Clean up tunnel infrastructure and migrate to Gitea

scripts/setup-server.sh

@@ -0,0 +1,459 @@
+#!/bin/bash
+
+#######################################################
+# TurboTrades Server Setup Script
+# Automated setup for production server 178.63.127.19
+#######################################################
+
+set -e  # Exit on error
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configuration
+SERVER_IP="178.63.127.19"
+DEPLOY_PATH="/var/www/turbotrades"
+APP_NAME="turbotrades"
+NODE_VERSION="20"
+
+# Functions
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Check if running as root
+check_root() {
+    if [[ $EUID -ne 0 ]]; then
+        print_warning "This script should be run as root. Some commands may require sudo."
+        read -p "Continue anyway? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            exit 1
+        fi
+    fi
+}
+
+# Update system
+update_system() {
+    print_status "Updating system packages..."
+    apt update && apt upgrade -y
+    print_success "System updated"
+}
+
+# Install Node.js
+install_nodejs() {
+    print_status "Installing Node.js ${NODE_VERSION}..."
+
+    if command -v node &> /dev/null; then
+        NODE_CURRENT=$(node -v)
+        print_warning "Node.js is already installed: $NODE_CURRENT"
+        read -p "Reinstall/Update? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            return
+        fi
+    fi
+
+    curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
+    apt-get install -y nodejs
+
+    print_success "Node.js installed: $(node -v)"
+    print_success "NPM installed: $(npm -v)"
+}
+
+# Install MongoDB
+install_mongodb() {
+    print_status "Installing MongoDB..."
+
+    if command -v mongod &> /dev/null; then
+        print_warning "MongoDB is already installed"
+        read -p "Reinstall? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            return
+        fi
+    fi
+
+    # Import MongoDB public key
+    curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
+        gpg --dearmor -o /usr/share/keyrings/mongodb-server-7.0.gpg
+
+    # Add MongoDB repository
+    echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/7.0 multiverse" | \
+        tee /etc/apt/sources.list.d/mongodb-org-7.0.list
+
+    # Install MongoDB
+    apt update
+    apt install -y mongodb-org
+
+    # Start and enable MongoDB
+    systemctl start mongod
+    systemctl enable mongod
+
+    print_success "MongoDB installed and started"
+}
+
+# Install PM2
+install_pm2() {
+    print_status "Installing PM2..."
+
+    if command -v pm2 &> /dev/null; then
+        print_warning "PM2 is already installed: $(pm2 -v)"
+        read -p "Reinstall? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            return
+        fi
+    fi
+
+    npm install -g pm2
+
+    # Setup PM2 startup script
+    pm2 startup systemd -u $SUDO_USER --hp /home/$SUDO_USER
+
+    print_success "PM2 installed: $(pm2 -v)"
+}
+
+# Install Nginx
+install_nginx() {
+    print_status "Installing Nginx..."
+
+    if command -v nginx &> /dev/null; then
+        print_warning "Nginx is already installed"
+        read -p "Continue anyway? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            return
+        fi
+    fi
+
+    apt install -y nginx
+    systemctl start nginx
+    systemctl enable nginx
+
+    print_success "Nginx installed and started"
+}
+
+# Install Git
+install_git() {
+    print_status "Installing Git..."
+
+    if command -v git &> /dev/null; then
+        print_success "Git is already installed: $(git --version)"
+        return
+    fi
+
+    apt install -y git
+    print_success "Git installed: $(git --version)"
+}
+
+# Create deployment directory
+create_deploy_directory() {
+    print_status "Creating deployment directory: ${DEPLOY_PATH}"
+
+    mkdir -p ${DEPLOY_PATH}
+
+    # Set ownership to current user
+    if [ -n "$SUDO_USER" ]; then
+        chown -R $SUDO_USER:$SUDO_USER ${DEPLOY_PATH}
+    fi
+
+    print_success "Deployment directory created"
+}
+
+# Setup firewall
+setup_firewall() {
+    print_status "Configuring firewall..."
