uploader-bot/deploy_local_production.sh

#!/bin/bash

# ===========================
# MY Network v2.0 Local Production Deployment Script
# For execution directly on my-public-node-3.projscale.dev as root
# ===========================

set -e

echo "=================================================="
echo "🚀 MY NETWORK v2.0 LOCAL PRODUCTION DEPLOYMENT"
echo "Running directly on: my-public-node-3.projscale.dev"
echo "=================================================="

# ===========================
# CONFIGURATION
# ===========================
PRODUCTION_HOST="my-public-node-3.projscale.dev"
MY_NETWORK_PORT="15100"
PROJECT_NAME="my-uploader-bot"
DOMAIN="my-public-node-3.projscale.dev"
INSTALL_DIR="/opt/$PROJECT_NAME"
CURRENT_DIR=$(pwd)

echo ""
echo "=== CONFIGURATION ==="
echo "Host: $PRODUCTION_HOST"
echo "MY Network Port: $MY_NETWORK_PORT"
echo "Domain: $DOMAIN"
echo "Install Directory: $INSTALL_DIR"
echo "Current Directory: $CURRENT_DIR"

# ===========================
# PRODUCTION .ENV GENERATION
# ===========================
echo ""
echo "=== 1. CREATING PRODUCTION .ENV ==="

cat > .env.production << EOF
# MY Network v2.0 Production Configuration
MY_NETWORK_VERSION=v2.0
MY_NETWORK_PORT=15100
MY_NETWORK_HOST=0.0.0.0

# Production Database
DATABASE_URL=sqlite+aiosqlite:///./data/my_network_production.db
DB_TYPE=sqlite

# Security (CHANGE THESE IN PRODUCTION!)
SECRET_KEY=$(openssl rand -hex 32)
JWT_SECRET=$(openssl rand -hex 32)

# API Configuration
API_VERSION=v1
DEBUG=false

# Bootstrap Configuration
BOOTSTRAP_CONFIG_PATH=bootstrap.json

# Monitoring
ENABLE_MONITORING=true
MONITORING_THEME=matrix

# Network Settings
MAX_PEERS=100
SYNC_INTERVAL=30
PEER_DISCOVERY_INTERVAL=60

# Production Settings
ENVIRONMENT=production
LOG_LEVEL=INFO
HOST_DOMAIN=$DOMAIN
EXTERNAL_URL=https://$DOMAIN

# SSL Configuration
SSL_ENABLED=true
SSL_CERT_PATH=/etc/letsencrypt/live/$DOMAIN/fullchain.pem
SSL_KEY_PATH=/etc/letsencrypt/live/$DOMAIN/privkey.pem
EOF

echo "✅ Production .env created"

# ===========================
# PRODUCTION BOOTSTRAP CONFIG
# ===========================
echo ""
echo "=== 2. CREATING PRODUCTION BOOTSTRAP CONFIG ==="

cat > bootstrap.production.json << EOF
{
  "network": {
    "name": "MY Network v2.0 Production",
    "version": "2.0",
    "protocol_version": "1.0",
    "port": 15100,
    "host": "0.0.0.0",
    "external_url": "https://$DOMAIN"
  },
  "bootstrap_nodes": [
    {
      "id": "main-bootstrap-node",
      "host": "$DOMAIN",
      "port": 15100,
      "public_key": "production-key-placeholder",
      "weight": 100,
      "priority": 1,
      "region": "global"
    }
  ],
  "security": {
    "encryption_enabled": true,
    "authentication_required": true,
    "ssl_enabled": true,
    "rate_limiting": {
      "requests_per_minute": 1000,
      "burst_size": 100
    }
  },
  "api": {
    "endpoints": {
      "health": "/health",
      "metrics": "/api/metrics",
      "monitor": "/api/my/monitor/",
      "websocket": "/api/my/monitor/ws",
      "sync": "/api/sync",
      "peers": "/api/peers"
    },
    "cors": {
      "enabled": true,
      "origins": ["https://$DOMAIN"]
    }
  },
  "monitoring": {
    "enabled": true,
    "theme": "matrix",
    "real_time_updates": true,
    "websocket_path": "/api/my/monitor/ws",
    "dashboard_path": "/api/my/monitor/",
    "metrics_enabled": true
  },
  "storage": {
    "type": "sqlite",
    "path": "./data/my_network_production.db",
    "backup_enabled": true,
    "backup_interval": 3600
  },
  "p2p": {
    "max_peers": 100,
    "sync_interval": 30,
    "discovery_interval": 60,
    "connection_timeout": 30,
    "keep_alive": true
  },
  "logging": {
    "level": "INFO",
    "file_path": "./logs/my_network_production.log",
    "max_size": "100MB",
    "backup_count": 5
  }
}
EOF

echo "✅ Production bootstrap config created"

