#!/bin/bash # Script de configuration Nginx pour les sous-domaines certificator.4nkweb.com # Usage: ./configure-nginx-proxy.sh set -e PROXY_HOST="192.168.1.100" PROXY_USER="ncantu" NGINX_SITES_AVAILABLE="/etc/nginx/sites-available" NGINX_SITES_ENABLED="/etc/nginx/sites-enabled" CERTBOT_BIN="/usr/bin/certbot" echo "=== Configuration Nginx pour certificator.4nkweb.com ===" echo "" # Vérifier que nous sommes sur le proxy ou que nous pouvons y accéder # Note: Le script peut être exécuté localement ou via SSH CURRENT_IP=$(hostname -I 2>/dev/null | awk '{print $1}' || echo "") if [ "$CURRENT_IP" != "192.168.1.100" ] && [ -z "$SSH_CONNECTION" ]; then echo "ℹ️ Ce script peut être exécuté sur le proxy (192.168.1.100)" echo " Ou via SSH: ssh ${PROXY_USER}@${PROXY_HOST} 'sudo bash -s' < $0" echo "" fi # Vérifier les permissions (sudo disponible pour ncantu) if [ "$EUID" -ne 0 ]; then if command -v sudo &> /dev/null && sudo -n true 2>/dev/null; then echo "✅ Utilisation de sudo (droits non interactifs)" # Le script continuera avec sudo pour les commandes nécessitant root else echo "⚠️ Ce script nécessite les permissions root pour configurer Nginx" echo " Utilisez: sudo $0" exit 1 fi fi # Fonction pour exécuter les commandes nécessitant root SUDO_CMD="" if [ "$EUID" -ne 0 ]; then SUDO_CMD="sudo" fi echo "✅ Vérification de Nginx..." # Vérifier Nginx (peut être dans /usr/sbin/nginx) NGINX_BIN="" if command -v nginx &> /dev/null; then NGINX_BIN="nginx" elif [ -f /usr/sbin/nginx ]; then NGINX_BIN="/usr/sbin/nginx" elif [ -f /usr/bin/nginx ]; then NGINX_BIN="/usr/bin/nginx" else echo "❌ Nginx n'est pas installé" exit 1 fi echo " Nginx trouvé: ${NGINX_BIN}" echo "✅ Vérification de Certbot..." # Vérifier Certbot (peut être dans /usr/bin/certbot) CERTBOT_BIN="" if command -v certbot &> /dev/null; then CERTBOT_BIN="certbot" elif [ -f /usr/bin/certbot ]; then CERTBOT_BIN="/usr/bin/certbot" else echo "⚠️ Certbot n'est pas installé. Installation..." ${SUDO_CMD} apt-get update ${SUDO_CMD} apt-get install -y certbot python3-certbot-nginx CERTBOT_BIN="certbot" fi echo " Certbot trouvé: ${CERTBOT_BIN}" # Créer les configurations Nginx pour chaque sous-domaine # 1. Dashboard (port 3020) echo "" echo "📝 Configuration de dashboard.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/dashboard.certificator.4nkweb.com" > /dev/null << 'EOF' # Dashboard Bitcoin Signet server { listen 80; server_name dashboard.certificator.4nkweb.com; # Logs access_log /var/log/nginx/dashboard.certificator.4nkweb.com.access.log; error_log /var/log/nginx/dashboard.certificator.4nkweb.com.error.log; # Proxy vers le service Node.js (port 3020) # Note: Les services tournent sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3020; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 2. Faucet (port 3021) echo "📝 Configuration de faucet.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/faucet.certificator.4nkweb.com" > /dev/null << 'EOF' # API Faucet Bitcoin Signet server { listen 80; server_name faucet.certificator.4nkweb.com; # Logs access_log /var/log/nginx/faucet.certificator.4nkweb.com.access.log; error_log /var/log/nginx/faucet.certificator.4nkweb.com.error.log; # Proxy vers le service Node.js (port 3021) # Note: Les services tournent sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3021; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 3. Anchorage (port 3010) echo "📝 Configuration de anchorage.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/anchorage.certificator.4nkweb.com" > /dev/null << 'EOF' # API Anchorage Bitcoin Signet server { listen 80; server_name anchorage.certificator.4nkweb.com; # Logs access_log /var/log/nginx/anchorage.certificator.4nkweb.com.access.log; error_log /var/log/nginx/anchorage.certificator.4nkweb.com.error.log; # Proxy vers le service Node.js (port 3010) # Note: Les services tournent sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 4. Watermark (port 3022) echo "📝 Configuration de watermark.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/watermark.certificator.4nkweb.com" > /dev/null << 'EOF' # API Watermark Bitcoin Signet server { listen 80; server_name watermark.certificator.4nkweb.com; # Logs access_log /var/log/nginx/watermark.certificator.4nkweb.com.access.log; error_log /var/log/nginx/watermark.certificator.4nkweb.com.error.log; # Proxy vers le service Node.js (port 3022) # Note: Les services tournent sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3022; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 5. UserWallet (port 3018) echo "📝 Configuration de userwallet.