diff --git a/docs/SERVER_SETUP.md b/docs/SERVER_SETUP.md index 8716f46..cfca0d6 100644 --- a/docs/SERVER_SETUP.md +++ b/docs/SERVER_SETUP.md @@ -48,17 +48,12 @@ just deploy-db ## Applying the nginx config -The config is in `nginx/posterg.conf`. Upload it and run the deploy script on -the server: - ```bash -rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf -ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh" -ssh posterg "sudo systemctl reload nginx" +just deploy-nginx ``` -`scripts/deploy-server.sh` fixes ownership/permissions and installs the nginx -config from `/tmp/posterg.conf`. It must be run as root. +Uploads `nginx/posterg.conf` to the server, runs `scripts/deploy-server.sh` +(which installs it into `/etc/nginx/sites-available/posterg`), then reloads nginx. ## Managing admin users diff --git a/justfile b/justfile index cc20b1a..c9c6ff7 100644 --- a/justfile +++ b/justfile @@ -55,7 +55,22 @@ deploy: [group('deploy')] setup-server: rsync -v scripts/setup-server.sh posterg:/tmp/setup-server.sh - ssh posterg "sudo DEPLOY_USER=$(ssh -G posterg | awk '/^user / {print $2}') bash /tmp/setup-server.sh" + @echo "" + @echo "Script uploaded. SSH into the server and run:" + @echo "" + @echo " sudo DEPLOY_USER=\$USER bash /tmp/setup-server.sh" + @echo "" + +[group('deploy')] +deploy-nginx: + rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf + rsync -v scripts/deploy-server.sh posterg:/tmp/deploy-server.sh + @echo "" + @echo "Files uploaded. SSH into the server and run:" + @echo "" + @echo " sudo bash /tmp/deploy-server.sh" + @echo " sudo systemctl reload nginx" + @echo "" [group('deploy')] deploy-db: diff --git a/scripts/deploy-server.sh b/scripts/deploy-server.sh index c856491..1fcdc09 100755 --- a/scripts/deploy-server.sh +++ b/scripts/deploy-server.sh @@ -1,105 +1,92 @@ #!/bin/bash -# Deploy production nginx configuration for Post-ERG (NEW STRUCTURE) -# This script applies the nginx config for /var/www/posterg/public/ structure +# Deploy production nginx configuration for Post-ERG +# Fixes permissions and installs /tmp/posterg.conf into nginx sites-available. +# +# Usage: just deploy-nginx (uploads script + config, then runs this) +# or: sudo bash /tmp/deploy-server.sh set -e -echo "šŸš€ Post-ERG Production Deployment (NEW STRUCTURE)" -echo "==================================================" -echo "" - -# Colors +# ā”€ā”€ Colors ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' -# Check if running as root -if [ "$EUID" -ne 0 ]; then - echo -e "${RED}Error: This script must be run as root (use sudo)${NC}" - exit 1 -fi +ok() { printf "${GREEN}āœ“${NC} %s\n" "$*"; } +err() { printf "${RED}āœ—${NC} %s\n" "$*" >&2; } +warn() { printf "${YELLOW}!${NC} %s\n" "$*"; } +# ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ -echo "šŸ“‹ Step 1: Fixing file permissions..." -echo "--------------------------------------" +[ "$EUID" -eq 0 ] || { err "Run as root (sudo)"; exit 1; } + +printf "šŸš€ Post-ERG Production Deployment\n" +printf "==================================\n\n" + +# ā”€ā”€ Step 1: Permissions ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ +printf "šŸ“‹ Step 1: Fixing file permissions...