# ===========================
# LOCAL DEPLOYMENT
# ===========================
echo ""
echo "=== 3. LOCAL DEPLOYMENT ==="

echo "📁 Creating production directories..."
mkdir -p $INSTALL_DIR/data $INSTALL_DIR/logs
chown -R root:root $INSTALL_DIR

echo "📤 Copying project files..."
# Stop if the service is running
if systemctl is-active --quiet my-network-v2; then
    echo "🛑 Stopping existing MY Network v2.0 service..."
    systemctl stop my-network-v2
fi

# Copy current directory to install location
if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then
    echo "   Copying from $CURRENT_DIR to $INSTALL_DIR..."
    cp -r $CURRENT_DIR/* $INSTALL_DIR/
    
    # Copy production configs
    cp .env.production $INSTALL_DIR/.env
    cp bootstrap.production.json $INSTALL_DIR/bootstrap.json
    
    cd $INSTALL_DIR
else
    echo "   Already in install directory"
    # Just copy production configs
    cp .env.production .env
    cp bootstrap.production.json bootstrap.json
fi

echo "✅ Project files copied"

echo ""
echo "🐳 Installing Docker and Docker Compose..."
# Update system
apt-get update -y
apt-get install -y curl wget unzip

# Install Docker
if ! command -v docker &> /dev/null; then
    echo "   Installing Docker..."
    curl -fsSL https://get.docker.com -o get-docker.sh
    sh get-docker.sh
    systemctl enable docker
    systemctl start docker
    rm -f get-docker.sh
else
    echo "   Docker already installed"
fi

# Install Docker Compose
if ! command -v docker-compose &> /dev/null; then
    echo "   Installing Docker Compose..."
    curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    chmod +x /usr/local/bin/docker-compose
else
    echo "   Docker Compose already installed"
fi

echo "✅ Docker installation completed"

echo ""
echo "🔥 Setting up firewall..."
# Install UFW if not present
apt-get install -y ufw

# Configure firewall
ufw --force reset
ufw default deny incoming
ufw default allow outgoing

# Allow essential ports
ufw allow 22/tcp    # SSH
ufw allow 80/tcp    # HTTP
ufw allow 443/tcp   # HTTPS
ufw allow $MY_NETWORK_PORT/tcp   # MY Network v2.0

# Enable firewall
ufw --force enable

echo "✅ Firewall configured"

echo ""
echo "🌐 Setting up Nginx..."
# Install Nginx
apt-get install -y nginx

# Create Nginx configuration
cat > /etc/nginx/sites-available/mynetwork << 'NGINX_EOF'
server {
    listen 80;
    server_name my-public-node-3.projscale.dev;
    
    # Redirect HTTP to HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name my-public-node-3.projscale.dev;
    
    # SSL Configuration (will be set up by Certbot)
    ssl_certificate /etc/letsencrypt/live/my-public-node-3.projscale.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/my-public-node-3.projscale.dev/privkey.pem;
    
    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    
    # MY Network v2.0 API
    location /api/ {
        proxy_pass http://localhost:15100/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    
    # Health check
    location /health {
        proxy_pass http://localhost:15100/health;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    
    # Matrix Monitoring Dashboard
    location /api/my/monitor/ {
        proxy_pass http://localhost:15100/api/my/monitor/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    
    # WebSocket for real-time monitoring
    location /api/my/monitor/ws {
        proxy_pass http://localhost:15100/api/my/monitor/ws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
}
NGINX_EOF

