#!/bin/sh

apt install -y docker.io apache2-utils certbot python3-certbot-nginx nginx
docker run -d -p 5000:5000 --name registry --restart always registry:latest

# create user for docker auth
cd /etc/nginx
mkdir auth
cd auth
htpasswd -c .htpasswd zxsanny
chmod 640 .htpasswd
chown root:www-data .htpasswd

# create certs
certbot --nginx -d api.azaion.com
certbot --nginx -d docker.azaion.com

cd /etc/nginx/sites-available
tee -a docker.azaion.com << END
server {
    listen 443 ssl;
    server_name docker.azaion.com;
    client_max_body_size 900M;

    ssl_certificate /etc/letsencrypt/live/docker.azaion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/docker.azaion.com/privkey.pem;

    location / {
        auth_basic "Registry";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;
        proxy_pass http://localhost:5000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
}

 server {
    listen 80;
    server_name docker.azaion.com;
    client_max_body_size 900M;

    location / {
        auth_basic "Registry";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;
        proxy_pass http://localhost:5000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
}
END
ln -s /etc/nginx/sites-available/docker.azaion.com /etc/nginx/sites-enabled/

tee -a api.azaion.com << END
server {
    listen 443 ssl;
    server_name api.azaion.com;
    client_max_body_size 200M;

    ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;

    location / {
        proxy_pass http://localhost:4000;  # API service running on port 4000
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
}

server {
     listen 80;
     server_name api.azaion.com;
     client_max_body_size 200M;

     # Redirect all HTTP requests to HTTPS
     return 301 https://\$host\$request_uri;
}
END
ln -s /etc/nginx/sites-available/api.azaion.com /etc/nginx/sites-enabled/

rm ../sites-enabled/default
nginx -t #check syntax
systemctl restart nginx


# and then from the other machine
docker login docker.azaion.com
# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny