#!/bin/bash # Deploy production nginx configuration and fix permissions for Post-ERG set -e echo "๐Ÿš€ Post-ERG Production Deployment" echo "==================================" echo "" # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # Check if running as root if [ "$EUID" -ne 0 ]; then echo -e "${RED}Error: This script must be run as root (use sudo)${NC}" exit 1 fi echo "๐Ÿ“‹ Step 1: Fixing file permissions..." echo "--------------------------------------" # Change group to posterg (www-data is member of this group) chown -R theophile:posterg /var/www/html/ echo "โœ“ Changed group to posterg" # Set directory permissions (755 - readable/executable by everyone) find /var/www/html -type d -exec chmod 755 {} \; echo "โœ“ Set directory permissions to 755" # Set file permissions (640 - owner read/write, group read) find /var/www/html -type f -exec chmod 640 {} \; echo "โœ“ Set file permissions to 640" # Make upload directories writable by group (for www-data to write) if [ -d "/var/www/html/formulaire/data/theses" ]; then chmod 775 /var/www/html/formulaire/data/theses chmod 775 /var/www/html/formulaire/data/covers echo "โœ“ Set upload directories to 775" fi # Protect database if it exists if [ -f "/var/www/html/storage/posterg.db" ]; then chmod 660 /var/www/html/storage/posterg.db chown www-data:posterg /var/www/html/storage/posterg.db echo "โœ“ Protected database file" fi echo "" echo "๐Ÿ“‹ Step 2: Checking prerequisites..." echo "--------------------------------------" # Check if htpasswd is available if ! command -v htpasswd &>/dev/null; then echo -e "${YELLOW}โš ๏ธ htpasswd not found, installing apache2-utils...${NC}" apt-get update -qq apt-get install -y apache2-utils echo -e "${GREEN}โœ“ apache2-utils installed${NC}" fi # Check if htpasswd file exists if [ ! -f "/etc/nginx/.htpasswd-posterg" ]; then echo -e "${YELLOW}โš ๏ธ Warning: /etc/nginx/.htpasswd-posterg not found${NC}" echo " Creating it now..." echo "" echo "Please enter admin username:" read -r ADMIN_USER htpasswd -c /etc/nginx/.htpasswd-posterg "$ADMIN_USER" echo -e "${GREEN}โœ“ Password file created${NC}" echo "" else echo "โœ“ Password file exists" fi # Check if config file was uploaded if [ ! -f "/tmp/posterg.conf" ]; then echo -e "${RED}โœ— Error: /tmp/posterg.conf not found${NC}" echo "Please upload it first: rsync -vur ./nginx/posterg-production.conf posterg:/tmp/posterg.conf" exit 1 fi echo "" echo "๐Ÿ“‹ Step 3: Installing nginx configuration..." echo "--------------------------------------" # Backup existing config if it exists if [ -f "/etc/nginx/sites-available/posterg" ]; then cp /etc/nginx/sites-available/posterg /etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S) echo "โœ“ Backed up existing config" fi # Copy new configuration cp /tmp/posterg.conf /etc/nginx/sites-available/posterg echo "โœ“ Installed configuration to /etc/nginx/sites-available/posterg" # Create symlink if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg echo "โœ“ Created symlink in sites-enabled" else echo "โœ“ Symlink already exists" fi # Remove default site if [ -L "/etc/nginx/sites-enabled/default" ]; then rm /etc/nginx/sites-enabled/default echo "โœ“ Disabled default site" fi echo "" echo "๐Ÿ“‹ Step 4: Testing nginx configuration..." echo "--------------------------------------" if nginx -t; then echo -e "${GREEN}โœ“ Nginx configuration is valid${NC}" else echo -e "${RED}โœ— Nginx configuration has errors!${NC}" echo "Restoring backup..." if ls /etc/nginx/sites-available/posterg.backup* 1>/dev/null 2>&1; then BACKUP=$(ls -t /etc/nginx/sites-available/posterg.backup* | head -1) cp "$BACKUP" /etc/nginx/sites-available/posterg echo "Configuration restored from backup" fi exit 1 fi echo "" echo "๐Ÿ“‹ Step 5: Reloading nginx..." echo "--------------------------------------" if systemctl reload nginx; then echo -e "${GREEN}โœ“ Nginx reloaded successfully${NC}" else echo -e "${RED}โœ— Failed to reload nginx${NC}" exit 1 fi echo "" echo "๐Ÿ“‹ Step 6: Verifying services..." echo "--------------------------------------" # Check PHP-FPM if systemctl is-active --quiet php8.4-fpm; then echo -e "${GREEN}โœ“ PHP 8.4-FPM is running${NC}" else echo -e "${YELLOW}โš ๏ธ PHP-FPM is not running, starting it...${NC}" systemctl start php8.4-fpm systemctl enable php8.4-fpm echo -e "${GREEN}โœ“ PHP-FPM started${NC}" fi # Check nginx if systemctl is-active --quiet nginx; then echo -e "${GREEN}โœ“ Nginx is running${NC}" else echo -e "${RED}โœ— Nginx is not running!${NC}" exit 1 fi echo "" echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" echo -e "${GREEN}โœ… Deployment Complete!${NC}" echo "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" echo "" echo "๐Ÿงช Quick Tests:" echo " โ€ข Test public site: curl -I http://localhost/" echo " โ€ข Test admin panel: curl -I http://localhost/formulaire/" echo " โ€ข Test PHP: curl http://localhost/index.php" echo "" echo "๐Ÿ“Š View logs:" echo " โ€ข Access log: tail -f /var/log/nginx/posterg_access.log" echo " โ€ข Error log: tail -f /var/log/nginx/posterg_error.log" echo "" echo "๐Ÿ”’ Security Checks:" echo " โ€ข Database blocked: curl -I http://localhost/storage/posterg.db" echo " โ€ข MD files blocked: curl -I http://localhost/README.md" echo " โ€ข Shared blocked: curl -I http://localhost/shared/Database.php" echo ""