_KEY=$(openssl rand -hex 32)
MAX_FILE_SIZE=5368709120
STORAGE_PATH=/opt/my-network/storage
# MY Network Settings
MY_NETWORK_ENABLED=True
MY_NETWORK_NODE_ID=$(uuidgen)
MY_NETWORK_BOOTSTRAP_NODES=[]
MY_NETWORK_P2P_PORT=8001
MY_NETWORK_API_PORT=$APP_PORT
# SSL Settings
SSL_ENABLED=True
SSL_CERT_PATH=/opt/my-network/ssl/fullchain.pem
SSL_KEY_PATH=/opt/my-network/ssl/privkey.pem
# Logging
LOG_LEVEL=INFO
LOG_FILE=/var/log/my-network/app.log
# Monitoring
METRICS_ENABLED=True
PROMETHEUS_PORT=9090
EOF
log_info "Application deployed successfully"
}
# Настройка nginx
setup_nginx() {
log_step "Configuring nginx..."
# Создать конфигурацию nginx
cat > /etc/nginx/sites-available/my-network << EOF
# MY Network Nginx Configuration
upstream my_network_backend {
server 127.0.0.1:$APP_PORT;
keepalive 32;
}
# HTTP -> HTTPS redirect
server {
listen $HTTP_PORT;
server_name $DOMAIN;
# Для Let's Encrypt challenge
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Редирект на HTTPS
location / {
return 301 https://\$server_name\$request_uri;
}
}
# HTTPS сервер
server {
listen $HTTPS_PORT ssl http2;
server_name $DOMAIN;
# SSL сертификаты
ssl_certificate /opt/my-network/ssl/fullchain.pem;
ssl_certificate_key /opt/my-network/ssl/privkey.pem;
# SSL настройки
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Безопасность
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Основное приложение
location / {
proxy_pass http://my_network_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_cache_bypass \$http_upgrade;
proxy_read_timeout 86400;
# Ограничения
client_max_body_size 5G;
proxy_request_buffering off;
}
# MY Network мониторинг
location /api/my/monitor/ {
proxy_pass http://my_network_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host \$host;
proxy_cache_bypass \$http_upgrade;
# Разрешить для всех
allow all;
}
# Статические файлы
location /static/ {
alias /opt/my-network/storage/static/;
expires 30d;
add_header Cache-Control "public, immutable";
}
# Логи
access_log /var/log/nginx/my-network-access.log;
error_log /var/log/nginx/my-network-error.log;
}
EOF
# Включить сайт
ln -sf /etc/nginx/sites-available/my-network /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
# Проверить конфигурацию
nginx -t
log_info "Nginx configured successfully"
}
# Получение SSL сертификата
setup_ssl() {
log_step "Setting up SSL certificate..."
# Запустить nginx для получения сертификата
systemctl start nginx
# Получить сертификат Let's Encrypt
if certbot --nginx -d $DOMAIN --email $EMAIL --agree-tos --non-interactive --redirect; then
log_info "SSL certificate obtained successfully"
# Копировать сертификаты в нашу директорию
cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/my-network/ssl/
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/my-network/ssl/
chown my-network:my-network /opt/my-network/ssl/*
# Настроить автообновление
echo "0 3 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx" | crontab -
else
log_warn "Failed to obtain SSL certificate, generating self-signed..."
# Создать самоподписанный сертификат
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /opt/my-network/ssl/privkey.pem \
-out /opt/my-network/ssl/fullchain.pem \
-subj "/C=US/ST=State/L=City/O=Organization/CN=$DOMAIN"
chown my-network:my-network /opt/my-network/ssl/*
fi
}
# Создание docker-compose для продакшена
create_docker_compose() {
log_step "Creating production docker-compose..."
cat > /opt/my-network/docker-compose.prod.yml << EOF
version: '3.8'
services:
# MariaDB Database
mariadb:
image: mariadb:11.2
container_name: my-network-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: \${MYSQL_ROOT_PASSWORD:-root_password}
MYSQL_DATABASE: mymusic
MYSQL_USER: mymusic
MYSQL_PASSWORD: \${MYSQL_PASSWORD:-mymusic_password}
volumes:
- /opt/my-network/data/mysql:/var/lib/mysql
- /opt/my-network/storage:/Storage
ports:
- "127.0.0.1:$DB_PORT:3306"
networks:
- my-network
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 30s
timeout: 10s
retries: 5
# Redis Cache
redis:
image: redis:7-alpine
container_name: my-network-redis
restart: unless-stopped
command: redis-server --appendonly yes
volumes:
- /opt/my-network/data/redis:/data
ports:
- "127.0.0.1:$REDIS_PORT:6379"
networks:
- my-network
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
# MY Network Application
my-network-app:
build:
context: /opt/my-network/app
dockerfile: Dockerfile.prod
container_name: my-network-app
restart: unless-stopped
environment:
- ENVIRONMENT=production
volumes:
- /opt/my-network/app:/app
- /opt/my-network/storage:/Storage
- /opt/my-network/ssl:/ssl:ro
- /var/log/my-network:/var/log/my-network
ports:
- "127.0.0.1:$APP_PORT:$APP_PORT"
- "$((APP_PORT + 1)):$((APP_PORT + 1))" # P2P порт
networks:
- my-network
depends_on:
mariadb:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:$APP_PORT/health"]
interval: 30s
timeout: 10s
retries: 3
networks:
my-network:
driver: bridge
volumes:
mysql_data:
redis_data:
EOF
# Создать Dockerfile для продакшена
cat > /opt/my-network/app/Dockerfile.prod << EOF
FROM python:3.11-slim
# Установить системные зависимости
RUN apt-get update && apt-get install -y \\
gcc \\
g++ \\
libmariadb-dev \\
pkg-config \\
curl \\
&& rm -rf /var/lib/apt/lists/*
# Создать пользователя приложения
RUN useradd -r -s /bin/false -d /app mynetwork
# Установить зависимости Python
WORKDIR /app
COPY requirements_new.txt .
