4nk/4NK_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
4NK_node/scripts/deploy_first_install_with_certs.sh

64 lines
2.4 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
set -euo pipefail
# Déploiement initial A→Z avec certificats Lets Encrypt (webroot)
# Usage: ./scripts/deploy_first_install_with_certs.sh --domain dev4.4nkweb.com --email admin@example.com [--skip-ui]
ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
DOMAIN=""
EMAIL=""
BUILD_UI=1
while [[ $# -gt 0 ]]; do
case "$1" in
--domain) DOMAIN="$2"; shift 2;;
--email) EMAIL="$2"; shift 2;;
--skip-ui) BUILD_UI=0; shift;;
*) echo "Option inconnue: $1" >&2; exit 2;;
esac
done
if [[ -z "$DOMAIN" || -z "$EMAIL" ]]; then
echo "Erreur: --domain et --email sont requis" >&2
exit 2
fi
echo "[1/8] Préparation des dossiers (acme/letsencrypt/certs)"
mkdir -p "$ROOT_DIR/acme/.well-known/acme-challenge" \
"$ROOT_DIR/letsencrypt" \
"$ROOT_DIR/letsencrypt_lib" \
"$ROOT_DIR/certs"
chmod -R 755 "$ROOT_DIR/acme"
echo "[2/8] Optionnel: build UI locale (ihm_client/dist)"
if [[ $BUILD_UI -eq 1 && -x "$ROOT_DIR/scripts/build_ui_local.sh" ]]; then
( cd "$ROOT_DIR" && ./scripts/build_ui_local.sh ) || true
fi
echo "[3/8] Démarrage du reverse proxy pour le challenge ACME"
docker compose -f "$ROOT_DIR/docker-compose.yml" up -d --no-deps reverse_proxy
echo "[4/8] Émission du certificat (Lets Encrypt, webroot) pour $DOMAIN"
docker run --rm \
-v "$ROOT_DIR/acme:/var/www/certbot" \
-v "$ROOT_DIR/letsencrypt:/etc/letsencrypt" \
-v "$ROOT_DIR/letsencrypt_lib:/var/lib/letsencrypt" \
certbot/certbot certonly --webroot -w /var/www/certbot -d "$DOMAIN" --email "$EMAIL" --agree-tos --non-interactive
echo "[5/8] Installation des fichiers de cert dans ./certs"
install -m 0644 "$ROOT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem" "$ROOT_DIR/certs/server.crt"
install -m 0600 "$ROOT_DIR/letsencrypt/live/$DOMAIN/privkey.pem" "$ROOT_DIR/certs/server.key"
echo "[6/8] Démarrage complet de linfrastructure (build si nécessaire)"
docker compose -f "$ROOT_DIR/docker-compose.yml" up -d --build
echo "[7/8] Mise en place du renouvellement automatique (cron 03:00)"
chmod +x "$ROOT_DIR/scripts/renew_certs.sh" || true
(sudo crontab -l 2>/dev/null; echo "0 3 * * * $ROOT_DIR/scripts/renew_certs.sh >> $ROOT_DIR/logs/cert_renew.log 2>&1") | sudo crontab -
echo "[8/8] Vérifications rapides"
curl -skI "https://$DOMAIN" | head -n 1 || true
curl -skI "https://$DOMAIN/signer/health" | head -n 1 || true
echo "Déploiement initial terminé. Domaine: https://$DOMAIN"
Reference in New Issue View Git Blame Copy Permalink