PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-07 03:29:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

deploy-nginx: add recipe, upload scripts to /tmp, print sudo instructions

Browse Source
This commit is contained in:
Pontoporeia
2026-03-02 15:51:15 +01:00
parent 5e1543e9a8
commit 7208292c0e
4 changed files with 109 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/SERVER_SETUP.md
View File

@@ -48,17 +48,12 @@ just deploy-db
## Applying the nginx config ## Applying the nginx config
The config is in `nginx/posterg.conf`. Upload it and run the deploy script on
the server:
```bash ```bash
rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf just deploy-nginx
ssh posterg "sudo bash /var/www/posterg/scripts/deploy-server.sh"
ssh posterg "sudo systemctl reload nginx"
``` ```
`scripts/deploy-server.sh` fixes ownership/permissions and installs the nginx Uploads `nginx/posterg.conf` to the server, runs `scripts/deploy-server.sh`
config from `/tmp/posterg.conf`. It must be run as root. (which installs it into `/etc/nginx/sites-available/posterg`), then reloads nginx.
## Managing admin users ## Managing admin users

17
justfile
View File

@@ -55,7 +55,22 @@ deploy:
[group('deploy')] [group('deploy')]
setup-server: setup-server:
rsync -v scripts/setup-server.sh posterg:/tmp/setup-server.sh rsync -v scripts/setup-server.sh posterg:/tmp/setup-server.sh
ssh posterg "sudo DEPLOY_USER=$(ssh -G posterg | awk '/^user / {print $2}') bash /tmp/setup-server.sh" @echo ""
@echo "Script uploaded. SSH into the server and run:"
@echo ""
@echo " sudo DEPLOY_USER=\$USER bash /tmp/setup-server.sh"
@echo ""
[group('deploy')]
deploy-nginx:
rsync -v nginx/posterg.conf posterg:/tmp/posterg.conf
rsync -v scripts/deploy-server.sh posterg:/tmp/deploy-server.sh
@echo ""
@echo "Files uploaded. SSH into the server and run:"
@echo ""
@echo " sudo bash /tmp/deploy-server.sh"
@echo " sudo systemctl reload nginx"
@echo ""
[group('deploy')] [group('deploy')]
deploy-db: deploy-db:

