4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/deploy/nginx/deploy-ia-enso-to-proxy.sh
Nicolas Cantu c13ce79696 Remove nginx Bearer auth from ia.enso /ollama by default 
**Motivations:**
- Simplify Cursor/custom clients; Bearer caused confusion with Cursor user API key.

**Root causes:**
- N/A.

**Correctifs:**
- Drop if map check and Authorization stripping on /ollama/; deploy script no longer emits Bearer map.

**Evolutions:**
- Optional Bearer documented in http-maps example; README/services/feature/infrastructure updated; proxy redeployed.

**Pages affectées:**
- deploy/nginx/sites/ia.enso.4nkweb.com.conf
- deploy/nginx/deploy-ia-enso-to-proxy.sh
- deploy/nginx/README-ia-enso.md
- deploy/nginx/http-maps/ia-enso-ollama-bearer.map.conf.example
- docs/features/ia-enso-nginx-proxy-ollama-anythingllm.md
- docs/services.md
- docs/infrastructure.md
2026-03-23 07:45:35 +01:00

107 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# Push ia.enso.4nkweb.com nginx config to the LAN proxy (192.168.1.100) over SSH.
# Requires passwordless sudo for nginx on the proxy host.
#
# Environment:
# IA_ENSO_SSH_KEY SSH private key (default: ~/.ssh/id_ed25519).
# IA_ENSO_PROXY_USER SSH user on proxy (default: ncantu).
# IA_ENSO_PROXY_HOST Proxy IP or hostname (default: 192.168.1.100).
# IA_ENSO_BACKEND_IP Ollama + AnythingLLM host IPv4 (default: 192.168.1.164).
# DEPLOY_SSH_PROXY_HOST Jump host (default: 4nk.myftp.biz); empty = direct SSH to proxy.
# DEPLOY_SSH_PROXY_USER Jump user (default: same as IA_ENSO_PROXY_USER).
#
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SMART_IDE_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
SSH_LIB="${SMART_IDE_ROOT}/ia_dev/deploy/_lib/ssh.sh"
if [[ ! -f "$SSH_LIB" ]]; then
echo "Missing ${SSH_LIB} (ia_dev submodule checkout?)" >&2
exit 1
fi
# shellcheck source=/dev/null
source "$SSH_LIB"
IA_ENSO_SSH_KEY="${IA_ENSO_SSH_KEY:-${HOME}/.ssh/id_ed25519}"
IA_ENSO_PROXY_USER="${IA_ENSO_PROXY_USER:-ncantu}"
IA_ENSO_PROXY_HOST="${IA_ENSO_PROXY_HOST:-192.168.1.100}"
IA_ENSO_BACKEND_IP="${IA_ENSO_BACKEND_IP:-192.168.1.164}"
DEPLOY_SSH_PROXY_USER="${DEPLOY_SSH_PROXY_USER:-$IA_ENSO_PROXY_USER}"
if [[ ! -v DEPLOY_SSH_PROXY_HOST ]]; then
export DEPLOY_SSH_PROXY_HOST='4nk.myftp.biz'
elif [[ -z "$DEPLOY_SSH_PROXY_HOST" ]]; then
unset DEPLOY_SSH_PROXY_HOST
fi
export DEPLOY_SSH_PROXY_USER
if [[ ! "$IA_ENSO_BACKEND_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IA_ENSO_BACKEND_IP must be an IPv4 address (got: ${IA_ENSO_BACKEND_IP})" >&2
exit 1
fi
write_maps_file() {
local path="$1"
local with_websocket="$2"
if [[ "$with_websocket" == "1" ]]; then
cat <<'MAPEOF' >"$path"
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
MAPEOF
else
cat <<'STUB' >"$path"
# ia-enso: $connection_upgrade is defined in another conf.d file; no duplicate map here.
STUB
fi
}
TMP_DIR="$(mktemp -d)"
cleanup() {
rm -rf "$TMP_DIR"
}
trap cleanup EXIT
try_install() {
local with_ws="$1"
write_maps_file "${TMP_DIR}/ia-enso-http-maps.conf" "$with_ws"
sed "s/__IA_ENSO_BACKEND_IP__/${IA_ENSO_BACKEND_IP}/g" "${SCRIPT_DIR}/sites/ia.enso.4nkweb.com.conf" >"${TMP_DIR}/ia.enso.4nkweb.com.conf"
scp_copy "$IA_ENSO_SSH_KEY" "${TMP_DIR}/ia-enso-http-maps.conf" "$IA_ENSO_PROXY_USER" "$IA_ENSO_PROXY_HOST" "/tmp/ia-enso-http-maps.conf"
scp_copy "$IA_ENSO_SSH_KEY" "${TMP_DIR}/ia.enso.4nkweb.com.conf" "$IA_ENSO_PROXY_USER" "$IA_ENSO_PROXY_HOST" "/tmp/ia.enso.4nkweb.com.conf"
ssh_run "$IA_ENSO_SSH_KEY" "$IA_ENSO_PROXY_USER" "$IA_ENSO_PROXY_HOST" bash <<'REMOTE'
set -euo pipefail
sudo install -d -m 0755 /etc/nginx/conf.d
sudo install -m 0644 /tmp/ia-enso-http-maps.conf /etc/nginx/conf.d/ia-enso-http-maps.conf
sudo install -m 0644 /tmp/ia.enso.4nkweb.com.conf /etc/nginx/sites-available/ia.enso.4nkweb.com.conf
sudo ln -sf /etc/nginx/sites-available/ia.enso.4nkweb.com.conf /etc/nginx/sites-enabled/ia.enso.4nkweb.com.conf
rm -f /tmp/ia-enso-http-maps.conf /tmp/ia.enso.4nkweb.com.conf
if ! grep -q 'include /etc/nginx/conf.d/\*\.conf;' /etc/nginx/nginx.conf; then
echo "ERROR: /etc/nginx/nginx.conf must include conf.d inside http { }." >&2
echo "Add: include /etc/nginx/conf.d/*.conf;" >&2
exit 1
fi
sudo nginx -t
sudo systemctl reload nginx
echo "nginx reload OK"
REMOTE
}
echo "Deploying ia.enso upstreams to ${IA_ENSO_BACKEND_IP} (Ollama :11434, AnythingLLM :3001)."
if ! try_install 1; then
echo "Retrying with stub maps file (websocket map likely already defined on proxy)..."
if ! try_install 0; then
echo "Deploy failed (SSH, sudo, nginx -t, or missing include /etc/nginx/conf.d/*.conf)." >&2
echo "Re-run from a host with SSH access to the proxy (LAN direct: DEPLOY_SSH_PROXY_HOST=)." >&2
exit 1
fi
fi
echo "Done. Public URLs (no nginx Bearer on /ollama/):"
echo " AnythingLLM: https://ia.enso.4nkweb.com/anythingllm/"
echo " Ollama native: https://ia.enso.4nkweb.com/ollama/api/tags"
echo " OpenAI-compat: https://ia.enso.4nkweb.com/ollama/v1"
Reference in New Issue View Git Blame Copy Permalink