add docker, deploy

2026-04-22 06:46:33 +00:00 · 2024-11-14 16:12:06 +02:00
parent 4445fcd673
commit 2244edd2ed
15 changed files with 215 additions and 29 deletions
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+sudo -s
+apt -y update
+apt -y upgrade
+
+apt install -y dotnet-sdk-8.0 aspnetcore-runtime-8.0
+apt install -y zlib1g nodejs npm
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+sudo apt-get install curl gnupg apt-transport-https -y
+
+## Team RabbitMQ's main signing key
+curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
+## Community mirror of Cloudsmith: modern Erlang repository
+curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
+## Community mirror of Cloudsmith: RabbitMQ repository
+curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null
+
+## Add apt repositories maintained by Team RabbitMQ
+sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
+## Provides modern Erlang/OTP releases
+##
+deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
+deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
+
+# another mirror for redundancy
+deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
+deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
+
+## Provides RabbitMQ
+##
+deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
+deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
+
+# another mirror for redundancy
+deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
+deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
+EOF
+
+## Install Erlang packages
+sudo apt-get install -y erlang-base \
+                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
+                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
+                        erlang-runtime-tools erlang-snmp erlang-ssl \
+                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
+
+## Install rabbitmq-server and its dependencies
+sudo apt-get install rabbitmq-server -y --fix-missing
@@ -0,0 +1,15 @@
+systemctl start rabbitmq-server
+rabbitmq-plugins enable rabbitmq_management
+rabbitmqctl add_user azaion_admin Az@1on
+rabbitmqctl set_user_tags azaion_admin administrator
+rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
+
+rabbitmqctl add_user azaion_admin Az@1on
+rabbitmqctl set_user_tags azaion_admin administrator
+rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
+
+rabbitmqctl add_user azaion_admin Az@1on
+rabbitmqctl set_user_tags azaion_admin administrator
+rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
+
+# go to http://188.245.120.247:15672/ enter creds and see admin panel
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+apt install -y docker.io apache2-utils certbot python3-certbot-nginx nginx
+docker run -d -p 5000:5000 --name registry --restart always registry:latest
+
+# create user for docker auth
+cd /etc/nginx
+mkdir auth
+cd auth
+htpasswd -c .htpasswd zxsanny
+chmod 640 .htpasswd
+chown root:www-data .htpasswd
+
+# create certs
+certbot --nginx -d api.mywebsite.com
+certbot --nginx -d docker.mywebsite.com
+
+cd /etc/nginx/sites-available
+tee -a docker.azaion.com << END
+server {
+    listen 443 ssl;
+    server_name docker.azaion.com;
+
+    ssl_certificate /etc/letsencrypt/live/docker.azaion.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/docker.azaion.com/privkey.pem;
+
+    location / {
+        auth_basic "Registry";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;
+        proxy_pass http://localhost:5000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+
+ server {
+    listen 80;
+    server_name docker.azaion.com;
+
+    location / {
+        auth_basic "Registry";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;
+        proxy_pass http://localhost:5000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+END
+ln -s /etc/nginx/sites-available/docker.azaion.com /etc/nginx/sites-enabled/
+
+tee -a api.azaion.com << END
+server {
+    listen 443 ssl;
+    server_name api.azaion.com;
+
+    ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;
+
+    location / {
+        proxy_pass http://localhost:4000;  # API service running on port 4000
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+
+# server {
+#     listen 80;
+#     server_name api.azaion.com;
+
+#     # Redirect all HTTP requests to HTTPS
+#     return 301 https://\$host\$request_uri;
+# }
+END
+ln -s /etc/nginx/sites-available/api.azaion.com /etc/nginx/sites-enabled/
+
+rm ../sites-enabled/default
+nginx -t #check syntax
+systemctl restart nginx
+
+
+# and then from the other machine
+docker login docker.azaion.com
+# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny
@@ -1,16 +0,0 @@
-create database azaion;
-- make sure you connect to azaion db
-
--superadmin user (only for db managing)
-create role azaion_superadmin with login password 'superadmin-pass';
-grant all on schema public to azaion_superadmin;
-
--writer user
-create role azaion_admin with login password 'admin-pass';
-grant connect on database azaion to azaion_admin;
-grant usage on schema public to azaion_admin;
-
--readonly user
-create role azaion_reader with login password 'readonly-pass';
-grant connect on database azaion to azaion_reader;
-grant usage on schema public to azaion_reader;