\n" +printf "--------------------------------------\n" -# Change ownership to www-data:posterg chown -R www-data:posterg /var/www/posterg/ -echo "āœ“ Changed ownership to www-data:posterg" +ok "Ownership: www-data:posterg" -# Set directory permissions (755) -find /var/www/posterg -type d -exec chmod 755 {} \; -echo "āœ“ Set directory permissions to 755" +find /var/www/posterg -type d -exec chmod 2775 {} \; +ok "Directories: 2775 (setgid)" -# Set file permissions (644) -find /var/www/posterg -type f -exec chmod 644 {} \; -echo "āœ“ Set file permissions to 644" +find /var/www/posterg -type f -exec chmod 664 {} \; +ok "Files: 664" -# Make storage directory writable by group if [ -d "/var/www/posterg/storage" ]; then - chmod 775 /var/www/posterg/storage - echo "āœ“ Made storage directory group-writable (775)" + chmod 2775 /var/www/posterg/storage + find /var/www/posterg/storage -name "*.db" -exec chmod 660 {} \; + ok "Storage: 2775, databases: 660" fi -# Fix database file permissions -if [ -f "/var/www/posterg/storage/test.db" ]; then - chmod 660 /var/www/posterg/storage/test.db - chown www-data:posterg /var/www/posterg/storage/test.db - echo "āœ“ Fixed database file permissions (660)" +# ā”€ā”€ Step 2: Nginx config ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ +printf "\nšŸ“‹ Step 2: Deploying nginx configuration...\n" +printf "--------------------------------------------\n" + +if [ ! -f "/tmp/posterg.conf" ]; then + err "/tmp/posterg.conf not found ā€” run: just deploy-nginx" + exit 1 fi -# Make admin upload directories writable by group -if [ -d "/var/www/posterg/public/admin/data" ]; then - find /var/www/posterg/public/admin/data -type d -exec chmod 775 {} \; - echo "āœ“ Made admin upload directories group-writable" -fi - -echo "" -echo "šŸ“‹ Step 2: Deploying nginx configuration..." -echo "--------------------------------------" - -# Backup existing config if [ -f "/etc/nginx/sites-available/posterg" ]; then - cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S) - echo "āœ“ Backed up existing config" + cp /etc/nginx/sites-available/posterg \ + "/etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)" + ok "Backed up existing config" fi -# Copy new config -if [ -f "/tmp/posterg.conf" ]; then - cp /tmp/posterg.conf /etc/nginx/sites-available/posterg - echo "āœ“ Installed new nginx config" +cp /tmp/posterg.conf /etc/nginx/sites-available/posterg +ok "Installed new nginx config" + +if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then + ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg + ok "Created sites-enabled symlink" +fi + +# ā”€ā”€ Step 3: Validate ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ +printf "\nšŸ“‹ Step 3: Testing nginx configuration...\n" +printf "------------------------------------------\n" + +if nginx -t 2>&1; then + ok "Nginx configuration is valid" else - echo -e "${RED}Error: /tmp/posterg.conf not found${NC}" - echo "Run 'just deploy-nginx' first" + err "Nginx configuration has errors ā€” restoring backup" + latest=$(ls -t /etc/nginx/sites-available/posterg.backup.* 2>/dev/null | head -1) + [ -n "$latest" ] && cp "$latest" /etc/nginx/sites-available/posterg exit 1 fi -# Test nginx configuration -echo "" -echo "šŸ“‹ Step 3: Testing nginx configuration..." -echo "--------------------------------------" - -if nginx -t; then - echo -e "${GREEN}āœ“ Nginx configuration is valid${NC}" -else - echo -e "${RED}āœ— Nginx configuration has errors!${NC}" - echo "Restoring backup..." - cp /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S | tail -1) /etc/nginx/sites-available/posterg - exit 1 -fi - -echo "" -echo "šŸ“‹ Step 4: Summary..." -echo "--------------------------------------" -echo -e "${GREEN}āœ“ Permissions fixed${NC}" -echo -e "${GREEN}āœ“ Nginx config installed${NC}" -echo -e "${GREEN}āœ“ Configuration validated${NC}" -echo "" -echo -e "${YELLOW}Ready to reload nginx!