add scripts for cdn

change aes mode to cfb in encrypt / decrypt in Security

env/api/01-libs-install.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+sudo -s
+apt -y update
+apt -y upgrade
+
+apt install -y dotnet-sdk-8.0 aspnetcore-runtime-8.0
+apt install -y zlib1g nodejs npm

env/api/02-nginx-docker-registry.sh

@@ -0,0 +1,106 @@
+#!/bin/sh
+
+apt install -y docker.io apache2-utils certbot python3-certbot-nginx nginx
+docker run -d -p 5000:5000 --name registry --restart always registry:latest
+
+# create user for docker auth
+cd /etc/nginx
+mkdir auth
+cd auth
+htpasswd -c .htpasswd zxsanny
+chmod 640 .htpasswd
+chown root:www-data .htpasswd
+
+# create certs
+certbot --nginx -d api.azaion.com
+certbot --nginx -d docker.azaion.com
+
+cd /etc/nginx/sites-available
+tee -a docker.azaion.com << END
+server {
+    listen 443 ssl;
+    server_name docker.azaion.com;
+
+    ssl_certificate /etc/letsencrypt/live/docker.azaion.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/docker.azaion.com/privkey.pem;
+
+    location / {
+        auth_basic "Registry";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;
+        proxy_pass http://localhost:5000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+
+ server {
+    listen 80;
+    server_name docker.azaion.com;
+
+    location / {
+        auth_basic "Registry";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;
+        proxy_pass http://localhost:5000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+END
+ln -s /etc/nginx/sites-available/docker.azaion.com /etc/nginx/sites-enabled/
+
+tee -a api.azaion.com << END
+server {
+    listen 443 ssl;
+    server_name api.azaion.com;
+    client_max_body_size 200M;
+
+    ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;
+
+    location /cdn/ {
+      alias /var/www/cdn.azaion.com/;
+      expires 3560d;
+      access_log_off;
+      log_not_found off;
+      gzip_static on;
+
+      autoindex on;
+      autoindex_exact_size off;
+      autoindex_localtime on;
+    }
+
+    location / {
+        proxy_pass http://localhost:4000;  # API service running on port 4000
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
+
+server {
+     listen 80;
+     server_name api.azaion.com;
+     client_max_body_size 200M;
+
+     # Redirect all HTTP requests to HTTPS
+     return 301 https://\$host\$request_uri;
+}
+END
+ln -s /etc/nginx/sites-available/api.azaion.com /etc/nginx/sites-enabled/
+
+rm ../sites-enabled/default
+nginx -t #check syntax
+systemctl restart nginx
+
+
+# and then from the other machine
+docker login docker.azaion.com
+# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny

env/api/restart-api.sh

@@ -0,0 +1,2 @@
+docker rm azaion.api
+sh start-container.sh

env/api/start-container.sh

@@ -0,0 +1,6 @@
+docker run \
+        --env-file .env \
+        -p 4000:8080 \
+        -v /root/api/content:/app/Content \
+        -v /root/api/logs:/app/logs
+        --name azaion.api docker.azaion.com/api

env/api/update-api.sh

@@ -0,0 +1,6 @@
+docker stop azaion.api
+docker rm azaion.api
+docker login docker.azaion.com
+docker pull docker.azaion.com/api:latest
+sh start-container.sh
+