arifal/CKB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add update nginx config to domain and create production setup docker

Browse Source
This commit is contained in:
arifal
2025-06-11 19:02:02 +07:00
parent 647aa51187
commit 0b211915f1
13 changed files with 1899 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
docker-ssl-setup.sh Executable file
View File

@@ -0,0 +1,283 @@
#!/bin/bash
# Script untuk setup SSL certificate dengan Let's Encrypt untuk domain bengkel.digitaloasis.xyz
# Usage: ./docker-ssl-setup.sh
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
DOMAIN="bengkel.digitaloasis.xyz"
WWW_DOMAIN="www.bengkel.digitaloasis.xyz"
EMAIL="admin@digitaloasis.xyz"
COMPOSE_FILE="docker-compose.prod.yml"
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Function to check if Docker is running
check_docker() {
if ! docker info > /dev/null 2>&1; then
print_error "Docker is not running. Please start Docker first."
exit 1
fi
}
# Function to check if domain is pointing to this server
check_domain() {
print_status "Checking if domain $DOMAIN is pointing to this server..."
# Get current server IP
SERVER_IP=$(curl -s ifconfig.me || curl -s icanhazip.com || echo "Unable to detect")
# Get domain IP
DOMAIN_IP=$(dig +short $DOMAIN | head -n1)
print_status "Server IP: $SERVER_IP"
print_status "Domain IP: $DOMAIN_IP"
if [[ "$SERVER_IP" != "$DOMAIN_IP" ]]; then
print_warning "Domain might not be pointing to this server!"
print_warning "Please make sure DNS is configured correctly before proceeding."
read -p "Continue anyway? (y/N): " -n 1 -r
echo ""
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
print_status "SSL setup cancelled."
exit 0
fi
else
print_success "Domain is correctly pointing to this server!"
fi
}
# Function to create temporary nginx config for initial certificate
create_temp_nginx() {
print_status "Creating temporary nginx configuration for initial certificate..."
cat > docker/nginx-temp.conf << 'EOF'
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 200 'SSL setup in progress...';
add_header Content-Type text/plain;
}
}
}
EOF
}
# Function to start nginx with temporary config
start_temp_nginx() {
print_status "Starting nginx with temporary configuration..."
# Update docker-compose to use temporary config
sed -i 's|nginx-proxy.conf|nginx-temp.conf|g' $COMPOSE_FILE
# Start nginx-proxy
docker-compose -f $COMPOSE_FILE up -d nginx-proxy
# Wait for nginx to be ready
sleep 10
}
# Function to obtain SSL certificate
obtain_certificate() {
print_status "Obtaining SSL certificate from Let's Encrypt..."
# Run certbot
docker-compose -f $COMPOSE_FILE run --rm certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email $EMAIL \
--agree-tos \
--no-eff-email \
--force-renewal \
-d $DOMAIN \
-d $WWW_DOMAIN
if [[ $? -eq 0 ]]; then
print_success "SSL certificate obtained successfully!"
else
print_error "Failed to obtain SSL certificate!"
exit 1
fi
}
# Function to setup certificate files
setup_certificate_files() {
print_status "Setting up certificate files for nginx..."
# Copy certificates to nginx ssl directory
docker run --rm \
-v ckb_ssl_certificates:/source \
-v ckb_ssl_certificates:/target \
alpine sh -c "
mkdir -p /target/live/$DOMAIN
cp -L /source/live/$DOMAIN/fullchain.pem /target/fullchain.pem
cp -L /source/live/$DOMAIN/privkey.pem /target/privkey.pem
chmod 644 /target/fullchain.pem
chmod 600 /target/privkey.pem
"
print_success "Certificate files setup completed!"
}
# Function to restore production nginx config
restore_production_config() {
print_status "Restoring production nginx configuration..."
# Restore original config
sed -i 's|nginx-temp.conf|nginx-proxy.conf|g' $COMPOSE_FILE
# Restart nginx with SSL configuration
docker-compose -f $COMPOSE_FILE up -d nginx-proxy
print_success "Production nginx configuration restored!"
}
# Function to test SSL certificate
test_ssl() {
print_status "Testing SSL certificate..."
sleep 10
# Test HTTPS connection
if curl -s --max-time 10 https://$DOMAIN > /dev/null; then
print_success "HTTPS is working correctly!"
else
print_warning "HTTPS test failed. Please check the configuration."
fi
# Test certificate validity
if openssl s_client -connect $DOMAIN:443 -servername $DOMAIN < /dev/null 2>/dev/null | openssl x509 -noout -dates; then
print_success "Certificate information retrieved successfully!"
else
print_warning "Could not retrieve certificate information."
fi
}
# Function to setup certificate renewal
setup_renewal() {
print_status "Setting up automatic certificate renewal..."
# Create renewal script
cat > docker-ssl-renew.sh << 'EOF'
#!/bin/bash
# SSL Certificate Renewal Script
# Add this to crontab: 0 12 * * * /path/to/docker-ssl-renew.sh
docker-compose -f docker-compose.prod.yml run --rm certbot renew --quiet
# Reload nginx if certificate was renewed
if [[ $? -eq 0 ]]; then
# Copy renewed certificates
docker run --rm \
-v ckb_ssl_certificates:/source \
-v ckb_ssl_certificates:/target \
alpine sh -c "
cp -L /source/live/bengkel.digitaloasis.xyz/fullchain.pem /target/fullchain.pem
cp -L /source/live/bengkel.digitaloasis.xyz/privkey.pem /target/privkey.pem
"
# Reload nginx
docker-compose -f docker-compose.prod.yml exec nginx-proxy nginx -s reload
fi
EOF
chmod +x docker-ssl-renew.sh
print_success "Certificate renewal script created: docker-ssl-renew.sh"
print_status "To setup automatic renewal, add this to crontab:"
echo "0 12 * * * $(pwd)/docker-ssl-renew.sh"
}
# Function to show final information
show_final_info() {
echo ""
print_success "🎉 SSL setup completed successfully!"
echo ""
print_status "Your application is now available at:"
echo " 🌐 https://bengkel.digitaloasis.xyz"
echo " 🌐 https://www.bengkel.digitaloasis.xyz"
echo ""
print_status "SSL Certificate Information:"
echo " 📅 Domain: $DOMAIN, $WWW_DOMAIN"
echo " 📧 Email: $EMAIL"
echo " 🔄 Auto-renewal: Setup docker-ssl-renew.sh in crontab"
echo ""
print_status "Useful Commands:"
echo " - Check certificate: openssl s_client -connect $DOMAIN:443 -servername $DOMAIN"
echo " - Renew certificate: ./docker-ssl-renew.sh"
echo " - View logs: docker-compose -f $COMPOSE_FILE logs nginx-proxy"
echo " - Test renewal: docker-compose -f $COMPOSE_FILE run --rm certbot renew --dry-run"
}
# Main execution
echo "================================================"
print_status "🔒 SSL Certificate Setup for CKB Production"
print_status "Domain: $DOMAIN"
echo "================================================"
echo ""
# Check prerequisites
check_docker
check_domain
# Ask for confirmation
print_warning "This will setup SSL certificate for $DOMAIN"
print_status "Make sure your application is not currently running."
read -p "Continue with SSL setup? (y/N): " -n 1 -r
echo ""
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
print_status "SSL setup cancelled."
exit 0
fi
# Execute SSL setup
print_status "Starting SSL certificate setup process..."
create_temp_nginx
start_temp_nginx
obtain_certificate
setup_certificate_files
restore_production_config
test_ssl
setup_renewal
# Show final information
show_final_info
print_success "✅ SSL setup completed successfully!"