my-dev
/
uploader-bot
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uploader-bot/setup_ssl_for_domain.sh

204 lines
6.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Настройка SSL для конкретного домена my-public-node-3.projscale.dev
set -e
DOMAIN="my-public-node-3.projscale.dev"
echo "🔒 НАСТРОЙКА SSL ДЛЯ $DOMAIN"
# Проверка что приложение работает
echo ""
echo "=== 1. ПРОВЕРКА ПРИЛОЖЕНИЯ ==="
if timeout 5 curl -s http://localhost:15100/health > /dev/null 2>&1; then
echo "✅ Приложение работает на порту 15100"
else
echo "❌ Приложение НЕ работает на порту 15100!"
echo "Сначала исправьте приложение:"
echo "chmod +x fix_app_restart.sh && ./fix_app_restart.sh"
exit 1
fi
# Создание конфигурации для домена (без SSL)
echo ""
echo "=== 2. НАСТРОЙКА NGINX ДЛЯ ДОМЕНА ==="
sudo tee /etc/nginx/sites-available/default > /dev/null << EOF
server {
listen 80;
server_name $DOMAIN;
client_max_body_size 100M;
# Let's Encrypt challenge
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location /api/ {
proxy_pass http://127.0.0.1:15100/api/;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location /health {
proxy_pass http://127.0.0.1:15100/health;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
}
location / {
proxy_pass http://127.0.0.1:15100/;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
# Тестирование и перезагрузка nginx
echo "🧪 Тестирование nginx..."
if sudo nginx -t; then
sudo systemctl reload nginx
echo "✅ Nginx перезагружен"
else
echo "❌ Ошибка nginx!"
exit 1
fi
# Создание директории для Let's Encrypt
sudo mkdir -p /var/www/html/.well-known/acme-challenge/
sudo chown -R www-data:www-data /var/www/html/
# Получение SSL сертификата
echo ""
echo "=== 3. ПОЛУЧЕНИЕ SSL СЕРТИФИКАТА ==="
echo "🔒 Получение сертификата для $DOMAIN..."
if sudo certbot certonly --webroot \
-w /var/www/html \
--non-interactive \
--agree-tos \
--email admin@$DOMAIN \
--domains $DOMAIN; then
echo "✅ SSL сертификат получен!"
else
echo "❌ Ошибка получения SSL!"
echo "Проверьте что домен $DOMAIN направлен на этот сервер"
exit 1
fi
# Создание HTTPS конфигурации
echo ""
echo "=== 4. НАСТРОЙКА HTTPS ==="
sudo tee /etc/nginx/sites-available/default > /dev/null << EOF
# HTTP -> HTTPS redirect
server {
listen 80;
server_name $DOMAIN;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://\$server_name\$request_uri;
}
}
# HTTPS server
server {
listen 443 ssl http2;
server_name $DOMAIN;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
# SSL Security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
client_max_body_size 100M;
location /api/ {
proxy_pass http://127.0.0.1:15100/api/;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location /health {
proxy_pass http://127.0.0.1:15100/health;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
location / {
proxy_pass http://127.0.0.1:15100/;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
EOF
# Финальное тестирование
echo "🧪 Финальное тестирование nginx..."
if sudo nginx -t; then
sudo systemctl reload nginx
echo "✅ HTTPS настроен!"
else
echo "❌ Ошибка HTTPS конфигурации!"
exit 1
fi
# Настройка автообновления
echo ""
echo "=== 5. АВТООБНОВЛЕНИЕ ==="
sudo tee /etc/cron.d/certbot-renew > /dev/null << EOF
0 12 * * * root certbot renew --quiet --nginx --post-hook "systemctl reload nginx"
EOF
echo "✅ Автообновление настроено"
# Тестирование
echo ""
echo "=== 6. ФИНАЛЬНОЕ ТЕСТИРОВАНИЕ ==="
sleep 5
echo "🧪 Тестирование HTTPS..."
if timeout 10 curl -s https://$DOMAIN/health > /dev/null 2>&1; then
echo "✅ HTTPS работает: https://$DOMAIN/health"
else
echo "⚠️ HTTPS может быть недоступен (подождите несколько минут)"
fi
if timeout 10 curl -s https://$DOMAIN/api/health > /dev/null 2>&1; then
echo "✅ API работает: https://$DOMAIN/api/health"
else
echo "⚠️ API может быть недоступен"
fi
echo ""
echo "🎉 SSL НАСТРОЕН ДЛЯ $DOMAIN!"
echo ""
echo "🌐 Ваш сайт:"
echo "https://$DOMAIN"
echo "https://$DOMAIN/api/health"
Reference in New Issue View Git Blame Copy Permalink