azeem/nginx-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated deployment logic

Browse Source
This commit is contained in:
Azeem Fidahusein
2025-06-24 20:59:57 +01:00
parent 948c01638b
commit c6714d2ff6
1 changed files with 55 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
deploy.sh
View File

@@ -1,23 +1,22 @@
#!/bin/bash #!/bin/bash
# ============================================================================== # ==============================================================================
# NGINX CONFIG DEPLOYMENT SCRIPT (v3) # NGINX CONFIG & SSL DEPLOYMENT SCRIPT (v4)
# #
# This script securely copies NGINX configuration files to a remote server. # This script securely copies NGINX configuration files, tests the config,
# It handles "Permission Denied" errors by first uploading files to a # reloads Nginx, and then automates running Certbot to issue SSL certificates
# temporary directory, and then using `sudo` to move them to the # for all domains found in the `sites-available` directory.
# protected /etc/nginx/ directory.
# #
# INSTRUCTIONS: # INSTRUCTIONS:
# 1. Edit the `REMOTE_USER` and `REMOTE_HOST` variables. # 1. Ensure Certbot is installed on the remote server.
# (e.g., `sudo apt install certbot python3-certbot-nginx`)
# 2. Make the script executable: chmod +x <script_name>.sh # 2. Make the script executable: chmod +x <script_name>.sh
# 3. Run the script: ./<script_name>.sh # 3. Run the script: ./<script_name>.sh
# ============================================================================== # ==============================================================================
# --- Configuration --- # --- Configuration ---
# PLEASE EDIT THESE TWO VARIABLES with your server details. REMOTE_USER="ubuntu" # The user you SSH in with (e.g., ubuntu, ec2-user)
REMOTE_USER="ubuntu" # Example: ubuntu, ec2-user, root REMOTE_HOST="3.9.182.122" # The IP address or domain of your server
REMOTE_HOST="3.9.182.122" # Example: 192.168.1.100 or my-server.com
# --- File & Path Definitions --- # --- File & Path Definitions ---
KEY_FILE="~/repos/azeem-macbookair.pem" KEY_FILE="~/repos/azeem-macbookair.pem"
@@ -29,12 +28,11 @@ DEST_NGINX_PATH="/etc/nginx/"
DEST_SITES_PATH="/etc/nginx/sites-available/" DEST_SITES_PATH="/etc/nginx/sites-available/"
# Temporary directory on the remote server (relative to the user's home dir) # Temporary directory on the remote server (relative to the user's home dir)
# NOTE: Removed the '~' to make it more compatible with scp.
REMOTE_TEMP_DIR="nginx_deploy_temp" REMOTE_TEMP_DIR="nginx_deploy_temp"
# --- Script Logic --- # --- Script Logic ---
echo "🚀 Starting NGINX configuration deployment to $REMOTE_HOST..." echo "🚀 Starting NGINX & SSL deployment to $REMOTE_HOST..."
echo "--------------------------------------------------------" echo "--------------------------------------------------------"
# Expand the tilde (~) in the key file path to an absolute path. # Expand the tilde (~) in the key file path to an absolute path.
@@ -54,21 +52,32 @@ if [ ! -d "$SOURCE_SITES_DIR" ]; then
exit 1 exit 1
fi fi
# --- Local Operations: Find all domains ---
echo "-> Scanning local 'sites-available' for domain names..."
# This command finds all 'server_name' lines, removes the directive and semicolon,
# and consolidates all domains onto a single line.
ALL_DOMAINS=$(grep -r "server_name" "$SOURCE_SITES_DIR" | sed 's/.*server_name\s*//' | sed 's/;//' | tr '\n' ' ' | sed 's/ *$//')
if [ -z "$ALL_DOMAINS" ]; then
echo "⚠️ WARNING: No domains found in 'sites-available' config files. Skipping Certbot step later."
else
echo " ✅ Found domains: $ALL_DOMAINS"
fi
echo
# --- Remote Operations --- # --- Remote Operations ---
# Step 1: Create the temporary directory on the remote server. # Step 1: Create the temporary directory on the remote server.
# This command runs in the user's home directory by default.
echo "-> Creating temporary directory on remote server..." echo "-> Creating temporary directory on remote server..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "mkdir -p $REMOTE_TEMP_DIR" ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "mkdir -p $REMOTE_TEMP_DIR"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "❌ ERROR: Failed to create temporary directory on the remote server. Aborting." echo "❌ ERROR: Failed to create temporary directory. Aborting."
exit 1 exit 1
fi fi
echo " ✅ Remote temporary directory is ready." echo " ✅ Remote temporary directory is ready."
echo echo
# Step 2: Transfer all files to the temporary directory. # Step 2: Transfer all files to the temporary directory.
# We transfer nginx.conf AND the entire sites-available directory in one command.
echo "- Transferring configuration files to temporary location..." echo "- Transferring configuration files to temporary location..."
scp -i "$EVAL_KEY_FILE" -r "$SOURCE_NGINX_CONF" "$SOURCE_SITES_DIR" "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_TEMP_DIR}/" scp -i "$EVAL_KEY_FILE" -r "$SOURCE_NGINX_CONF" "$SOURCE_SITES_DIR" "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_TEMP_DIR}/"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@@ -78,7 +87,7 @@ fi
echo " ✅ All files successfully transferred to temporary location." echo " ✅ All files successfully transferred to temporary location."
echo echo
# Step 3: Move files from temp to final destination using sudo and clean up. # Step 3: Move files into place, clean up, and test config.
echo "- Moving files into place with sudo and cleaning up..." echo "- Moving files into place with sudo and cleaning up..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" << EOF ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" << EOF
# Move the main config file # Move the main config file
@@ -101,16 +110,40 @@ if [ $? -ne 0 ]; then
exit 1 exit 1
fi fi
echo " ✅ Files moved and temporary directory removed." echo " ✅ Files moved and configuration test passed."
echo echo
# Step 4: Ask to reload Nginx # Step 4: Reload Nginx to apply new configs before running Certbot
read -p "Nginx config test was successful. Reload Nginx to apply changes? (y/n) " -n 1 -r echo "- Reloading Nginx to apply new configurations..."
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "sudo systemctl reload nginx"
if [ $? -ne 0 ]; then
echo "⚠️ WARNING: Nginx reload failed. Check the server status."
else
echo " ✅ Nginx reloaded successfully."
fi
echo echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "- Reloading Nginx on the server..." # Step 5: Ask to run Certbot if domains were found
ssh -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" "sudo systemctl reload nginx" if [ -n "$ALL_DOMAINS" ]; then
echo " ✅ Nginx reloaded." read -p "Run Certbot for the discovered domains? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Format domains for the certbot command (-d domain1 -d domain2 etc.)
CERTBOT_DOMAINS=$(echo "$ALL_DOMAINS" | sed 's/ / -d /g' | sed 's/^/-d /')
echo "- Running Certbot on the server. This may require interaction..."
# Note: You may need to provide an email and agree to terms on the first run.
ssh -t -i "$EVAL_KEY_FILE" "${REMOTE_USER}@${REMOTE_HOST}" \
"sudo certbot --nginx --non-interactive --agree-tos --email your-email@example.com --redirect $CERTBOT_DOMAINS"
if [ $? -eq 0 ]; then
echo " ✅ Certbot process completed."
else
echo "⚠️ WARNING: Certbot process finished with errors."
fi
fi
else
echo "-> Skipping Certbot step as no domains were found."
fi fi
# --- Completion --- # --- Completion ---