${NC}" -echo "" -echo "Run: ${GREEN}sudo systemctl reload nginx${NC}" -echo "" -echo "After reload, verify:" -echo " ā€¢ https://posterg.erg.be/" -echo " ā€¢ https://posterg.erg.be/admin/" -echo " ā€¢ https://posterg.erg.be/storage/test.db (should 404)" +# ā”€ā”€ Done ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ +printf "\n" +ok "Permissions fixed" +ok "Nginx config installed" +ok "Configuration validated" +printf "\n" +warn "Nginx has not been reloaded yet." +printf "Run: sudo systemctl reload nginx\n\n" +printf "After reload, verify:\n" +printf " ā€¢ https://posterg.erg.be/\n" +printf " ā€¢ https://posterg.erg.be/admin/\n" +printf " ā€¢ https://posterg.erg.be/storage/posterg.db (should 403/404)\n" diff --git a/scripts/setup-server.sh b/scripts/setup-server.sh index 78c7bd3..8ba5d4f 100755 --- a/scripts/setup-server.sh +++ b/scripts/setup-server.sh @@ -2,17 +2,24 @@ # One-time server setup for Post-ERG # Run this before the first deploy (or after a permission reset). # -# Usage: ssh posterg "sudo bash /tmp/setup-server.sh" -# Or: just setup-server -# -# What it does: -# 1. Creates /var/www/posterg with correct ownership and permissions -# 2. Ensures the deploy user is in the posterg group -# 3. Sets sticky group bit (setgid) on all directories so new files -# inherit the posterg group ā€” required for rsync --chown to work +# Usage: just setup-server +# or: sudo DEPLOY_USER=youruser bash /tmp/setup-server.sh set -e +# ā”€ā”€ Colors / helpers ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' + +ok() { printf "${GREEN}āœ“${NC} %s\n" "$*"; } +warn() { printf "${YELLOW}!${NC} %s\n" "$*"; } +die() { printf "${RED}āœ—${NC} %s\n" "$*" >&2; exit 1; } +# ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ + +[ "$EUID" -eq 0 ] || die "Run as root (sudo)" + # ā”€ā”€ Config ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ # DEPLOY_USER is passed explicitly by the justfile (read from ~/.ssh/config via # `ssh -G posterg`). Falls back to $SUDO_USER if run manually with sudo. @@ -23,20 +30,8 @@ APP_GROUP="posterg" WEB_USER="www-data" # ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -NC='\033[0m' - -ok() { echo -e "${GREEN}āœ“${NC} $*"; } -warn() { echo -e "${YELLOW}!${NC} $*"; } -die() { echo -e "${RED}āœ—${NC} $*" >&2; exit 1; } - -[ "$EUID" -eq 0 ] || die "Run as root (sudo)" - -echo "šŸ”§ Post-ERG Server Setup" -echo "========================" -echo "" +printf "šŸ”§ Post-ERG Server Setup\n" +printf "========================\n\n" # ā”€ā”€ 1. Create posterg group ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ if ! getent group "$APP_GROUP" >/dev/null; then @@ -87,14 +82,12 @@ if [ -d "$APP_DIR/storage" ]; then ok "Storage: 2775, databases: 660" fi -echo "" -echo -e "${GREEN}āœ“ Setup complete.${NC}" -echo "" -echo "Next steps:" -echo " 1. Log out and back in as '$DEPLOY_USER' so group membership takes effect" -echo " (or run: newgrp $APP_GROUP)" -echo " 2. Run: just deploy" -echo "" +printf "\n" +ok "Setup complete." +printf "\nNext steps:\n" +printf " 1. Log out and back in as '%s' so group membership takes effect\n" "$DEPLOY_USER" +printf " (or run: newgrp %s)\n" "$APP_GROUP" +printf " 2. Run: just deploy\n\n" warn "If this is a fresh server, also run after first deploy:" -echo " just deploy-db # push initial database" -echo " just deploy-nginx # apply nginx config" +printf " just deploy-db # push initial database\n" +printf " just deploy-nginx # install nginx config\n"