143
scripts/deploy-server.sh
View File

@@ -1,105 +1,92 @@
#!/bin/bash #!/bin/bash
# Deploy production nginx configuration for Post-ERG (NEW STRUCTURE) # Deploy production nginx configuration for Post-ERG
# This script applies the nginx config for /var/www/posterg/public/ structure # Fixes permissions and installs /tmp/posterg.conf into nginx sites-available.
#
# Usage: just deploy-nginx (uploads script + config, then runs this)
# or: sudo bash /tmp/deploy-server.sh
set -e set -e
echo "🚀 Post-ERG Production Deployment (NEW STRUCTURE)" # ── Colors ────────────────────────────────────────────────────────────────────
echo "=================================================="
echo ""
# Colors
RED='\033[0;31m' RED='\033[0;31m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
NC='\033[0m' NC='\033[0m'
# Check if running as root ok() { printf "${GREEN}${NC} %s\n" "$*"; }
if [ "$EUID" -ne 0 ]; then err() { printf "${RED}${NC} %s\n" "$*" >&2; }
echo -e "${RED}Error: This script must be run as root (use sudo)${NC}" warn() { printf "${YELLOW}!${NC} %s\n" "$*"; }
exit 1 # ─────────────────────────────────────────────────────────────────────────────
fi
echo "📋 Step 1: Fixing file permissions..." [ "$EUID" -eq 0 ] || { err "Run as root (sudo)"; exit 1; }
echo "--------------------------------------"
printf "🚀 Post-ERG Production Deployment\n"
printf "==================================\n\n"
# ── Step 1: Permissions ───────────────────────────────────────────────────────
printf "📋 Step 1: Fixing file permissions...\n"
printf "--------------------------------------\n"
# Change ownership to www-data:posterg
chown -R www-data:posterg /var/www/posterg/ chown -R www-data:posterg /var/www/posterg/
echo "✓ Changed ownership to www-data:posterg" ok "Ownership: www-data:posterg"
# Set directory permissions (755) find /var/www/posterg -type d -exec chmod 2775 {} \;
find /var/www/posterg -type d -exec chmod 755 {} \; ok "Directories: 2775 (setgid)"
echo "✓ Set directory permissions to 755"
# Set file permissions (644) find /var/www/posterg -type f -exec chmod 664 {} \;
find /var/www/posterg -type f -exec chmod 644 {} \; ok "Files: 664"
echo "✓ Set file permissions to 644"
# Make storage directory writable by group
if [ -d "/var/www/posterg/storage" ]; then if [ -d "/var/www/posterg/storage" ]; then
chmod 775 /var/www/posterg/storage chmod 2775 /var/www/posterg/storage
echo "✓ Made storage directory group-writable (775)" find /var/www/posterg/storage -name "*.db" -exec chmod 660 {} \;
ok "Storage: 2775, databases: 660"
fi fi
# Fix database file permissions # ── Step 2: Nginx config ──────────────────────────────────────────────────────
if [ -f "/var/www/posterg/storage/test.db" ]; then printf "\n📋 Step 2: Deploying nginx configuration...\n"
chmod 660 /var/www/posterg/storage/test.db printf "--------------------------------------------\n"
chown www-data:posterg /var/www/posterg/storage/test.db
echo "✓ Fixed database file permissions (660)" if [ ! -f "/tmp/posterg.conf" ]; then
err "/tmp/posterg.conf not found — run: just deploy-nginx"
exit 1
fi fi
# Make admin upload directories writable by group
if [ -d "/var/www/posterg/public/admin/data" ]; then
find /var/www/posterg/public/admin/data -type d -exec chmod 775 {} \;
echo "✓ Made admin upload directories group-writable"
fi
echo ""
echo "📋 Step 2: Deploying nginx configuration..."
echo "--------------------------------------"
# Backup existing config
if [ -f "/etc/nginx/sites-available/posterg" ]; then if [ -f "/etc/nginx/sites-available/posterg" ]; then
cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S) cp /etc/nginx/sites-available/posterg \
echo "✓ Backed up existing config" "/etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)"
ok "Backed up existing config"
fi fi
# Copy new config cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
if [ -f "/tmp/posterg.conf" ]; then ok "Installed new nginx config"
cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
echo "✓ Installed new nginx config" if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then
ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg
ok "Created sites-enabled symlink"
fi
# ── Step 3: Validate ──────────────────────────────────────────────────────────
printf "\n📋 Step 3: Testing nginx configuration...\n"
printf "------------------------------------------\n"
if nginx -t 2>&1; then
ok "Nginx configuration is valid"
else else
echo -e "${RED}Error: /tmp/posterg.conf not found${NC}" err "Nginx configuration has errors — restoring backup"
echo "Run 'just deploy-nginx' first" latest=$(ls -t /etc/nginx/sites-available/posterg.backup.* 2>/dev/null | head -1)
[ -n "$latest" ] && cp "$latest" /etc/nginx/sites-available/posterg
exit 1 exit 1
fi fi
# Test nginx configuration # ── Done ──────────────────────────────────────────────────────────────────────
echo "" printf "\n"
echo "📋 Step 3: Testing nginx configuration..." ok "Permissions fixed"
echo "--------------------------------------" ok "Nginx config installed"
ok "Configuration validated"
if nginx -t; then printf "\n"
echo -e "${GREEN}✓ Nginx configuration is valid${NC}" warn "Nginx has not been reloaded yet."
else printf "Run: sudo systemctl reload nginx\n\n"
echo -e "${RED}✗ Nginx configuration has errors!${NC}" printf "After reload, verify:\n"
echo "Restoring backup..." printf " • https://posterg.erg.be/\n"
cp /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S | tail -1) /etc/nginx/sites-available/posterg printf " • https://posterg.erg.be/admin/\n"
exit 1 printf " • https://posterg.erg.be/storage/posterg.db (should 403/404)\n"
fi
echo ""
echo "📋 Step 4: Summary..."
echo "--------------------------------------"
echo -e "${GREEN}✓ Permissions fixed${NC}"
echo -e "${GREEN}✓ Nginx config installed${NC}"
echo -e "${GREEN}✓ Configuration validated${NC}"
echo ""
echo -e "${YELLOW}Ready to reload nginx!${NC}"
echo ""
echo "Run: ${GREEN}sudo systemctl reload nginx${NC}"
echo ""
echo "After reload, verify:"
echo " • https://posterg.erg.be/"
echo " • https://posterg.erg.be/admin/"
echo " • https://posterg.erg.be/storage/test.db (should 404)"

