427 lines
11 KiB
Bash
427 lines
11 KiB
Bash
#!/bin/bash
|
|
|
|
# ===========================
|
|
# MY Network v2.0 Production Deployment Script
|
|
# Target: my-public-node-3.projscale.dev
|
|
# ===========================
|
|
|
|
set -e
|
|
|
|
echo "=================================================="
|
|
echo "🚀 MY NETWORK v2.0 PRODUCTION DEPLOYMENT"
|
|
echo "Target: my-public-node-3.projscale.dev"
|
|
echo "=================================================="
|
|
|
|
# ===========================
|
|
# CONFIGURATION
|
|
# ===========================
|
|
PRODUCTION_HOST="my-public-node-3.projscale.dev"
|
|
PRODUCTION_USER="root"
|
|
PRODUCTION_PORT="22"
|
|
MY_NETWORK_PORT="15100"
|
|
PROJECT_NAME="my-uploader-bot"
|
|
DOMAIN="my-public-node-3.projscale.dev"
|
|
|
|
echo ""
|
|
echo "=== CONFIGURATION ==="
|
|
echo "Host: $PRODUCTION_HOST"
|
|
echo "User: $PRODUCTION_USER"
|
|
echo "MY Network Port: $MY_NETWORK_PORT"
|
|
echo "Domain: $DOMAIN"
|
|
|
|
# ===========================
|
|
# PRODUCTION .ENV GENERATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 1. CREATING PRODUCTION .ENV ==="
|
|
|
|
cat > .env.production << EOF
|
|
# MY Network v2.0 Production Configuration
|
|
MY_NETWORK_VERSION=v2.0
|
|
MY_NETWORK_PORT=15100
|
|
MY_NETWORK_HOST=0.0.0.0
|
|
|
|
# Production Database
|
|
DATABASE_URL=sqlite+aiosqlite:///./data/my_network_production.db
|
|
DB_TYPE=sqlite
|
|
|
|
# Security (CHANGE THESE IN PRODUCTION!)
|
|
SECRET_KEY=$(openssl rand -hex 32)
|
|
JWT_SECRET=$(openssl rand -hex 32)
|
|
|
|
# API Configuration
|
|
API_VERSION=v1
|
|
DEBUG=false
|
|
|
|
# Bootstrap Configuration
|
|
BOOTSTRAP_CONFIG_PATH=bootstrap.json
|
|
|
|
# Monitoring
|
|
ENABLE_MONITORING=true
|
|
MONITORING_THEME=matrix
|
|
|
|
# Network Settings
|
|
MAX_PEERS=100
|
|
SYNC_INTERVAL=30
|
|
PEER_DISCOVERY_INTERVAL=60
|
|
|
|
# Production Settings
|
|
ENVIRONMENT=production
|
|
LOG_LEVEL=INFO
|
|
HOST_DOMAIN=$DOMAIN
|
|
EXTERNAL_URL=https://$DOMAIN
|
|
|
|
# SSL Configuration
|
|
SSL_ENABLED=true
|
|
SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
|
|
SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem
|
|
EOF
|
|
|
|
echo "✅ Production .env created"
|
|
|
|
# ===========================
|
|
# PRODUCTION BOOTSTRAP CONFIG
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 2. CREATING PRODUCTION BOOTSTRAP CONFIG ==="
|
|
|
|
cat > bootstrap.production.json << EOF
|
|
{
|
|
"network": {
|
|
"name": "MY Network v2.0 Production",
|
|
"version": "2.0",
|
|
"protocol_version": "1.0",
|
|
"port": 15100,
|
|
"host": "0.0.0.0",
|
|
"external_url": "https://$DOMAIN"
|
|
},
|
|
"bootstrap_nodes": [
|
|
{
|
|
"id": "main-bootstrap-node",
|
|
"host": "$DOMAIN",
|
|
"port": 15100,
|
|
"public_key": "production-key-placeholder",
|
|
"weight": 100,
|
|
"priority": 1,
|
|
"region": "global"
|
|
}
|
|
],
|
|
"security": {
|
|
"encryption_enabled": true,
|
|
"authentication_required": true,
|
|
"ssl_enabled": true,
|
|
"rate_limiting": {
|
|
"requests_per_minute": 1000,
|
|
"burst_size": 100
|
|
}
|
|
},
|
|
"api": {
|
|
"endpoints": {
|
|
"health": "/health",
|
|
"metrics": "/api/metrics",
|
|
"monitor": "/api/my/monitor/",
|
|
"websocket": "/api/my/monitor/ws",
|
|
"sync": "/api/sync",
|
|
"peers": "/api/peers"
|
|
},
|
|
"cors": {
|
|
"enabled": true,
|
|
"origins": ["https://$DOMAIN"]
|
|
}
|
|
},
|
|
"monitoring": {
|
|
"enabled": true,
|
|
"theme": "matrix",
|
|
"real_time_updates": true,
|
|
"websocket_path": "/api/my/monitor/ws",
|
|
"dashboard_path": "/api/my/monitor/",
|
|
"metrics_enabled": true
|
|
},
|
|
"storage": {
|
|
"type": "sqlite",
|
|
"path": "./data/my_network_production.db",
|
|
"backup_enabled": true,
|
|
"backup_interval": 3600
|
|
},
|
|
"p2p": {
|
|
"max_peers": 100,
|
|
"sync_interval": 30,
|
|
"discovery_interval": 60,
|
|
"connection_timeout": 30,
|
|
"keep_alive": true
|
|
},
|
|
"logging": {
|
|
"level": "INFO",
|
|
"file_path": "./logs/my_network_production.log",
|
|
"max_size": "100MB",
|
|
"backup_count": 5
|
|
}
|
|
}
|
|
EOF
|
|
|
|
echo "✅ Production bootstrap config created"
|
|
|
|
# ===========================
|
|
# DEPLOYMENT COMMANDS
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 3. DEPLOYMENT COMMANDS ==="
|
|
|
|
echo "🔑 Testing SSH connection..."