+
+    if ! command -v ufw &> /dev/null; then
+        apt install -y ufw
+    fi
+
+    # Allow SSH, HTTP, HTTPS
+    ufw allow 22/tcp
+    ufw allow 80/tcp
+    ufw allow 443/tcp
+
+    # Enable firewall
+    ufw --force enable
+
+    print_success "Firewall configured"
+    ufw status
+}
+
+# Generate SSH deploy key
+generate_deploy_key() {
+    print_status "Generating SSH deploy key..."
+
+    SSH_DIR="/home/$SUDO_USER/.ssh"
+    DEPLOY_KEY="$SSH_DIR/turbotrades_deploy_key"
+
+    if [ -f "$DEPLOY_KEY" ]; then
+        print_warning "Deploy key already exists at $DEPLOY_KEY"
+        read -p "Generate new key? (y/n) " -n 1 -r
+        echo
+        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+            return
+        fi
+    fi
+
+    mkdir -p $SSH_DIR
+    ssh-keygen -t ed25519 -C "deploy@turbotrades" -f $DEPLOY_KEY -N ""
+
+    chown -R $SUDO_USER:$SUDO_USER $SSH_DIR
+    chmod 700 $SSH_DIR
+    chmod 600 $DEPLOY_KEY
+    chmod 644 $DEPLOY_KEY.pub
+
+    print_success "Deploy key generated!"
+    echo ""
+    print_status "=== PUBLIC KEY (Add to GitHub Deploy Keys) ==="
+    cat $DEPLOY_KEY.pub
+    echo ""
+    print_status "=== PRIVATE KEY (Add to GitHub Secrets as SSH_PRIVATE_KEY) ==="
+    cat $DEPLOY_KEY
+    echo ""
+    print_warning "Save these keys securely!"
+}
+
+# Create .env template
+create_env_template() {
+    print_status "Creating .env template..."
+
+    ENV_FILE="${DEPLOY_PATH}/.env.example"
+
+    cat > $ENV_FILE << 'EOF'
+# Server Configuration
+NODE_ENV=production
+PORT=3000
+HOST=0.0.0.0
+
+# Database
+MONGODB_URI=mongodb://localhost:27017/turbotrades
+
+# Session Secret (Generate a secure random string)
+SESSION_SECRET=change-this-to-a-random-string
+
+# Steam API
+STEAM_API_KEY=your-steam-api-key-here
+STEAM_RETURN_URL=http://178.63.127.19:3000/auth/steam/return
+
+# JWT Secret (Generate a secure random string)
+JWT_SECRET=change-this-to-a-random-string
+JWT_ACCESS_EXPIRY=15m
+JWT_REFRESH_EXPIRY=7d
+
+# CORS
+CORS_ORIGIN=http://178.63.127.19
+
+# Redis (if using)
+REDIS_URL=redis://localhost:6379
+
+# Admin Steam IDs (comma-separated)
+ADMIN_STEAM_IDS=76561198000000000
+
+# Bot Configuration
+STEAM_BOT_USERNAME=your-bot-username
+STEAM_BOT_PASSWORD=your-bot-password
+STEAM_BOT_SHARED_SECRET=your-bot-shared-secret
+STEAM_BOT_IDENTITY_SECRET=your-bot-identity-secret
+
+# CSGOFloat API (optional)
+CSGOFLOAT_API_KEY=your-csgofloat-api-key
+
+# Pricing API (optional)
+PRICING_API_KEY=your-pricing-api-key
+EOF
+
+    print_success ".env template created at $ENV_FILE"
+    print_warning "Remember to create ${DEPLOY_PATH}/.env with actual values!"
+}
+
+# Create Nginx configuration
+create_nginx_config() {
+    print_status "Creating Nginx configuration..."