RUN pip install --no-cache-dir -r requirements_new.txt
# Копировать приложение
COPY . .
RUN chown -R mynetwork:mynetwork /app
# Создать директории
RUN mkdir -p /var/log/my-network && \\
chown mynetwork:mynetwork /var/log/my-network
USER mynetwork
# Порты
EXPOSE $APP_PORT $((APP_PORT + 1))
# Команда запуска
CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "$APP_PORT"]
EOF
log_info "Docker configuration created successfully"
}
# Создание systemd сервиса
create_systemd_service() {
log_step "Creating systemd service..."
cat > /etc/systemd/system/my-network.service << EOF
[Unit]
Description=MY Network Distributed Protocol Service
After=docker.service
Requires=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/my-network
ExecStart=/usr/bin/docker-compose -f docker-compose.prod.yml up -d
ExecStop=/usr/bin/docker-compose -f docker-compose.prod.yml down
User=my-network
Group=my-network
[Install]
WantedBy=multi-user.target
EOF
# Перезагрузить systemd и запустить сервис
systemctl daemon-reload
systemctl enable my-network
log_info "Systemd service created successfully"
}
# Настройка мониторинга
setup_monitoring() {
log_step "Setting up monitoring..."
# Создать скрипт проверки здоровья
cat > /opt/my-network/health_check.sh << 'EOF'
#!/bin/bash
# MY Network Health Check Script
DOMAIN="localhost"
PORT="15100"
LOG_FILE="/var/log/my-network/health.log"
# Функция логирования
log_message() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}
# Проверка HTTP эндпоинта
check_http() {
if curl -f -s "http://$DOMAIN:$PORT/health" > /dev/null; then
return 0
else
return 1
fi
}
# Проверка MY Network
check_my_network() {
if curl -f -s "http://$DOMAIN:$PORT/api/my/health" > /dev/null; then
return 0
else
return 1
fi
}
# Основная проверка
if check_http && check_my_network; then
log_message "Health check PASSED"
exit 0
else
log_message "Health check FAILED"
# Попытаться перезапустить сервис
systemctl restart my-network
log_message "Service restart attempted"
exit 1
fi
EOF
chmod +x /opt/my-network/health_check.sh
chown my-network:my-network /opt/my-network/health_check.sh
# Добавить в cron для мониторинга каждые 5 минут
echo "*/5 * * * * /opt/my-network/health_check.sh" | crontab -u my-network -
log_info "Monitoring configured successfully"
}
# Запуск всех сервисов
start_services() {
log_step "Starting all services..."
# Запустить nginx
systemctl enable nginx
systemctl restart nginx
# Запустить MY Network
systemctl start my-network
# Подождать запуска
sleep 10
# Проверить статус
if systemctl is-active --quiet my-network; then
log_info "MY Network service is running"
else
log_error "MY Network service failed to start"
systemctl status my-network
exit 1
fi
if systemctl is-active --quiet nginx; then
log_info "Nginx service is running"
else
log_error "Nginx service failed to start"
systemctl status nginx
exit 1
fi
}
# Финальная информация
print_summary() {
echo -e "${GREEN}"
cat << EOF
╔══════════════════════════════════════════════════════════════════════════════╗
║ MY NETWORK DEPLOYMENT COMPLETED ║
╚══════════════════════════════════════════════════════════════════════════════╝
🌐 Web Interface: https://$DOMAIN
📊 Monitoring: https://$DOMAIN/api/my/monitor/
🔧 API Documentation: https://$DOMAIN/api/docs
❤️ Health Check: https://$DOMAIN/health
📝 Configuration Files:
• Application: /opt/my-network/app/.env
• Nginx: /etc/nginx/sites-available/my-network
• Docker: /opt/my-network/docker-compose.prod.yml
• SSL: /opt/my-network/ssl/
📋 Management Commands:
• Start service: systemctl start my-network
• Stop service: systemctl stop my-network
• Restart service: systemctl restart my-network
• View logs: journalctl -u my-network -f
• Health check: /opt/my-network/health_check.sh
🔒 Security Features:
✅ SSL/TLS encryption
✅ Firewall configured
✅ Fail2ban protection
✅ Security headers
✅ Rate limiting
🚀 MY Network Features:
✅ Distributed content protocol
✅ P2P networking
✅ Content synchronization
✅ Load balancing
✅ Real-time monitoring
The system is now ready for production use!
EOF
echo -e "${NC}"
}
# Главная функция
main() {
print_header
log_info "Starting MY Network production deployment..."
check_root
check_os
install_dependencies
setup_firewall
create_app_user
setup_directories
deploy_application
setup_nginx
setup_ssl
create_docker_compose
create_systemd_service
setup_monitoring
start_services
print_summary
log_info "Deployment completed successfully!"
}
# Запуск скрипта
main "$@"
Reference in New Issue View Git Blame Copy Permalink