deploy-nginx: add recipe, upload scripts to /tmp, print sudo instructions

2026-05-06 11:09:18 +02:00 · 2026-03-02 15:51:15 +01:00
parent 5e1543e9a8
commit 7208292c0e
4 changed files with 109 additions and 119 deletions
--- a/scripts/deploy-server.sh
+++ b/scripts/deploy-server.sh
@@ -1,105 +1,92 @@
 #!/bin/bash
-# Deploy production nginx configuration for Post-ERG (NEW STRUCTURE)
-# This script applies the nginx config for /var/www/posterg/public/ structure
+# Deploy production nginx configuration for Post-ERG
+# Fixes permissions and installs /tmp/posterg.conf into nginx sites-available.
+#
+# Usage: just deploy-nginx   (uploads script + config, then runs this)
+#    or: sudo bash /tmp/deploy-server.sh

 set -e

-echo "🚀 Post-ERG Production Deployment (NEW STRUCTURE)"
-echo "=================================================="
-echo ""
-
-# Colors
+# ── Colors ────────────────────────────────────────────────────────────────────
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m'

-# Check if running as root
-if [ "$EUID" -ne 0 ]; then 
-    echo -e "${RED}Error: This script must be run as root (use sudo)${NC}"
-    exit 1
-fi
+ok()   { printf "${GREEN}✓${NC} %s\n" "$*"; }
+err()  { printf "${RED}✗${NC} %s\n" "$*" >&2; }
+warn() { printf "${YELLOW}!${NC} %s\n" "$*"; }
+# ─────────────────────────────────────────────────────────────────────────────

-echo "📋 Step 1: Fixing file permissions..."
-echo "--------------------------------------"
+[ "$EUID" -eq 0 ] || { err "Run as root (sudo)"; exit 1; }
+
+printf "🚀 Post-ERG Production Deployment\n"
+printf "==================================\n\n"
+
+# ── Step 1: Permissions ───────────────────────────────────────────────────────
+printf "📋 Step 1: Fixing file permissions...\n"
+printf "--------------------------------------\n"

-# Change ownership to www-data:posterg
 chown -R www-data:posterg /var/www/posterg/
-echo "✓ Changed ownership to www-data:posterg"
+ok "Ownership: www-data:posterg"

-# Set directory permissions (755)
-find /var/www/posterg -type d -exec chmod 755 {} \;
-echo "✓ Set directory permissions to 755"
+find /var/www/posterg -type d -exec chmod 2775 {} \;
+ok "Directories: 2775 (setgid)"

-# Set file permissions (644)
-find /var/www/posterg -type f -exec chmod 644 {} \;
-echo "✓ Set file permissions to 644"
+find /var/www/posterg -type f -exec chmod 664 {} \;
+ok "Files: 664"

-# Make storage directory writable by group
 if [ -d "/var/www/posterg/storage" ]; then
-    chmod 775 /var/www/posterg/storage
-    echo "✓ Made storage directory group-writable (775)"
+    chmod 2775 /var/www/posterg/storage
+    find /var/www/posterg/storage -name "*.db" -exec chmod 660 {} \;
+    ok "Storage: 2775, databases: 660"
 fi

-# Fix database file permissions
-if [ -f "/var/www/posterg/storage/test.db" ]; then
-    chmod 660 /var/www/posterg/storage/test.db
-    chown www-data:posterg /var/www/posterg/storage/test.db
-    echo "✓ Fixed database file permissions (660)"
+# ── Step 2: Nginx config ──────────────────────────────────────────────────────
+printf "\n📋 Step 2: Deploying nginx configuration...\n"
+printf "--------------------------------------------\n"
+
+if [ ! -f "/tmp/posterg.conf" ]; then
+    err "/tmp/posterg.conf not found — run: just deploy-nginx"
+    exit 1
 fi

-# Make admin upload directories writable by group
-if [ -d "/var/www/posterg/public/admin/data" ]; then
-    find /var/www/posterg/public/admin/data -type d -exec chmod 775 {} \;
-    echo "✓ Made admin upload directories group-writable"
-fi
-
-echo ""
-echo "📋 Step 2: Deploying nginx configuration..."
-echo "--------------------------------------"
-
-# Backup existing config
 if [ -f "/etc/nginx/sites-available/posterg" ]; then
-    cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)
-    echo "✓ Backed up existing config"
+    cp /etc/nginx/sites-available/posterg \
+       "/etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)"
+    ok "Backed up existing config"
 fi

-# Copy new config
-if [ -f "/tmp/posterg.conf" ]; then
-    cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
-    echo "✓ Installed new nginx config"
+cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
+ok "Installed new nginx config"
+
+if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then
+    ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg
+    ok "Created sites-enabled symlink"
+fi
+
+# ── Step 3: Validate ──────────────────────────────────────────────────────────
+printf "\n📋 Step 3: Testing nginx configuration...\n"
+printf "------------------------------------------\n"
+
+if nginx -t 2>&1; then
+    ok "Nginx configuration is valid"
 else
-    echo -e "${RED}Error: /tmp/posterg.conf not found${NC}"
-    echo "Run 'just deploy-nginx' first"
+    err "Nginx configuration has errors — restoring backup"
+    latest=$(ls -t /etc/nginx/sites-available/posterg.backup.* 2>/dev/null | head -1)
+    [ -n "$latest" ] && cp "$latest" /etc/nginx/sites-available/posterg
    exit 1
 fi

-# Test nginx configuration
-echo ""
-echo "📋 Step 3: Testing nginx configuration..."
-echo "--------------------------------------"
-
-if nginx -t; then
-    echo -e "${GREEN}✓ Nginx configuration is valid${NC}"
-else
-    echo -e "${RED}✗ Nginx configuration has errors!${NC}"
-    echo "Restoring backup..."
-    cp /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S | tail -1) /etc/nginx/sites-available/posterg
-    exit 1
-fi
-
-echo ""
-echo "📋 Step 4: Summary..."
-echo "--------------------------------------"
-echo -e "${GREEN}✓ Permissions fixed${NC}"
-echo -e "${GREEN}✓ Nginx config installed${NC}"
-echo -e "${GREEN}✓ Configuration validated${NC}"
-echo ""
-echo -e "${YELLOW}Ready to reload nginx!${NC}"
-echo ""
-echo "Run: ${GREEN}sudo systemctl reload nginx${NC}"
-echo ""
-echo "After reload, verify:"
-echo "  • https://posterg.erg.be/"
-echo "  • https://posterg.erg.be/admin/"
-echo "  • https://posterg.erg.be/storage/test.db (should 404)"
+# ── Done ──────────────────────────────────────────────────────────────────────
+printf "\n"
+ok "Permissions fixed"
+ok "Nginx config installed"
+ok "Configuration validated"
+printf "\n"
+warn "Nginx has not been reloaded yet."
+printf "Run: sudo systemctl reload nginx\n\n"
+printf "After reload, verify:\n"
+printf "  • https://posterg.erg.be/\n"
+printf "  • https://posterg.erg.be/admin/\n"
+printf "  • https://posterg.erg.be/storage/posterg.db (should 403/404)\n"