spacebrook.dev/server-bootstrap.sh at master · Spacebrook/spacebrook.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash -e

# Script to initially setup the server.

sudo apt-get update
sudo apt-get install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     gnupg2 \
     software-properties-common

curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add -

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
   $(lsb_release -cs) \
   stable"

sudo apt-get update
sudo apt-get install -y docker-ce
sudo apt-get install -y htop ncdu tree vim

cat << 'EOF' > upgrade.sh
#!/bin/bash -e

TAG=$1
if [[ "$TAG" == "" ]]; then
    echo "Please enter an argument with the docker tag to upgrade to."
    exit 1
fi

sudo docker pull spacebrook/spacebrook.dev:$TAG
sudo docker tag spacebrook/spacebrook.dev:$TAG spacebrook.dev
sudo docker rm -f spacebrook.dev || true
sudo docker run \
    -v /root/www:/app/www/ \
    -v /etc/letsencrypt:/etc/letsencrypt \
    -p 80:80 \
    -p 443:443 --name spacebrook.dev -d spacebrook.dev
echo "Tailing logs..."
sudo docker logs -f spacebrook.dev
EOF
chmod +x upgrade.sh

cat << 'EOF' > cleanup.sh
#!/bin/bash -e

sudo docker run \
  -v /var/run/docker.sock:/var/run/docker.sock:rw \
  -v /var/lib/docker:/var/lib/docker:rw \
  --restart always \
  --detach \
  meltwater/docker-cleanup:latest
EOF
chmod +x cleanup.sh

cat << 'EOF' > pre-ssl.sh
#!/bin/bash -e

sudo docker rm -f spacebrook.dev || true
sudo docker run \
    -v /root/www:/app/www/ \
    -p 80:80 \
    -p 443:443 --name spacebrook.dev -d spacebrook.dev
EOF
chmod +x pre-ssl.sh

sudo ./cleanup.sh

echo "Run ./upgrade.sh with the latest version."

# Notes
# Everything is installed in /root

# Cert setup:
# echo deb http://ftp.debian.org/debian stretch-backports main >> /etc/apt/sources.list
# sudo apt-get update
# sudo apt-get install -y certbot
#
# Run the server without ssl certs:
# Pull the image and tag it as spacebrook.dev
# Run pre-ssl.sh
#
# Set up the cert:
# letsencrypt certonly --webroot-path /root/www
#
# Generate the dhparam:
# openssl dhparam -dsaparam -out /etc/letsencrypt/live/spacebrook.dev/dhparam.pem 4096
#
# Then, install cert crontab as root:
# sudo su -
# crontab -e
# 0 4 * * * letsencrypt renew --webroot-path /root/www >> /var/log/letsencrypt.log
#
# Test cert generation:
# letsencrypt renew --dry-run
#
# Now you can release with make release