57
scripts/setup-server.sh
View File

@@ -2,17 +2,24 @@
# One-time server setup for Post-ERG # One-time server setup for Post-ERG
# Run this before the first deploy (or after a permission reset). # Run this before the first deploy (or after a permission reset).
# #
# Usage: ssh posterg "sudo bash /tmp/setup-server.sh" # Usage: just setup-server
# Or: just setup-server # or: sudo DEPLOY_USER=youruser bash /tmp/setup-server.sh
#
# What it does:
# 1. Creates /var/www/posterg with correct ownership and permissions
# 2. Ensures the deploy user is in the posterg group
# 3. Sets sticky group bit (setgid) on all directories so new files
# inherit the posterg group — required for rsync --chown to work
set -e set -e
# ── Colors / helpers ──────────────────────────────────────────────────────────
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
ok() { printf "${GREEN}${NC} %s\n" "$*"; }
warn() { printf "${YELLOW}!${NC} %s\n" "$*"; }
die() { printf "${RED}${NC} %s\n" "$*" >&2; exit 1; }
# ─────────────────────────────────────────────────────────────────────────────
[ "$EUID" -eq 0 ] || die "Run as root (sudo)"
# ── Config ──────────────────────────────────────────────────────────────────── # ── Config ────────────────────────────────────────────────────────────────────
# DEPLOY_USER is passed explicitly by the justfile (read from ~/.ssh/config via # DEPLOY_USER is passed explicitly by the justfile (read from ~/.ssh/config via
# `ssh -G posterg`). Falls back to $SUDO_USER if run manually with sudo. # `ssh -G posterg`). Falls back to $SUDO_USER if run manually with sudo.
@@ -23,20 +30,8 @@ APP_GROUP="posterg"
WEB_USER="www-data" WEB_USER="www-data"
# ───────────────────────────────────────────────────────────────────────────── # ─────────────────────────────────────────────────────────────────────────────
RED='\033[0;31m' printf "🔧 Post-ERG Server Setup\n"
GREEN='\033[0;32m' printf "========================\n\n"
YELLOW='\033[1;33m'
NC='\033[0m'
ok() { echo -e "${GREEN}${NC} $*"; }
warn() { echo -e "${YELLOW}!${NC} $*"; }
die() { echo -e "${RED}${NC} $*" >&2; exit 1; }
[ "$EUID" -eq 0 ] || die "Run as root (sudo)"
echo "🔧 Post-ERG Server Setup"
echo "========================"
echo ""
# ── 1. Create posterg group ─────────────────────────────────────────────────── # ── 1. Create posterg group ───────────────────────────────────────────────────
if ! getent group "$APP_GROUP" >/dev/null; then if ! getent group "$APP_GROUP" >/dev/null; then
@@ -87,14 +82,12 @@ if [ -d "$APP_DIR/storage" ]; then
ok "Storage: 2775, databases: 660" ok "Storage: 2775, databases: 660"
fi fi
echo "" printf "\n"
echo -e "${GREEN}Setup complete.${NC}" ok "Setup complete."
echo "" printf "\nNext steps:\n"
echo "Next steps:" printf " 1. Log out and back in as '%s' so group membership takes effect\n" "$DEPLOY_USER"
echo " 1. Log out and back in as '$DEPLOY_USER' so group membership takes effect" printf " (or run: newgrp %s)\n" "$APP_GROUP"
echo " (or run: newgrp $APP_GROUP)" printf " 2. Run: just deploy\n\n"
echo " 2. Run: just deploy"
echo ""
warn "If this is a fresh server, also run after first deploy:" warn "If this is a fresh server, also run after first deploy:"
echo " just deploy-db # push initial database" printf " just deploy-db # push initial database\n"
echo " just deploy-nginx # apply nginx config" printf " just deploy-nginx # install nginx config\n"