# Enable site
ln -sf /etc/nginx/sites-available/mynetwork /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default

# Test configuration
nginx -t

echo "✅ Nginx configured"

echo ""
echo "🔒 Setting up SSL with Let's Encrypt..."
# Install Certbot
apt-get install -y certbot python3-certbot-nginx

# Get SSL certificate (non-interactive)
if [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
    echo "   Obtaining SSL certificate..."
    certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email admin@$DOMAIN --redirect
else
    echo "   SSL certificate already exists"
fi

# Set up auto-renewal
crontab -l 2>/dev/null | { cat; echo '0 12 * * * /usr/bin/certbot renew --quiet'; } | crontab -

echo "✅ SSL certificate configured"

echo ""
echo "🚀 Deploying MY Network v2.0..."
cd $INSTALL_DIR

# Build and start containers
echo "   Building and starting containers..."
docker-compose --profile main-node up -d --build

echo "✅ MY Network v2.0 containers started"

echo ""
echo "📊 Creating systemd service..."
cat > /etc/systemd/system/my-network-v2.service << 'SERVICE_EOF'
[Unit]
Description=MY Network v2.0 Production Service
After=docker.service
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/my-uploader-bot
ExecStart=/usr/local/bin/docker-compose --profile main-node up -d
ExecStop=/usr/local/bin/docker-compose down
ExecReload=/usr/local/bin/docker-compose restart app
TimeoutStartSec=300
TimeoutStopSec=120
User=root
Environment="MY_NETWORK_PORT=15100"
Environment="MY_NETWORK_VERSION=v2.0"

[Install]
WantedBy=multi-user.target
SERVICE_EOF

systemctl daemon-reload
systemctl enable my-network-v2
systemctl start my-network-v2

echo "✅ SystemD service created and started"

echo ""
echo "🔄 Restarting Nginx..."
systemctl restart nginx

# ===========================
# FINAL VERIFICATION
# ===========================
echo ""
echo "=== 4. FINAL VERIFICATION ==="

echo "⏳ Waiting for services to start..."
sleep 30

echo "🔍 Testing endpoints..."
for endpoint in "https://$DOMAIN/health" "https://$DOMAIN/api/my/monitor/"; do
    if curl -f -s -k "$endpoint" > /dev/null; then
        echo "✅ $endpoint - OK"
    else
        echo "❌ $endpoint - FAILED"
    fi
done

echo ""
echo "📊 Service Status:"
echo "🐳 Docker containers:"
docker-compose ps

echo ""
echo "🔧 SystemD service:"
systemctl status my-network-v2 --no-pager -l

echo ""
echo "🌐 Nginx status:"
systemctl status nginx --no-pager -l

# ===========================
# DEPLOYMENT SUMMARY
# ===========================
echo ""
echo "=================================================="
echo "🎉 MY NETWORK v2.0 LOCAL PRODUCTION DEPLOYMENT COMPLETE!"
echo "=================================================="
echo ""
echo "🌐 Access Points:"
echo "   • Matrix Dashboard: https://$DOMAIN/api/my/monitor/"
echo "   • Health Check: https://$DOMAIN/health"
echo "   • WebSocket: wss://$DOMAIN/api/my/monitor/ws"
echo "   • API Docs: https://$DOMAIN:$MY_NETWORK_PORT/docs"
echo ""
echo "🛠️ Management Commands:"
echo "   • View logs: docker-compose -f $INSTALL_DIR/docker-compose.yml logs -f"
echo "   • Restart service: systemctl restart my-network-v2"
echo "   • Check status: systemctl status my-network-v2"
echo "   • Check containers: docker-compose ps"
echo ""
echo "🔒 Security:"
echo "   • SSL/TLS: Enabled with Let's Encrypt"
echo "   • Firewall: UFW configured for ports 22, 80, 443, $MY_NETWORK_PORT"
echo "   • Auto-renewal: SSL certificates will auto-renew"
echo ""
echo "✅ MY Network v2.0 is now live on production!"

# Cleanup local temporary files
if [ "$CURRENT_DIR" != "$INSTALL_DIR" ]; then
    cd $CURRENT_DIR
    rm -f .env.production bootstrap.production.json
fi

echo ""
echo "🧹 Cleanup completed"
echo "🚀 Local production deployment successful!"