From 06345788648d9adadcbbfcd1683d9ab49a4fed2f Mon Sep 17 00:00:00 2001
From: Alex Bezdieniezhnykh <zxsanny@gmail.com>
Date: Wed, 26 Feb 2025 22:12:41 +0200
Subject: [PATCH] fix minio scripts

---
 env/cdn/01-install-minio.sh  | 14 ---------
 env/cdn/03-config-minio.sh   |  2 +-
 env/cdn/04-nginx-minio.sh    | 61 ++++++++++++++++++++++++++++++++++++
 env/cdn/restart-minio.sh     |  8 ++---
 env/cdn/uploader_policy.json | 14 ++++-----
 env/cdn/user_policy.json     |  2 +-
 6 files changed, 73 insertions(+), 28 deletions(-)
 delete mode 100644 env/cdn/01-install-minio.sh
 create mode 100644 env/cdn/04-nginx-minio.sh

diff --git a/env/cdn/01-install-minio.sh b/env/cdn/01-install-minio.sh
deleted file mode 100644
index 5c56d63..0000000
--- a/env/cdn/01-install-minio.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-mkdir -p ~/cdn/data
-
-certbot certonly --standalone -d cdn.azaion.com
-
-cd /etc/letsencrypt/live/cdn.azaion.com-0001 || exit
-
-chmod -R 755 privkey.pem
-ln -s privkey.pem private.key
-
-chmod -R 755 fullchain.pem
-ln -s fullchain.pem public.crt
-cd ~ || exit
-
-sh restart-minio.sh
\ No newline at end of file
diff --git a/env/cdn/03-config-minio.sh b/env/cdn/03-config-minio.sh
index 4d89819..70ad75d 100644
--- a/env/cdn/03-config-minio.sh
+++ b/env/cdn/03-config-minio.sh
@@ -1,4 +1,4 @@
-mc alias set cdn http://localhost:9020 azaion-cdn-admin AzAA2onCdDmNinnn_CDN_1
+mc alias set cdn https://cdnapi.azaion.com azaion-cdn-admin AzAA2onCdDmNinnn_CDN_1
 
 mc admin user add cdn azaion-cdn-uploader AaazzA2onCuuPlonad_CerrDN_1
 mc admin policy create cdn CDNUploadPolicy uploader_policy.json
diff --git a/env/cdn/04-nginx-minio.sh b/env/cdn/04-nginx-minio.sh
new file mode 100644
index 0000000..23647d8
--- /dev/null
+++ b/env/cdn/04-nginx-minio.sh
@@ -0,0 +1,61 @@
+cd /etc/nginx/sites-available || exit
+tee -a cdn.azaion.com << END
+server {
+    listen 80;
+    server_name cdn.azaion.com;
+    client_max_body_size 20000M;
+
+    return 301 https://\$host\$request_uri; # Redirect HTTP to HTTPS
+}
+
+server {
+    listen 443 ssl;
+    server_name cdn.azaion.com;
+    client_max_body_size 20000M;
+
+    location / {
+        proxy_pass http://localhost:9021;  # Proxy to Minio UI on port 9021 (HTTP internally)
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+
+        # websockets handling
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+
+server {
+    listen 80;
+    server_name cdnapi.azaion.com;
+    client_max_body_size 20000M;
+
+    return 301 https://\$host\$request_uri; # Redirect HTTP to HTTPS
+}
+
+server {
+    listen 443 ssl;
+    server_name cdnapi.azaion.com;
+    client_max_body_size 20000M;
+
+    location / {
+        proxy_pass http://localhost:9020;  # Proxy to Minio API on port 9020 (HTTP internally)
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+
+        # websockets handling
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+END
+ln -s /etc/nginx/sites-available/cdn.azaion.com /etc/nginx/sites-enabled/
+
+nginx -t #check syntax
+certbot --nginx -d cdn.azaion.com -d cdnapi.azaion.com
+systemctl restart nginx
\ No newline at end of file
diff --git a/env/cdn/restart-minio.sh b/env/cdn/restart-minio.sh
index de594ca..f2986b7 100644
--- a/env/cdn/restart-minio.sh
+++ b/env/cdn/restart-minio.sh
@@ -1,15 +1,13 @@
-docker stop minio
+docker stop minio
 docker rm minio
 
 docker run \
    -p 9020:9000 \
    -p 9021:9001 \
    --name minio \
-   -v ~/minio/data:/data \
-   -v /etc/letsencrypt/live/cdn.azaion.com-0001:/certs \
+   -v /root/cdn/data:/data \
    -e "MINIO_ROOT_USER=azaion-cdn-admin" \
    -e "MINIO_ROOT_PASSWORD=AzAA2onCdDmNinnn_CDN_1" \
    quay.io/minio/minio server /data \
    --address ":9000" \
-   --console-address ":9001" \
-   --certs-dir /certs
\ No newline at end of file
+   --console-address ":9001"
\ No newline at end of file
diff --git a/env/cdn/uploader_policy.json b/env/cdn/uploader_policy.json
index e13a5d1..8b726f1 100644
--- a/env/cdn/uploader_policy.json
+++ b/env/cdn/uploader_policy.json
@@ -1,4 +1,4 @@
-{
+{
   "Version": "2012-10-17",
   "Statement": [
     {
@@ -8,10 +8,10 @@
       ],
       "Resource": ["arn:aws:s3:::models/*"]
     },
-        {
-            "Effect": "Allow",
-            "Action": [ "s3:ListBucket" ],
-            "Resource": [ "arn:aws:s3:::models" ]
-        }
-    ]
+    {
+      "Effect": "Allow",
+      "Action": [ "s3:ListBucket" ],
+      "Resource": [ "arn:aws:s3:::models" ]
+    }
+  ]
 }
\ No newline at end of file
diff --git a/env/cdn/user_policy.json b/env/cdn/user_policy.json
index 0c3c7ec..713bd16 100644
--- a/env/cdn/user_policy.json
+++ b/env/cdn/user_policy.json
@@ -1,4 +1,4 @@
-{
+{
   "Version": "2012-10-17",
   "Statement": [
     {