PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b45e6c50cc5551da7d0494f604744ae941c2db81
xamxam/scripts/deploy-server.sh
Pontoporeia b45e6c50cc fix: admin CSP allow inline scripts 
script-src 'self' 'unsafe-inline' added to admin Content-Security-Policy.
default-src 'self' was blocking OverType editor init block and
the dev live-reload poller. Admin section is auth-gated so
unsafe-inline is acceptable.
2026-04-08 14:14:37 +02:00

105 lines
4.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Deploy production nginx configuration for Post-ERG
# Fixes permissions and installs /tmp/posterg.conf into nginx sites-available.
#
# Usage: just deploy-nginx (uploads script + config, then runs this)
# or: sudo bash /tmp/deploy-server.sh
set -e
# ── Colors ────────────────────────────────────────────────────────────────────
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
ok() { printf "${GREEN}${NC} %s\n" "$*"; }
err() { printf "${RED}${NC} %s\n" "$*" >&2; }
warn() { printf "${YELLOW}!${NC} %s\n" "$*"; }
# ─────────────────────────────────────────────────────────────────────────────
[ "$EUID" -eq 0 ] || { err "Run as root (sudo)"; exit 1; }
printf "🚀 Post-ERG Production Deployment\n"
printf "==================================\n\n"
# ── Step 1: Permissions ───────────────────────────────────────────────────────
printf "📋 Step 1: Fixing file permissions...\n"
echo "--------------------------------------"
chown -R www-data:posterg /var/www/posterg/
ok "Ownership: www-data:posterg"
find /var/www/posterg -type d -exec chmod 2775 {} \;
ok "Directories: 2775 (setgid)"
find /var/www/posterg -type f -exec chmod 664 {} \;
ok "Files: 664"
if [ -d "/var/www/posterg/storage" ]; then
chmod 2775 /var/www/posterg/storage
find /var/www/posterg/storage -name "*.db" -exec chmod 660 {} \;
ok "Storage: 2775, databases: 660"
fi
# Ensure writable cache subdirectories exist for php-fpm (www-data)
mkdir -p /var/www/posterg/storage/cache/rate_limit
chown -R www-data:posterg /var/www/posterg/storage/cache
chmod -R 2775 /var/www/posterg/storage/cache
ok "Cache dirs: created and owned by www-data:posterg"
# ── Step 2: Nginx config ──────────────────────────────────────────────────────
printf "\n📋 Step 2: Deploying nginx configuration...\n"
echo "--------------------------------------------"
if [ ! -f "/tmp/posterg.conf" ]; then
err "/tmp/posterg.conf not found — run: just deploy-nginx"
exit 1
fi
if [ -f "/etc/nginx/sites-available/posterg" ]; then
cp /etc/nginx/sites-available/posterg \
"/etc/nginx/sites-available/posterg.backup.$(date +%Y%m%d_%H%M%S)"
ok "Backed up existing config"
fi
cp /tmp/posterg.conf /etc/nginx/sites-available/posterg
ok "Installed new nginx config"
if [ ! -L "/etc/nginx/sites-enabled/posterg" ]; then
ln -s /etc/nginx/sites-available/posterg /etc/nginx/sites-enabled/posterg
ok "Created sites-enabled symlink"
fi
# ── Step 3: Validate ──────────────────────────────────────────────────────────
printf "\n📋 Step 3: Testing nginx configuration...\n"
echo "------------------------------------------"
if nginx -t 2>&1; then
ok "Nginx configuration is valid"
else
err "Nginx configuration has errors — restoring backup"
latest=$(ls -t /etc/nginx/sites-available/posterg.backup.* 2>/dev/null | head -1)
[ -n "$latest" ] && cp "$latest" /etc/nginx/sites-available/posterg
exit 1
fi
# ── Step 4: Reload nginx ─────────────────────────────────────────────────────
printf "\n"
echo "📋 Step 4: Reloading nginx..."
echo "------------------------------"
systemctl reload nginx
ok "Nginx reloaded"
# ── Done ──────────────────────────────────────────────────────────────────────
printf "\n"
ok "Permissions fixed"
ok "Nginx config installed"
ok "Configuration validated"
ok "Nginx reloaded"
printf "\nVerify:\n"
printf " https://posterg.erg.be/\n"
printf " https://posterg.erg.be/admin/\n"
printf " https://posterg.erg.be/storage/posterg.db (should 403/404)\n"
Reference in New Issue View Git Blame Copy Permalink