|
|
if ssh -o ConnectTimeout=10 -o BatchMode=yes $PRODUCTION_USER@$PRODUCTION_HOST 'echo "SSH connection successful"' 2>/dev/null; then
|
|
echo "✅ SSH connection successful"
|
|
else
|
|
echo "❌ SSH connection failed. Please check:"
|
|
echo " - SSH key is loaded: ssh-add -l"
|
|
echo " - Server is accessible: ping $PRODUCTION_HOST"
|
|
echo " - User has access: ssh $PRODUCTION_USER@$PRODUCTION_HOST"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "📁 Creating remote directories..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
mkdir -p /opt/$PROJECT_NAME/data /opt/$PROJECT_NAME/logs
|
|
chown -R root:root /opt/$PROJECT_NAME
|
|
"
|
|
|
|
echo ""
|
|
echo "📤 Uploading files..."
|
|
# Upload project files
|
|
scp -r . $PRODUCTION_USER@$PRODUCTION_HOST:/opt/$PROJECT_NAME/
|
|
|
|
# Upload production configs
|
|
scp .env.production $PRODUCTION_USER@$PRODUCTION_HOST:/opt/$PROJECT_NAME/.env
|
|
scp bootstrap.production.json $PRODUCTION_USER@$PRODUCTION_HOST:/opt/$PROJECT_NAME/bootstrap.json
|
|
|
|
echo ""
|
|
echo "🐳 Installing Docker and Docker Compose on remote server..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
# Update system
|
|
apt-get update -y
|
|
apt-get install -y curl wget unzip
|
|
|
|
# Install Docker
|
|
if ! command -v docker &> /dev/null; then
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
systemctl enable docker
|
|
systemctl start docker
|
|
fi
|
|
|
|
# Install Docker Compose
|
|
if ! command -v docker-compose &> /dev/null; then
|
|
curl -L \"https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose
|
|
chmod +x /usr/local/bin/docker-compose
|
|
fi
|
|
|
|
echo '✅ Docker installation completed'
|
|
"
|
|
|
|
echo ""
|
|
echo "🔥 Setting up firewall..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
# Install UFW if not present
|
|
apt-get install -y ufw
|
|
|
|
# Configure firewall
|
|
ufw --force reset
|
|
ufw default deny incoming
|
|
ufw default allow outgoing
|
|
|
|
# Allow essential ports
|
|
ufw allow 22/tcp # SSH
|
|
ufw allow 80/tcp # HTTP
|
|
ufw allow 443/tcp # HTTPS
|
|
ufw allow $MY_NETWORK_PORT/tcp # MY Network v2.0
|
|
|
|
# Enable firewall
|
|
ufw --force enable
|
|
|
|
echo '✅ Firewall configured'
|
|
"
|
|
|
|
echo ""
|
|
echo "🌐 Setting up Nginx..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
# Install Nginx
|
|
apt-get install -y nginx
|
|
|
|
# Create Nginx configuration
|
|
cat > /etc/nginx/sites-available/mynetwork << 'NGINX_EOF'
|
|
server {
|
|
listen 80;
|
|
server_name $DOMAIN;
|
|
|
|
# Redirect HTTP to HTTPS
|
|
location / {
|
|
return 301 https://\$server_name\$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name $DOMAIN;
|
|
|
|
# SSL Configuration (will be set up by Certbot)
|
|
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection \"1; mode=block\";
|
|
|
|
# MY Network v2.0 API
|
|
location /api/ {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
|
|
# Health check
|
|
location /health {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/health;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
}
|
|
|
|
# Matrix Monitoring Dashboard
|
|
location /api/my/monitor/ {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
}
|
|
|
|
# WebSocket for real-time monitoring
|
|
location /api/my/monitor/ws {
|
|
proxy_pass http://localhost:$MY_NETWORK_PORT/api/my/monitor/ws;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection \"upgrade\";
|
|
proxy_set_header Host \$host;
|
|
}
|
|
}
|
|
NGINX_EOF
|
|
|
|
# Enable site
|
|
ln -sf /etc/nginx/sites-available/mynetwork /etc/nginx/sites-enabled/
|
|
rm -f /etc/nginx/sites-enabled/default
|
|
|
|
# Test configuration
|
|
nginx -t
|
|
|
|
echo '✅ Nginx configured'
|
|
"
|
|
|
|
echo ""
|
|
echo "🔒 Setting up SSL with Let's Encrypt..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
# Install Certbot
|
|
apt-get install -y certbot python3-certbot-nginx
|
|
|
|
# Get SSL certificate
|
|
certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect
|
|
|
|
# Set up auto-renewal
|
|
crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab -
|
|
|
|
echo '✅ SSL certificate obtained'
|
|
"
|
|
|
|
echo ""
|
|
echo "🚀 Deploying MY Network v2.0..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
cd /opt/$PROJECT_NAME
|
|
|
|
# Build and start containers
|
|
docker-compose --profile main-node up -d --build
|
|
|
|
echo '✅ MY Network v2.0 containers started'
|
|
"
|
|
|
|
echo ""
|
|
echo "📊 Creating systemd service..."