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/userwallet.certificator.4nkweb.com" > /dev/null << 'EOF' # UserWallet frontend (Vite) server { listen 80; server_name userwallet.certificator.4nkweb.com; # Logs access_log /var/log/nginx/userwallet.certificator.4nkweb.com.access.log; error_log /var/log/nginx/userwallet.certificator.4nkweb.com.error.log; # Proxy vers le frontend UserWallet (port 3018) sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3018; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 6. Website skeleton (port 3024) echo "📝 Configuration de skeleton.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/skeleton.certificator.4nkweb.com" > /dev/null << 'EOF' # Website skeleton (UserWallet iframe) server { listen 80; server_name skeleton.certificator.4nkweb.com; access_log /var/log/nginx/skeleton.certificator.4nkweb.com.access.log; error_log /var/log/nginx/skeleton.certificator.4nkweb.com.error.log; location / { proxy_pass http://192.168.1.105:3024; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # 7. Relay / api-relay (port 3019) echo "📝 Configuration de relay.certificator.4nkweb.com..." ${SUDO_CMD} tee "${NGINX_SITES_AVAILABLE}/relay.certificator.4nkweb.com" > /dev/null << 'EOF' # API Relay (UserWallet) server { listen 80; server_name relay.certificator.4nkweb.com; # Logs access_log /var/log/nginx/relay.certificator.4nkweb.com.access.log; error_log /var/log/nginx/relay.certificator.4nkweb.com.error.log; # Proxy vers api-relay (port 3019) sur 192.168.1.105 location / { proxy_pass http://192.168.1.105:3019; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; } } EOF # Activer les sites echo "" echo "🔗 Activation des sites..." ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/dashboard.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/dashboard.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/faucet.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/faucet.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/anchorage.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/anchorage.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/watermark.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/watermark.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/userwallet.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/userwallet.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/skeleton.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/skeleton.certificator.4nkweb.com" ${SUDO_CMD} ln -sf "${NGINX_SITES_AVAILABLE}/relay.certificator.4nkweb.com" "${NGINX_SITES_ENABLED}/relay.certificator.4nkweb.com" # Tester la configuration Nginx echo "" echo "🔍 Test de la configuration Nginx..." if ${SUDO_CMD} ${NGINX_BIN} -t; then echo "✅ Configuration Nginx valide" else echo "❌ Erreur dans la configuration Nginx" exit 1 fi # Recharger Nginx (configuration HTTP uniquement pour l'instant) echo "" echo "🔄 Rechargement de Nginx (configuration HTTP)..." ${SUDO_CMD} systemctl reload nginx || ${SUDO_CMD} service nginx reload # Générer les certificats SSL avec Certbot echo "" echo "🔐 Génération des certificats SSL avec Certbot..." echo " Note: Certbot va automatiquement créer les configurations HTTPS" echo "" # Générer les certificats (un par un pour éviter les erreurs) DOMAINS=( "dashboard.certificator.4nkweb.com" "faucet.certificator.4nkweb.com" "anchorage.certificator.4nkweb.com" "watermark.certificator.4nkweb.com" "userwallet.certificator.4nkweb.com" "skeleton.certificator.4nkweb.com" "relay.certificator.4nkweb.com" ) for domain in "${DOMAINS[@]}"; do echo "📜 Génération du certificat pour ${domain}..." # Certbot va automatiquement modifier la config pour ajouter HTTPS et redirection if ${SUDO_CMD} ${CERTBOT_BIN} --nginx -d "${domain}" --non-interactive --agree-tos --email admin@4nkweb.com --redirect; then echo "✅ Certificat généré et configuration HTTPS créée pour ${domain}" else echo "⚠️ Erreur lors de la génération du certificat pour ${domain}" echo " Vous pouvez le générer manuellement avec:" echo " sudo ${CERTBOT_BIN} --nginx -d ${domain}" fi done # Recharger Nginx final echo "" echo "🔄 Rechargement final de Nginx..." ${SUDO_CMD} systemctl reload nginx || ${SUDO_CMD} service nginx reload echo "" echo "✅ Configuration terminée !" echo "" echo "📋 Résumé:" echo " - dashboard.certificator.4nkweb.com -> http://192.168.1.105:3020" echo " - faucet.certificator.4nkweb.com -> http://192.168.1.105:3021" echo " - anchorage.certificator.4nkweb.com -> http://192.168.1.105:3010" echo " - watermark.certificator.4nkweb.com -> http://192.168.1.105:3022" echo " - userwallet.certificator.4nkweb.com -> http://192.168.1.105:3018" echo " - skeleton.certificator.4nkweb.com -> http://192.168.1.105:3024" echo " - relay.certificator.4nkweb.com -> http://192.168.1.105:3019" echo "" echo "⚠️ Note: Si les services tournent sur une autre machine," echo " modifiez les IP dans les fichiers de configuration Nginx" echo "" echo "🔍 Vérification:" echo " - Test Nginx: nginx -t" echo " - Status: systemctl status nginx" echo " - Logs: tail -f /var/log/nginx/*.error.log" echo ""