180 lines
4.6 KiB
Bash
Executable File
180 lines
4.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Server Setup Script for SolarBank IoT Dashboard
|
|
# This script prepares a fresh Ubuntu/Debian server for deployment
|
|
|
|
set -e
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
print_status() {
|
|
echo -e "${GREEN}[INFO]${NC} $1"
|
|
}
|
|
|
|
print_warning() {
|
|
echo -e "${YELLOW}[WARNING]${NC} $1"
|
|
}
|
|
|
|
print_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
print_error "Please run this script as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
print_status "Setting up server for SolarBank IoT Dashboard deployment..."
|
|
|
|
# Update system packages
|
|
print_status "Updating system packages..."
|
|
apt update && apt upgrade -y
|
|
|
|
# Install required packages
|
|
print_status "Installing required packages..."
|
|
apt install -y curl wget git htop ufw fail2ban
|
|
|
|
# Install Docker
|
|
print_status "Installing Docker..."
|
|
if ! command -v docker &> /dev/null; then
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
rm get-docker.sh
|
|
|
|
# Add current user to docker group (if not root)
|
|
if [ -n "$SUDO_USER" ]; then
|
|
usermod -aG docker $SUDO_USER
|
|
print_status "Added $SUDO_USER to docker group"
|
|
fi
|
|
else
|
|
print_status "Docker is already installed"
|
|
fi
|
|
|
|
# Install Docker Compose
|
|
print_status "Installing Docker Compose..."
|
|
if ! command -v docker-compose &> /dev/null; then
|
|
curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
chmod +x /usr/local/bin/docker-compose
|
|
else
|
|
print_status "Docker Compose is already installed"
|
|
fi
|
|
|
|
# Configure firewall
|
|
print_status "Configuring firewall..."
|
|
ufw --force reset
|
|
ufw default deny incoming
|
|
ufw default allow outgoing
|
|
ufw allow ssh
|
|
ufw allow 80/tcp
|
|
ufw allow 443/tcp
|
|
ufw --force enable
|
|
|
|
# Configure fail2ban
|
|
print_status "Configuring fail2ban..."
|
|
cat > /etc/fail2ban/jail.local << EOF
|
|
[DEFAULT]
|
|
bantime = 3600
|
|
findtime = 600
|
|
maxretry = 3
|
|
|
|
[sshd]
|
|
enabled = true
|
|
|
|
[nginx-http-auth]
|
|
enabled = true
|
|
|
|
[nginx-limit-req]
|
|
enabled = true
|
|
EOF
|
|
|
|
systemctl enable fail2ban
|
|
systemctl restart fail2ban
|
|
|
|
# Create swap file if not exists and system has less than 4GB RAM
|
|
RAM_GB=$(free -g | awk '/^Mem:/{print $2}')
|
|
if [ $RAM_GB -lt 4 ] && [ ! -f /swapfile ]; then
|
|
print_status "Creating 2GB swap file..."
|
|
fallocate -l 2G /swapfile
|
|
chmod 600 /swapfile
|
|
mkswap /swapfile
|
|
swapon /swapfile
|
|
echo '/swapfile none swap sw 0 0' >> /etc/fstab
|
|
fi
|
|
|
|
# Optimize system for Docker
|
|
print_status "Optimizing system for Docker..."
|
|
echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
|
|
sysctl -p
|
|
|
|
# Create application directory
|
|
print_status "Creating application directory..."
|
|
mkdir -p /opt/solarbank
|
|
chown $SUDO_USER:$SUDO_USER /opt/solarbank 2>/dev/null || true
|
|
|
|
# Setup log rotation
|
|
print_status "Setting up log rotation..."
|
|
cat > /etc/logrotate.d/solarbank << EOF
|
|
/opt/solarbank/logs/*.log {
|
|
daily
|
|
missingok
|
|
rotate 30
|
|
compress
|
|
delaycompress
|
|
notifempty
|
|
create 644 root root
|
|
}
|
|
EOF
|
|
|
|
# Create systemd service for auto-start
|
|
print_status "Creating systemd service..."
|
|
cat > /etc/systemd/system/solarbank.service << EOF
|
|
[Unit]
|
|
Description=SolarBank IoT Dashboard
|
|
Requires=docker.service
|
|
After=docker.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
WorkingDirectory=/opt/solarbank
|
|
ExecStart=/usr/local/bin/docker-compose -f docker-compose.prod.yml up -d
|
|
ExecStop=/usr/local/bin/docker-compose -f docker-compose.prod.yml down
|
|
TimeoutStartSec=0
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable solarbank
|
|
|
|
print_status "==================================="
|
|
print_status "SERVER SETUP COMPLETED SUCCESSFULLY!"
|
|
print_status "==================================="
|
|
echo
|
|
print_status "Next steps:"
|
|
print_status "1. Clone your application repository to /opt/solarbank"
|
|
print_status "2. Configure your .env.prod file"
|
|
print_status "3. Run the deployment script"
|
|
echo
|
|
print_status "Example commands:"
|
|
print_status "cd /opt/solarbank"
|
|
print_status "git clone <your-repo-url> ."
|
|
print_status "cp environment.prod.example .env.prod"
|
|
print_status "nano .env.prod # Edit with your configuration"
|
|
print_status "./scripts/deploy.sh"
|
|
echo
|
|
print_status "System information:"
|
|
print_status "- Docker version: $(docker --version)"
|
|
print_status "- Docker Compose version: $(docker-compose --version)"
|
|
print_status "- Available memory: $(free -h | grep '^Mem:' | awk '{print $7}')"
|
|
print_status "- Available disk space: $(df -h / | tail -1 | awk '{print $4}')"
|
|
echo
|
|
if [ -n "$SUDO_USER" ]; then
|
|
print_warning "Please log out and log back in for Docker group permissions to take effect"
|
|
fi |