diff --git a/deploy.sh b/deploy.sh index 8a8cde0..7542560 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,23 +1,22 @@ #!/bin/bash # ============================================================================== -# NGINX CONFIG DEPLOYMENT SCRIPT (v3) +# NGINX CONFIG & SSL DEPLOYMENT SCRIPT (v4) # -# This script securely copies NGINX configuration files to a remote server. -# It handles "Permission Denied" errors by first uploading files to a -# temporary directory, and then using `sudo` to move them to the -# protected /etc/nginx/ directory. +# This script securely copies NGINX configuration files, tests the config, +# reloads Nginx, and then automates running Certbot to issue SSL certificates +# for all domains found in the `sites-available` directory. # # INSTRUCTIONS: -# 1. Edit the `REMOTE_USER` and `REMOTE_HOST` variables. +# 1. Ensure Certbot is installed on the remote server. +# (e.g., `sudo apt install certbot python3-certbot-nginx`) # 2. Make the script executable: chmod +x .sh # 3. Run the script: ./.sh # ============================================================================== # --- Configuration --- -# PLEASE EDIT THESE TWO VARIABLES with your server details. -REMOTE_USER="ubuntu" # Example: ubuntu, ec2-user, root -REMOTE_HOST="3.9.182.122" # Example: 192.168.1.100 or my-server.com +REMOTE_USER="ubuntu" # The user you SSH in with (e.g., ubuntu, ec2-user) +REMOTE_HOST="3.9.182.122" # The IP address or domain of your server # --- File & Path Definitions --- KEY_FILE="~/repos/azeem-macbookair.pem" @@ -29,12 +28,11 @@ DEST_NGINX_PATH="/etc/nginx/" DEST_SITES_PATH="/etc/nginx/sites-available/" # Temporary directory on the remote server (relative to the user's home dir) -# NOTE: Removed the '~' to make it more compatible with scp. REMOTE_TEMP_DIR="nginx_deploy_temp" # --- Script Logic --- -echo "🚀 Starting NGINX configuration deployment to $REMOTE_HOST..." +echo "🚀 Starting NGINX & SSL deployment to $REMOTE_HOST..." echo "--------------------------------------------------------" # Expand the tilde (~) in the key file path to an absolute path. @@ -54,21 +52,32 @@ if [ ! -d "$SOURCE_SITES_DIR" ]; then exit 1 fi +# --- Local Operations: Find all domains --- +echo "-> Scanning local 'sites-available' for domain names..." +# This command finds all 'server_name' lines, removes the directive and semicolon, +# and consolidates all domains onto a single line. +ALL_DOMAINS=$(grep -r "server_name" "$SOURCE_SITES_DIR" | sed 's/.*server_name\s*//' | sed 's/;//' | tr '\n' ' ' | sed 's/ *$//') + +if [ -z "$ALL_DOMAINS" ]; then + echo "⚠️ WARNING: No domains found in 'sites-available' config files. Skipping Certbot step later." +else + echo " ✅ Found domains: $ALL_DOMAINS" +fi +echo + # --- Remote Operations --- # Step 1: Create the temporary directory on the remote server. -# This command runs in the user's home directory by default. echo "-> Creating temporary directory on remote server..." ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "mkdir -p $REMOTE_TEMP_DIR" if [ $? -ne 0 ]; then - echo "❌ ERROR: Failed to create temporary directory on the remote server. Aborting." + echo "❌ ERROR: Failed to create temporary directory. Aborting." exit 1 fi echo " ✅ Remote temporary directory is ready." echo # Step 2: Transfer all files to the temporary directory. -# We transfer nginx.conf AND the entire sites-available directory in one command. echo "- Transferring configuration files to temporary location..." scp -i "$EVAL_KEY_FILE" -r "$SOURCE_NGINX_CONF" "$SOURCE_SITES_DIR" "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_TEMP_DIR}/" if [ $? -ne 0 ]; then @@ -78,7 +87,7 @@ fi echo " ✅ All files successfully transferred to temporary location." echo -# Step 3: Move files from temp to final destination using sudo and clean up. +# Step 3: Move files into place, clean up, and test config. echo "- Moving files into place with sudo and cleaning up..." ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" << EOF # Move the main config file @@ -101,16 +110,40 @@ if [ $? -ne 0 ]; then exit 1 fi -echo " ✅ Files moved and temporary directory removed." +echo " ✅ Files moved and configuration test passed." echo -# Step 4: Ask to reload Nginx -read -p "Nginx config test was successful. Reload Nginx to apply changes? (y/n) " -n 1 -r +# Step 4: Reload Nginx to apply new configs before running Certbot +echo "- Reloading Nginx to apply new configurations..." +ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "sudo systemctl reload nginx" +if [ $? -ne 0 ]; then + echo "⚠️ WARNING: Nginx reload failed. Check the server status." +else + echo " ✅ Nginx reloaded successfully." +fi echo -if [[ $REPLY =~ ^[Yy]$ ]]; then - echo "- Reloading Nginx on the server..." - ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "sudo systemctl reload nginx" - echo " ✅ Nginx reloaded." + +# Step 5: Ask to run Certbot if domains were found +if [ -n "$ALL_DOMAINS" ]; then + read -p "Run Certbot for the discovered domains? (y/n) " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + # Format domains for the certbot command (-d domain1 -d domain2 etc.) + CERTBOT_DOMAINS=$(echo "$ALL_DOMAINS" | sed 's/ / -d /g' | sed 's/^/-d /') + + echo "- Running Certbot on the server. This may require interaction..." + # Note: You may need to provide an email and agree to terms on the first run. + ssh -t -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" \ + "sudo certbot --nginx --non-interactive --agree-tos --email your-email@example.com --redirect $CERTBOT_DOMAINS" + + if [ $? -eq 0 ]; then + echo " ✅ Certbot process completed." + else + echo "⚠️ WARNING: Certbot process finished with errors." + fi + fi +else + echo "-> Skipping Certbot step as no domains were found." fi # --- Completion ---