|
|
ssh $PRODUCTION_USER@$PRODUCTION_HOST "
|
|
cat > /etc/systemd/system/my-network-v2.service << 'SERVICE_EOF'
|
|
[Unit]
|
|
Description=MY Network v2.0 Production Service
|
|
After=docker.service
|
|
Requires=docker.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
WorkingDirectory=/opt/$PROJECT_NAME
|
|
ExecStart=/usr/bin/docker-compose --profile main-node up -d
|
|
ExecStop=/usr/bin/docker-compose down
|
|
ExecReload=/usr/bin/docker-compose restart app
|
|
TimeoutStartSec=300
|
|
TimeoutStopSec=120
|
|
User=root
|
|
Environment=\"MY_NETWORK_PORT=$MY_NETWORK_PORT\"
|
|
Environment=\"MY_NETWORK_VERSION=v2.0\"
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
SERVICE_EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable my-network-v2
|
|
systemctl start my-network-v2
|
|
|
|
echo '✅ SystemD service created and started'
|
|
"
|
|
|
|
# ===========================
|
|
# FINAL VERIFICATION
|
|
# ===========================
|
|
echo ""
|
|
echo "=== 4. FINAL VERIFICATION ==="
|
|
|
|
echo "⏳ Waiting for services to start..."
|
|
sleep 30
|
|
|
|
echo "🔍 Testing endpoints..."
|
|
for endpoint in "https://$DOMAIN/health" "https://$DOMAIN/api/my/monitor/"; do
|
|
if curl -f -s -k "$endpoint" > /dev/null; then
|
|
echo "✅ $endpoint - OK"
|
|
else
|
|
echo "❌ $endpoint - FAILED"
|
|
fi
|
|
done
|
|
|
|
# ===========================
|
|
# DEPLOYMENT SUMMARY
|
|
# ===========================
|
|
echo ""
|
|
echo "=================================================="
|
|
echo "🎉 MY NETWORK v2.0 PRODUCTION DEPLOYMENT COMPLETE!"
|
|
echo "=================================================="
|
|
echo ""
|
|
echo "🌐 Access Points:"
|
|
echo " • Matrix Dashboard: https://$DOMAIN/api/my/monitor/"
|
|
echo " • Health Check: https://$DOMAIN/health"
|
|
echo " • WebSocket: wss://$DOMAIN/api/my/monitor/ws"
|
|
echo " • API Docs: https://$DOMAIN:$MY_NETWORK_PORT/docs"
|
|
echo ""
|
|
echo "🛠️ Management Commands:"
|
|
echo " • View logs: ssh $PRODUCTION_USER@$PRODUCTION_HOST 'docker-compose -f /opt/$PROJECT_NAME/docker-compose.yml logs -f'"
|
|
echo " • Restart service: ssh $PRODUCTION_USER@$PRODUCTION_HOST 'systemctl restart my-network-v2'"
|
|
echo " • Check status: ssh $PRODUCTION_USER@$PRODUCTION_HOST 'systemctl status my-network-v2'"
|
|
echo ""
|
|
echo "🔒 Security:"
|
|
echo " • SSL/TLS: Enabled with Let's Encrypt"
|
|
echo " • Firewall: UFW configured for ports 22, 80, 443, $MY_NETWORK_PORT"
|
|
echo " • Auto-renewal: SSL certificates will auto-renew"
|
|
echo ""
|
|
echo "✅ MY Network v2.0 is now live on production!"
|
|
|
|
# Cleanup local temporary files
|
|
rm -f .env.production bootstrap.production.json
|
|
|
|
echo ""
|
|
echo "🧹 Cleanup completed"
|
|
echo "🚀 Production deployment successful!" |