+
+    NGINX_CONFIG="/etc/nginx/sites-available/turbotrades"
+
+    cat > $NGINX_CONFIG << 'EOF'
+server {
+    listen 80;
+    server_name 178.63.127.19;
+
+    client_max_body_size 10M;
+
+    # Frontend (Vite build)
+    location / {
+        root /var/www/turbotrades/frontend/dist;
+        try_files $uri $uri/ /index.html;
+
+        # Cache static assets
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+    }
+
+    # Backend API
+    location /api {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 75s;
+    }
+
+    # WebSocket support
+    location /ws {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # Auth routes
+    location /auth {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+}
+EOF
+
+    # Enable the site
+    ln -sf $NGINX_CONFIG /etc/nginx/sites-enabled/turbotrades
+
+    # Test Nginx configuration
+    nginx -t
+
+    # Restart Nginx
+    systemctl restart nginx
+
+    print_success "Nginx configuration created and enabled"
+}
+
+# Create logs directory
+create_logs_directory() {
+    print_status "Creating logs directory..."
+
+    LOG_DIR="${DEPLOY_PATH}/logs"
+    mkdir -p $LOG_DIR
+
+    if [ -n "$SUDO_USER" ]; then
+        chown -R $SUDO_USER:$SUDO_USER $LOG_DIR
+    fi
+
+    print_success "Logs directory created at $LOG_DIR"
+}
+
+# Print next steps
+print_next_steps() {
+    echo ""
+    echo "=========================================="
+    print_success "Server setup complete!"
+    echo "=========================================="
+    echo ""
+    print_status "Next steps:"
+    echo ""
+    echo "1. Add the deploy key to Gitea:"
+    echo "   - Go to: https://git.turbotrades.dev/iDefineHD/TurboTrades/settings/keys"
+    echo "   - Add the PUBLIC key shown above"
+    echo ""
+    echo "2. Add Repository Secrets:"
+    echo "   - Go to: https://git.turbotrades.dev/iDefineHD/TurboTrades/settings"
+    echo "   - Add these secrets:"
+    echo "     - SERVER_HOST: ${SERVER_IP}"
+    echo "     - SERVER_USER: $(whoami)"
+    echo "     - SERVER_PORT: 22"
+    echo "     - SSH_PRIVATE_KEY: (the private key shown above)"
+    echo "     - DEPLOY_PATH: ${DEPLOY_PATH}"
+    echo ""
+    echo "3. Clone your repository:"
+    echo "   cd ${DEPLOY_PATH}"
+    echo "   git clone https://git.turbotrades.dev/iDefineHD/TurboTrades.git ."
+    echo ""
+    echo "4. Create .env file:"
+    echo "   cp ${DEPLOY_PATH}/.env.example ${DEPLOY_PATH}/.env"
+    echo "   nano ${DEPLOY_PATH}/.env"
+    echo "   (Fill in your actual configuration)"
+    echo ""
+    echo "5. Install dependencies and build:"
+    echo "   cd ${DEPLOY_PATH}"
+    echo "   npm ci --production"
+    echo "   cd frontend && npm ci && npm run build && cd .."
+    echo ""
+    echo "6. Start the application:"
+    echo "   pm2 start ecosystem.config.js --env production"
+    echo "   pm2 save"
+    echo ""
+    echo "7. Visit your application:"
+    echo "   http://${SERVER_IP}"
+    echo ""
+    print_success "Setup complete! 🎉"
+}
+
+# Main script
+main() {
+    echo "=========================================="
+    echo "   TurboTrades Server Setup"
+    echo "   Server: ${SERVER_IP}"
+    echo "=========================================="
+    echo ""
+
+    check_root
+
+    print_status "Starting server setup..."
+    echo ""
+
+    # Run all setup functions
+    update_system
+    install_nodejs
+    install_mongodb
+    install_pm2
+    install_nginx
+    install_git
+    create_deploy_directory
+    setup_firewall
+    generate_deploy_key
+    create_env_template
+    create_nginx_config
+    create_logs_directory
+
+    # Print next steps
+    print_next_steps
+}
+
+# Run main function
+main